bulkmail - 1234[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

bulkmail - 1234.rar
Size

12.6MB
MD5

31fe69edb549300eaa8c954319049bf6
SHA1

1d28c9dfbbb13e92d9f612c7af67c13871f6fa3e
SHA256

4c7833e172b3ddfbc17cacd82c9743657585a5c12333754277c0df79caee00cd
SHA512

2f7d1a72f4d42d8c01f8038150d217ea8fe97d8fa55f93b56baa46f62fe35c5fabfb875a8cceb566c243d1f3c1c5bd6d967258efec64b9140ec363e6c4c5779f
SSDEEP

393216:BdLA+hIHsTpnjppgjKU8Pm7jX/bq162ynGIBsCF:7AvHsTpjPgjd8Cb/bjL1BsCF

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/bulkmail.exe	pyinstaller

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MACDll.dll
unpack001/bulkmail.exe
unpack001/napipsec.dll

Files

bulkmail - 1234.rar
.rar

Password: 1234
DismCore.dll
.dll regsvr32 windows x64

Password: 1234

09a1c4e839108dde1bc43674480edf36

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:02:82:77:20:f1:95:e3:80:b3:89:a1:7a:d9:15:cc:57:c6:90:93:85:c8:88:c1:95:50:17:72:7d:a9:49:e9
Signer

Actual PE Digest

9d:02:82:77:20:f1:95:e3:80:b3:89:a1:7a:d9:15:cc:57:c6:90:93:85:c8:88:c1:95:50:17:72:7d:a9:49:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

swscanf_s
_vscprintf
vsprintf_s
iswalpha
_vsnwprintf
_wcsnicmp
wcsncmp
wcsstr
_wtoi
towlower
_vsnprintf
strrchr
iswctype
memcpy
fclose
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
wcsncpy_s
wcscat_s
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
wcsrchr
wcschr
vswprintf_s
_vscwprintf
wcscpy_s
malloc
wcstok_s
_wfopen
fgetws
feof
_onexit
_resetstkoflw
free
__C_specific_handler
__CxxFrameHandler3
memcmp
memset

advapi32

AdjustTokenPrivileges
SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

DebugBreak
CreateFileMappingA
DeleteFileW
GetLastError
SetThreadUILanguage
CreateFileW
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
MultiByteToWideChar
GetTempPathW
GetModuleHandleExW
FreeLibrary
SetEvent
GetModuleFileNameW
GetModuleHandleW
Wow64DisableWow64FsRedirection
CopyFileExW
Wow64RevertWow64FsRedirection
CreateEventW
WaitForSingleObject
TerminateProcess
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
GetProcAddress
LoadLibraryExW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
CompareStringW
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetFileSizeEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
LocalFree
GetCurrentThread
GetFullPathNameW
GetTempFileNameW
GetWindowsDirectoryW
IsDebuggerPresent
FlushFileBuffers
DeleteFileA
CreateFileA
GetVersion
ReleaseMutex
CreateMutexA
CreateMutexW
WriteFile
GetFileAttributesW
GetSystemInfo
SetFilePointer
ReadFile
ExpandEnvironmentStringsW
GetNativeSystemInfo
GetSystemWindowsDirectoryW
FormatMessageW
GetSystemDirectoryW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
GetModuleFileNameA
VirtualQuery
FormatMessageA
TlsFree
TlsGetValue
ExitProcess
GetFileSize
GetLocalTime
TlsAlloc
TlsSetValue
MapViewOfFile
CreateFileMappingW
QueryDosDeviceW
UnmapViewOfFile
GetVersionExW
SetLastError
SearchPathW
DuplicateHandle
DeviceIoControl
SetFileAttributesW
GetCurrentDirectoryW
GetDriveTypeW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessW
GetExitCodeProcess
CreateDirectoryW
GetFileInformationByHandle
GetVolumePathNameW
RtlCaptureContext
GetVolumeNameForVolumeMountPointW

ole32

CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoSetProxyBlanket
ProgIDFromCLSID
StringFromGUID2
CoRegisterPSClsid
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance

user32

LoadStringW
CharNextW

oleaut32

RegisterTypeLi
UnRegisterTypeLi
GetErrorInfo
CreateErrorInfo
SetErrorInfo
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLibEx

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

ntdll

RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
RtlNtStatusToDosError

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameApp.dll
.dll windows x86

Password: 1234

baa93d47220682c04d92f7797d9224ce

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

39:f8:68:ed:a7:14:85:16:13:51:30:57:ca:6c:e6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/03/2017, 00:00

Not After

07/04/2018, 23:59

Subject

CN=Joycity Corp.,O=Joycity Corp.,L=Seongnam-si,ST=Gyonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:dd:a5:7f:60:37:5c:79:c5:c1:7b:70:97:33:e4:5b:5d:12:59:a9
Signer

Actual PE Digest

4e:dd:a5:7f:60:37:5c:79:c5:c1:7b:70:97:33:e4:5b:5d:12:59:a9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

??0CGameApplication@@QAE@XZ
??0CISSolutionTool@@QAE@ABV0@@Z
??0CISSolutionTool@@QAE@XZ
??1CGameApplication@@QAE@XZ
??1CISSolutionTool@@QAE@XZ
??4CGameApplication@@QAEAAV0@ABV0@@Z
??4CISSolutionTool@@QAEAAV0@ABV0@@Z
?AddAutoDataAll@CISSolutionTool@@QAEXXZ
?AddSSolutionData@CISSolutionTool@@QAEKAAUSSPointInfo@@@Z
?Auto_AddSSolutionDataAuto@CISSolutionTool@@QAEKAAUSSPointInfo@@@Z
?Auto_Find@CISSolutionTool@@QAEPAUSSolutionPoint@@W4SHOOT_SOLUTION_THROW_TYPE@@KW4SHOOT_SOLUTION_BOUND_TYPE@@K@Z
?Auto_GenerateData@CISSolutionTool@@QAEXAAUSSSimulCondition@@@Z
?Auto_GetMaxCount@CISSolutionTool@@QAEKW4SHOOT_SOLUTION_THROW_TYPE@@KW4SHOOT_SOLUTION_BOUND_TYPE@@@Z
?Auto_GetShootingData@CISSolutionTool@@AAE_NAAVJOVECTOR3@@AAM0@Z
?Auto_Remove@CISSolutionTool@@QAEXW4SHOOT_SOLUTION_THROW_TYPE@@KW4SHOOT_SOLUTION_BOUND_TYPE@@K@Z
?Auto_RemoveAll@CISSolutionTool@@QAEXXZ
?Auto_StartGen@CISSolutionTool@@AAE_NXZ
?CheckBigBound@CISSolutionTool@@AAE_NAAUBallPoint@@@Z
?Close@CGameApplication@@QAEXXZ
?CollectContactPoint@CISSolutionTool@@QAEXPBDAAUBallPoint@@@Z
?DecisionBoundType@CISSolutionTool@@AAE?AW4SHOOT_SOLUTION_BOUND_TYPE@@AAH0@Z
?DecisionKind@CISSolutionTool@@AAEXXZ
?DeviceReleaseCallBack@CGameApplication@@SAXXZ
?DeviceRestoreCallBack@CGameApplication@@SAXXZ
?Dlg_ScreenModeProc@CGameApplication@@SGHPAUHWND__@@IIJ@Z
?Find@CISSolutionTool@@QAEPAUSSolutionPoint@@W4SHOOT_SOLUTION_THROW_TYPE@@KW4SHOOT_SOLUTION_BOUND_TYPE@@K@Z
?GetCenterPosFromSectorNum@CISSolutionTool@@QAE?AVJOVECTOR3@@I@Z
?GetInstance@CISSolutionTool@@SAPAV1@XZ
?GetMaxCount@CISSolutionTool@@QAEKW4SHOOT_SOLUTION_THROW_TYPE@@KW4SHOOT_SOLUTION_BOUND_TYPE@@@Z
?GetSSolutionMode@CISSolutionTool@@QAE?AW4ESSolutionMode@@XZ
?HS_CallbackProc@CGameApplication@@QAEHJJPAX@Z
?IMESystemUpdate@CGameApplication@@QAE_NPAUHWND__@@UtagMSG@@_N@Z
?Init@CGameApplication@@QAE_NPAUHINSTANCE__@@PAUHWND__@@1PA_W2@Z
?InitForTool@CGameApplication@@QAE_NPAUHINSTANCE__@@PAUHWND__@@1@Z
?InsertEventChar@CGameApplication@@QAEXIJ@Z
?InsertEventKeyboard@CGameApplication@@QAEXIJ_N@Z
?LoadSolutionFromFile@CISSolutionTool@@QAEXPBD@Z
?LoadSolutionFromFileAndAdd@CISSolutionTool@@QAEXPBD@Z
?LoadSolutionFromFileOld@CISSolutionTool@@QAEXPBD@Z
?Remove@CISSolutionTool@@QAEXW4SHOOT_SOLUTION_THROW_TYPE@@KW4SHOOT_SOLUTION_BOUND_TYPE@@K@Z
?RemoveAll@CISSolutionTool@@QAEXXZ
?Reset@CISSolutionTool@@AAEXXZ
?Run@CGameApplication@@QAEXXZ
?SaveSolutionToFile@CISSolutionTool@@QAEXPBD@Z
?SaveSolutionToFileToRelease@CISSolutionTool@@QAEXPBD@Z
?Send_GA_Analytics_Event@CGameApplication@@AAEXHPA_WPAD11H@Z
?SetAutoMode@CISSolutionTool@@QAEX_N@Z
?SetBallPos@CISSolutionTool@@QAEXAAVJOVECTOR3@@@Z
?SetBallPos@CISSolutionTool@@QAEXK@Z
?SetBallPosFromLogic@CISSolutionTool@@QAEXAAUBallPoint@@@Z
?SetCursorList@CGameApplication@@QAEXV?$vector@PAUHICON__@@V?$allocator@PAUHICON__@@@std@@@std@@@Z
?SetDataColliect@CISSolutionTool@@QAEX_N@Z
?SetGoalin@CISSolutionTool@@QAEXAAUBallPoint@@@Z
?SetLineDraw@CISSolutionTool@@QAEX_N@Z
?SetSSolutionMode@CISSolutionTool@@QAEXW4ESSolutionMode@@@Z
?SimulateShoot@CISSolutionTool@@QAEXAAVJOVECTOR3@@0M_NM@Z
?ThrowShoot@CISSolutionTool@@QAEXAAUSSPointInfo@@AAVJOVECTOR3@@@Z
?WindowProc@CGameApplication@@QAEJPAUHWND__@@IIJ@Z
?m_pInitDlg@CGameApplication@@2PAVCInitDlg@@A
?m_pInstance@CISSolutionTool@@0PAV1@A

Sections

Size: 2.3MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pcvkmmnq
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

upoaymqc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MACDll.dll
.dll windows x86

Password: 1234

891a11d9518776b9cee83188e5811c84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
WriteConsoleW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
GetProcessHeap
LCMapStringW
GetStringTypeW
GetFileType
GetStdHandle
GetACP
HeapAlloc
HeapFree
GetModuleFileNameA
ExitProcess
HeapQueryInformation
HeapReAlloc
HeapSize
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
EncodePointer
InterlockedFlushSList
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
lstrlenA
GetCurrentProcess
FlushFileBuffers
InterlockedIncrement
GlobalFlags
GetCurrentProcessId
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FreeResource
GlobalFindAtomW
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
InterlockedDecrement
GlobalFree
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
MulDiv
GetLastError
SetLastError
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
CreateEventW
SetEvent
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
CreateFileW
SetFilePointer
SetEndOfFile
ReadFile
WriteFile
GetFileSize
GetProcAddress
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
CloseHandle
Sleep
WaitForSingleObject
TerminateThread
SetThreadPriority
CreateThread
FindFirstFileW
GetModuleHandleW
FindFirstFileExA
FindClose

user32

RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CreateDialogIndirectParamW
CopyRect
PtInRect
MessageBoxW
PostMessageW
SendMessageW
EnableWindow
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetDesktopWindow
GetDC
ReleaseDC
IsDialogMessageW
SetWindowTextW
ShowWindow
IsWindowEnabled
GetClientRect
GetNextDlgTabItem
DialogBoxParamW
EndDialog
CheckDlgButton
IsDlgButtonChecked
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
UnregisterClassW
GetWindowThreadProcessId
ClientToScreen
GetSysColorBrush
LoadCursorW
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
BeginPaint
EndPaint
DestroyMenu
GetSystemMetrics
GetWindowTextLengthW
GetWindowTextW
GetWindow
GetWindowLongW
SetFocus
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetCursor
PostQuitMessage
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible

gdi32

SetMapMode
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
RestoreDC
SaveDC
DeleteObject
GetObjectW
SetBkColor
SetTextColor
GetClipBox
ScaleViewportExtEx
CreateBitmap
GetDeviceCaps

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantInit
VariantChangeType
VariantClear

oleacc

CreateStdAccessibleObject
LresultFromObject

Exports

Exports

CloseFilterInput
CloseFilterOutput
CompressFile
CompressFileW
CompressFileW2
ConvertFile
ConvertFileW
ConvertFileW2
DIALOGMsgProc
DecompressFile
DecompressFileW
DecompressFileW2
FillWaveFormatEx
FillWaveHeader
FilterGetFileSize
FilterGetFirstSpecialData
FilterGetNextSpecialData
FilterGetOptions
FilterOptions
FilterOptionsString
FilterUnderstandsFormat
FilterWriteSpecialData
GetID3Tag
GetInterfaceCompatibility
GetVersionNumber
OpenFilterInput
OpenFilterOutput
QueryCoolFilter
ReadFilterInput
RemoveTag
ShowFileInfoDialog
TagFileSimple
VerifyFile
VerifyFileW
VerifyFileW2
WriteFilterOutput
c_APECompress_AddData
c_APECompress_Create
c_APECompress_Destroy
c_APECompress_Finish
c_APECompress_GetBufferBytesAvailable
c_APECompress_Kill
c_APECompress_LockBuffer
c_APECompress_Start
c_APECompress_StartW
c_APECompress_UnlockBuffer
c_APEDecompress_Create
c_APEDecompress_CreateW
c_APEDecompress_Destroy
c_APEDecompress_GetData
c_APEDecompress_GetInfo
c_APEDecompress_Seek
winampGetExtendedFileInfo
winampGetInModule2

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bulkmail.exe
.exe windows x64

Password: 1234

0b5552dccd9d0a834cea55c0c8fc05be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetOEMCP
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
crckW4re/CRClient.dll
.dll windows x64

Password: 1234

993ec3d9312ac10f54052edf6ed89028

Code Sign

07:75:dc:5a:dd:f9:28:84:db:19:d5:55:4c:07:ec:49
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Illustrator\, InDesign\, InCopy\, Muse,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:28:ef:5d:af:4d:b5:2d:4f:77:86:02:22:1d:35:c4:1c:99:42:15:38:fd:f8:45:95:36:ff:a9:98:33:e2:b3
Signer

Actual PE Digest

8a:28:ef:5d:af:4d:b5:2d:4f:77:86:02:22:1d:35:c4:1c:99:42:15:38:fd:f8:45:95:36:ff:a9:98:33:e2:b3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dbghelp

SymInitialize
StackWalk64
SymGetModuleBase64
SymGetModuleInfo64
SymFromAddr
SymFunctionTableAccess64

kernel32

GetModuleHandleW
GetProcAddress
LoadLibraryW
CloseHandle
CreateThread
WaitForSingleObject
GetModuleFileNameW
FreeLibrary
ReadFile
GetCurrentThreadId
ReadProcessMemory
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
TerminateThread
OpenThread
CreateNamedPipeW
VirtualProtect
WriteProcessMemory
GetThreadId
GetProcessId
K32GetModuleFileNameExW
CreateProcessW
GetProcessHeap
WriteFile
FlushFileBuffers
DisconnectNamedPipe
WerRegisterRuntimeExceptionModule
WerUnregisterRuntimeExceptionModule
LocaleNameToLCID
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileAttributesExW
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
MultiByteToWideChar
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
ConnectNamedPipe
IsDebuggerPresent

user32

IsWindowVisible
EnableWindow
IsHungAppWindow
DisableProcessWindowsGhosting
MessageBoxW
GetWindowTextW
GetWindowTextLengthW
ReleaseDC
DrawIconEx
GetSysColor
GetDC
SetFocus
GetDlgCtrlID
IsDlgButtonChecked
PostMessageW
ShowWindow
GetSystemMenu
EnableMenuItem
GetWindowThreadProcessId
GetSysColorBrush
EndDialog
GetWindow
SetWindowTextW
SetDlgItemTextW
SetWindowPos
OffsetRect
CopyRect
GetDesktopWindow
GetKeyState
GetDlgItem
GetWindowLongPtrW
GetParent
SetCursor
LoadCursorW
ReleaseCapture
PtInRect
ClientToScreen
GetWindowRect
SetCapture
InvalidateRect
GetCapture
SendMessageW
EnumWindows
CheckDlgButton
SetPropW
RemovePropW
DialogBoxIndirectParamW
GetPropW
CallWindowProcW
SetWindowLongPtrW

gdi32

DeleteDC
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
SetBkMode
CreateFontIndirectW
GetObjectW
SetTextColor
DeleteObject

advapi32

RegOpenCurrentUser
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath
ord6
ShellExecuteW

ole32

CoTaskMemFree
CoCreateGuid

msvcp140

_Strcoll
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Wcscoll
_Strxfrm
_Wcsxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEA_W_J@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_JH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Xbad_alloc@std@@YAXXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?empty@locale@std@@SA?AV12@XZ
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_C_error@std@@YAXH@Z
_Thrd_start
_Thrd_join
_Mtx_init
_Mtx_lock
_Mtx_trylock
_Mtx_unlock
_Cnd_init
_Cnd_wait
_Cnd_signal
_Cnd_destroy
_Mtx_destroy
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ

shlwapi

PathAppendW
PathFileExistsW

vcruntime140

memchr
strchr
__CxxFrameHandler3
memset
__C_specific_handler
__vcrt_InitializeCriticalSectionEx
_CxxThrowException
__std_type_info_destroy_list
wcsstr
_purecall
memmove
__std_exception_destroy
__std_exception_copy
__std_terminate
memcmp
memcpy

api-ms-win-crt-heap-l1-1-0

_callnewh
free
calloc
_recalloc
realloc
malloc

api-ms-win-crt-string-l1-1-0

strtok_s
strncpy_s
isspace
tolower
_strdup
wcsnlen
wmemcpy_s
iswspace

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm_e
_invalid_parameter_noinfo
_initterm
_errno
_cexit
_invalid_parameter_noinfo_noreturn
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

ungetwc
fgetwc
fsetpos
_fseeki64
fgetpos
fwrite
_get_stream_buffer_pointers
fclose
__stdio_common_vswprintf
__stdio_common_vswprintf_s
fputc
setvbuf
ungetc
fputwc
fflush
fgetc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_wremove

api-ms-win-crt-convert-l1-1-0

_itoa_s

Exports

Exports

?AddCRCustomData@@YA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K@Z
?CrashReporterInitialize@@YA_NPEAXPEBD1111P6A_KAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@ZP6AXXZ_NW4AdobeCrashReporterScalingFactor@@@Z
?GetCRDialogOptions@@YAHXZ
?GetCRLastErrorCode@@YA?AW4ERROR_CR@@XZ
?SetCRDialogOptions@@YA_NH@Z
?SetCRDialogSaclingFactor@@YA_NW4AdobeCrashReporterScalingFactor@@@Z
?SetCRDialogUserEmail@@YA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetCRDisplayName@@YA_NPEBD@Z
?SetCRHighbeamSessionId@@YA_NPEBD@Z
?SetCRHighbeamSessionInfo@@YA_NPEAXPEB_W@Z
?SetCRLocale@@YA_NPEBD@Z
?SetCRParentWnd@@YA_NPEAX@Z
?SetCRPostHandler@@YA_NP6AXXZ@Z
?SetCRPosthandlerThreadPreference@@YA_N_N@Z
?SetCRPreHandler@@YA_NP6A_KAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@Z
?ShowCRDialogOnlyOnFirstCrash@@YA_NXZ
OutOfProcessExceptionEventCallback
OutOfProcessExceptionEventDebuggerLaunchCallback
OutOfProcessExceptionEventSignatureCallback

Sections

.text
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
napipsec.dll
.dll windows x86

Password: 1234

42010a89ce0b947bb7241c3fc4cdaeed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
memcmp
_XcptFilter
memset

ntdll

EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwUnregisterTraceGuids

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
CreateThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-2-0

WaitForSingleObjectEx
SetEvent
Sleep
DeleteCriticalSection
CreateEventW
WaitForSingleObject
InitializeCriticalSection

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

fwpuclnt

FwpmFilterAdd0
FwpmEngineOpen0
FwpmEngineClose0
IkeextSaCreateEnumHandle0
IkeextSaEnum2
FwpmProviderContextGetByKey2
IkeextSaDeleteById0
FwpmFreeMemory0
IkeextSaDestroyEnumHandle0
FwpmProviderContextAdd1
FwpmProviderContextAdd2
FwpmProviderContextDeleteByKey0
FwpmFilterDeleteByKey0

userenv

EnterCriticalPolicySection
UnregisterGPNotification
RegisterGPNotification
LeaveCriticalPolicySection

kernel32

DelayLoadFailureHook
WaitForMultipleObjects
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
ResolveDelayLoadedAPI

Exports

Exports

InitializeNapIpsecRp
UninitializeNapIpsecRp

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readME.txt

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

09a1c4e839108dde1bc43674480edf36

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

9d:02:82:77:20:f1:95:e3:80:b3:89:a1:7a:d9:15:cc:57:c6:90:93:85:c8:88:c1:95:50:17:72:7d:a9:49:e9Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

ole32

user32

oleaut32

version

ntdll

Exports

Exports

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 93KB - Virtual size: 92KB

.data Size: 7KB - Virtual size: 9KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 90KB - Virtual size: 89KB

.reloc Size: 1KB - Virtual size: 1KB

Password: 1234

baa93d47220682c04d92f7797d9224ce

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

39:f8:68:ed:a7:14:85:16:13:51:30:57:ca:6c:e6:e7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4e:dd:a5:7f:60:37:5c:79:c5:c1:7b:70:97:33:e4:5b:5d:12:59:a9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

Exports

Exports

Sections

Size: 2.3MB - Virtual size: 6.9MB

.rsrc Size: 1024B - Virtual size: 1KB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 4.0MB

pcvkmmnq Size: 1.9MB - Virtual size: 1.9MB

upoaymqc Size: 512B - Virtual size: 4KB

Password: 1234

891a11d9518776b9cee83188e5811c84

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

oleacc

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

9d:02:82:77:20:f1:95:e3:80:b3:89:a1:7a:d9:15:cc:57:c6:90:93:85:c8:88:c1:95:50:17:72:7d:a9:49:e9
Signer

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 7KB - Virtual size: 9KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 90KB - Virtual size: 89KB

.reloc
Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

39:f8:68:ed:a7:14:85:16:13:51:30:57:ca:6c:e6:e7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4e:dd:a5:7f:60:37:5c:79:c5:c1:7b:70:97:33:e4:5b:5d:12:59:a9
Signer

.rsrc
Size: 1024B - Virtual size: 1KB

.idata
Size: 512B - Virtual size: 4KB

pcvkmmnq
Size: 1.9MB - Virtual size: 1.9MB

upoaymqc
Size: 512B - Virtual size: 4KB

.text
Size: 244KB - Virtual size: 243KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 6KB - Virtual size: 25KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 13KB - Virtual size: 13KB

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 2KB - Virtual size: 1KB

07:75:dc:5a:dd:f9:28:84:db:19:d5:55:4c:07:ec:49
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

8a:28:ef:5d:af:4d:b5:2d:4f:77:86:02:22:1d:35:c4:1c:99:42:15:38:fd:f8:45:95:36:ff:a9:98:33:e2:b3
Signer

.text
Size: 215KB - Virtual size: 214KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 11KB - Virtual size: 10KB