a4e8a4bdda06abba4b105d9a333209f650aa5db4e3a28cc80aa288fc21840a58

Sharing

Copy URL Twitter E-mail

General

Target

a4e8a4bdda06abba4b105d9a333209f650aa5db4e3a28cc80aa288fc21840a58
Size

6.2MB
MD5

7bb94391c33e50166a544f0315003aa7
SHA1

8f47263e85d2017bf15ee86611e02a8ca0d9987d
SHA256

a4e8a4bdda06abba4b105d9a333209f650aa5db4e3a28cc80aa288fc21840a58
SHA512

2fdefa6132bb11a1d50c6f0548e9fa2be8fb05d124da89e465c5cc431fedd9e954bed15efa8278b91ef3f34354521733b42ea4f37ebcdda9da914797043108ac
SSDEEP

196608:2ucqTEHE0ARfqxWJPp1nIN7EyDhQH4sDQVMw2v9f7p:2ucq0AxYSh1n0ZhQHZ5w2v9l

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Auto Shutdowner 1.5.2/AShutdowner.exe	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Auto Shutdowner 1.5.2/AShutdowner.exe
unpack003/out.upx
unpack001/Auto Shutdowner 1.5.2/Bin/Plugins/AMSWMemory/AMSWMemory.lmd
unpack001/Auto Shutdowner 1.5.2/Bin/Plugins/MemoryEx/MemoryEx.lmd
unpack001/Auto Shutdowner 1.5.2/Bin/Plugins/SHAPE/SHAPE.APO
unpack001/Auto Shutdowner 1.5.2/Bin/Plugins/Tray/Tray.lmd
unpack001/Auto Shutdowner 1.5.2/Bin/Plugins/WinApi/WinApi.lmd

Files

a4e8a4bdda06abba4b105d9a333209f650aa5db4e3a28cc80aa288fc21840a58
.zip
Auto Shutdowner 1.5.2/AShutdowner.cdd
.zip
Auto Shutdowner 1.5.2/AShutdowner.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 158KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 854KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Auto Shutdowner 1.5.2/AShutdowner.ico
Auto Shutdowner 1.5.2/AShutdowner.ini
Auto Shutdowner 1.5.2/Bin/Icons/tray_off.ico
Auto Shutdowner 1.5.2/Bin/Icons/tray_on.ico
Auto Shutdowner 1.5.2/Bin/Plugins/AMSWMemory/AMSWMemory.lmd
.dll windows x86

3b7c26dea2ca08957237c2f216839cc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
memcpy
realloc
free
atof
sprintf
strncpy
_strnicmp
strncmp
_strdup
_stricmp
memmove
strcmp
strlen
strcpy
tolower
strcat

kernel32

HeapCreate
HeapDestroy
TlsGetValue
TlsFree
lstrcpyA
lstrlenA
GetFileAttributesA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GlobalSize
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
SetThreadContext
ResumeThread
TerminateProcess
CloseHandle
GetModuleHandleA
TlsAlloc
TlsSetValue
HeapFree
HeapAlloc
HeapReAlloc
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
GetProcessHeap
GetVersionExA
WideCharToMultiByte
HeapSize
MultiByteToWideChar
GetDriveTypeA
FindFirstFileA
FindClose

lua5.1

lua_getfield
lua_pushstring
lua_pushnumber
lua_call
lua_type
lua_toboolean
lua_tonumber
lua_tolstring
lua_settop
lua_gettable
lua_isnumber
lua_isstring
lua_gettop
lua_error
lua_remove
lua_pcall
lua_settable
lua_pushnil
lua_pushboolean
luaL_register

user32

GetWindowLongA
SetWindowLongA
RemovePropA
SetPropA
GetPropA
IsWindow
EnumPropsExA
CallWindowProcA
CharLowerA

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

oleaut32

SysFreeString
VariantClear
DispGetParam
VariantInit
VariantChangeType
SysAllocString
VariantCopy
DispGetIDsOfNames
GetActiveObject

shell32

ShellExecuteA

ole32

CoInitialize
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
CoGetClassObject
CoGetObject

atl

AtlAxWinInit
AtlAxCreateControl
AtlAxGetControl
AtlAxGetHost

Exports

Exports

irPlg_Action_RegisterActions
irPlg_GetAuthorInfo
irPlg_GetLuaVersion
irPlg_GetPluginActionXML
irPlg_GetPluginName
irPlg_GetPluginVersion
irPlg_GetSDKVersion
irPlg_ShowHelpForAction
irPlg_ShowHelpForPlugin
irPlg_ValidateLicense

Sections

AMSWaves
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

'.text'
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Auto Shutdowner 1.5.2/Bin/Plugins/MemoryEx/MemoryEx.lmd
.dll windows x86

7e8347c7ae2a6aefc30d9fc57caa46a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
strncmp
memmove
strncpy
strstr
_strnicmp
_strdup
free
strlen
strcpy
strcat
memcpy
_wcsicmp
wcsncmp
_wcsnicmp
_stricmp
strcmp
tolower
realloc
strtol
wcstombs

kernel32

HeapCreate
HeapDestroy
VirtualAlloc
GetModuleFileNameA
CloseHandle
VirtualFree
UnmapViewOfFile
FreeLibrary
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
VerLanguageNameA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapReAlloc
HeapSize
MultiByteToWideChar
WideCharToMultiByte
GetDriveTypeA
FindFirstFileA
FindClose
GetFileAttributesA
WriteFile
CreateFileA
SetFilePointer
ReadFile
GetFileSize
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
DeleteCriticalSection
InterlockedCompareExchange
Sleep
InterlockedExchange
GetLastError
SetLastError
VirtualProtect
IsBadReadPtr
GetProcessHeap
lstrlenA
GetThreadLocale
GetCurrentThread
CreateSemaphoreA
CreateThread
ReleaseSemaphore
WaitForMultipleObjects

lua5.1

lua_getfield
lua_type
lua_pushnil
lua_next
lua_isnumber
lua_isstring
lua_tolstring
lua_settop
lua_typename
lua_toboolean
lua_rawgeti
lua_pushnumber
lua_pcall
lua_pushstring
lua_error
lua_remove
lua_tonumber
luaL_loadbuffer
lua_call
lua_pushboolean
lua_gettop
luaL_checkinteger
lua_pushinteger
lua_createtable
lua_settable
lua_pushcclosure
lua_pushlstring
lua_dump
lua_gettable
luaL_newstate
luaopen_base
luaopen_io
luaopen_debug
luaopen_os
luaopen_package
luaopen_math
luaopen_string
luaopen_table
lua_close
luaL_unref
lua_insert
luaL_ref
lua_pushvalue
lua_tointeger

user32

IsWindow
GetWindowTextA
GetPropA
CallWindowProcA
SetPropA
SetWindowLongA
RemovePropA
CharLowerA
MessageBoxA
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongA
IsWindowEnabled
EnableWindow
EnumWindows
SetWindowPos
CharUpperA

comctl32

InitCommonControlsEx

ole32

CoInitialize

shell32

ShellExecuteExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

irPlg_Action_RegisterActions
irPlg_GetAuthorInfo
irPlg_GetLuaVersion
irPlg_GetPluginActionXML
irPlg_GetPluginName
irPlg_GetPluginVersion
irPlg_GetSDKVersion
irPlg_OnProjectBuild
irPlg_ShowHelpForAction
irPlg_ShowHelpForPlugin
irPlg_ValidateLicense

Sections

.code
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Auto Shutdowner 1.5.2/Bin/Plugins/SHAPE/SHAPE.APO
.dll windows x86

96c912c7e683eb60ac64ab8b4fe0567d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lua5.1

lua_pcall
luaL_openlib
lua_isnumber
lua_tonumber
lua_getfield
lua_pushstring
lua_gettable
lua_remove
lua_type
lua_pushnumber
lua_tolstring
lua_error
lua_gettop

kernel32

RtlUnwind
GetCommandLineA
RaiseException
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
GetLastError
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
CloseHandle
GetModuleFileNameA
LocalFree
GlobalAlloc
GetCurrentThread
lstrcpynA
GlobalFree
GlobalLock
GlobalUnlock
MulDiv
SetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
GetFileAttributesA
lstrcmpA
lstrlenA
FreeEnvironmentStringsW
lstrcpyA

user32

SendDlgItemMessageA
UpdateWindow
PostMessageA
LoadIconA
wvsprintfA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
WindowFromPoint
GetCursorPos
CreateDialogIndirectParamA
GetActiveWindow
EndDialog
PostQuitMessage
SetCursor
ValidateRect
TranslateMessage
GetMessageA
UnregisterClassA
GetClassNameA
LoadCursorA
GetSysColorBrush
DestroyMenu
LoadStringA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
IsWindowVisible
GetTopWindow
MessageBoxA
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
DefWindowProcA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
IsIconic
GetWindowPlacement
wsprintfA
InvalidateRect
ReleaseCapture
GetMessagePos
PtInRect
GetClientRect
GetCapture
SetCapture
SystemParametersInfoA
EnableWindow
SetRect
IsWindow
RedrawWindow
CopyRect
GetSystemMetrics
DrawFrameControl
DrawEdge
InflateRect
OffsetRect
DrawFocusRect
GetWindowRect
GetParent
SendMessageA
GetSysColor
CallNextHookEx
CallWindowProcA

gdi32

Rectangle
GetDeviceCaps
DeleteObject
Ellipse
RoundRect
SelectObject
GetStockObject
CreateSolidBrush
GetClipBox
SetTextColor
SetBkColor
GetObjectA
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
CreatePen
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetTextExtentPoint32A
CreateFontIndirectA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreatePalette
RealizePalette

comdlg32

ChooseColorA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17

Exports

Exports

irPlg_GetAuthorInfo
irPlg_GetIRPluginObjectVersion
irPlg_GetLuaVersion
irPlg_GetPluginActionXML
irPlg_GetPluginName
irPlg_GetPluginVersion
irPlg_GetSDKVersion
irPlg_Object_CreateObject
irPlg_Object_DeleteObject
irPlg_ShowHelpForAction
irPlg_ShowHelpForPlugin
irPlg_ValidateLicense

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Auto Shutdowner 1.5.2/Bin/Plugins/Tray/Tray.lmd
.dll windows x86

a9a6780b3ad0fe33fb0836f7ce718d77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lua5.1

lua_remove
lua_gettable
lua_getfield
lua_tolstring
lua_error
lua_type
lua_tonumber
lua_call
lua_pcall
luaL_openlib
lua_pushstring
lua_pushnumber
lua_pushboolean
lua_settable
lua_settop
lua_gettop

kernel32

InterlockedIncrement
GlobalFlags
RaiseException
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
GetCPInfo
GetOEMCP
ExitProcess
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
WritePrivateProfileStringA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
CloseHandle
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
lstrcatA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleHandleA
GetFileAttributesA
lstrlenA
lstrcpyA
RtlUnwind

user32

ShowWindow
DestroyMenu
DrawTextA
TabbedTextOutA
ClientToScreen
SetWindowTextA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetClientRect
GetSysColor
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
PtInRect
GetWindow
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SendMessageA
SetCursor
LoadCursorA
GetSysColorBrush
PostQuitMessage
RegisterWindowMessageA
ReleaseDC
GetDC
GrayStringA
GetMenu
DrawTextExA
SetForegroundWindow
PostMessageA
SetWindowLongA
CallWindowProcA
wsprintfA
LoadImageA
LoadIconA

gdi32

SetMapMode
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
RectVisible
PtVisible
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
DeleteObject
TextOutA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantChangeType
VariantClear

Exports

Exports

irPlg_Action_RegisterActions
irPlg_GetAuthorInfo
irPlg_GetLuaVersion
irPlg_GetPluginActionXML
irPlg_GetPluginName
irPlg_GetPluginVersion
irPlg_GetSDKVersion
irPlg_ShowHelpForAction
irPlg_ShowHelpForPlugin
irPlg_ValidateLicense

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 606KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Auto Shutdowner 1.5.2/Bin/Plugins/WinApi/WinApi.lmd
.dll windows x86

741aebfdf8901ce175d376634d256093

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lua5.1

luaL_openlib
lua_pushnumber
lua_type
lua_remove
lua_gettable
lua_pushstring
lua_getfield
lua_settop
lua_settable
lua_pushboolean
lua_tolstring
lua_error
lua_gettop
lua_toboolean
lua_tonumber
lua_pushnil
lua_createtable
lua_pcall

winmm

mciSendStringA
sndPlaySoundA

gdiplus

GdipGetImageGraphicsContext
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipDrawImageI
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders

kernel32

lstrcmpA
GetCurrentThread
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
InterlockedIncrement
GlobalFlags
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
GetModuleFileNameA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ConvertDefaultLocale
EnumResourceLanguagesA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleHandleA
InterlockedDecrement
SetLastError
GlobalFree
FormatMessageA
lstrcpynA
LocalFree
GetNumberFormatA
FindFirstFileA
FindNextFileA
CreateFileA
GetFileSizeEx
CloseHandle
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetFileAttributesA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcatA
lstrlenA
lstrcpyA
LoadLibraryA
GetProcAddress
FreeLibrary

user32

RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
SetWindowsHookExA
GetCapture
WinHelpA
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
ModifyMenuA
SetMenuItemBitmaps
PostQuitMessage
SetCursor
ValidateRect
GetCursorPos
TranslateMessage
GetMessageA
ClientToScreen
DestroyMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
GetMenu
PostMessageA
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowPlacement
PtInRect
UnhookWindowsHookEx
GetMenuState
GetSubMenu
GetSystemMenu
EnableMenuItem
mouse_event
GetSysColorBrush
LoadCursorA
CreateWindowExA
ChildWindowFromPointEx
SystemParametersInfoA
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
FindWindowExA
FindWindowA
ChangeDisplaySettingsA
GetClientRect
SetWindowLongA
SetLayeredWindowAttributes
GetWindowTextA
UnregisterClassA
CallNextHookEx
GetSysColor
IsClipboardFormatAvailable
FillRect
SetClassLongA
EnumDisplaySettingsA
SetCursorPos
BlockInput
GetWindowDC
MoveWindow
GetLastActivePopup
ShowWindow
SetActiveWindow
IsWindowVisible
IsChild
SetParent
GetParent
ChildWindowFromPoint
GetWindow
GetTopWindow
keybd_event
IsIconic
IsZoomed
WindowFromPoint
GetForegroundWindow
SetForegroundWindow
GetActiveWindow
SetWindowTextA
IsWindowEnabled
LoadImageA
SendMessageA
IsWindow
FlashWindow
CreatePopupMenu
GetMenuItemCount
GetMenuStringA
GetMenuItemID
EnableWindow
LoadIconA
wsprintfA
GetDesktopWindow
GetWindowRect
SetWindowPos
GetDC
ReleaseDC
RegisterWindowMessageA
GetFocus
DispatchMessageA
CopyRect
GetDlgItem
GetWindowLongA

gdi32

Rectangle
Ellipse
CreateSolidBrush
StrokeAndFillPath
EndPath
LineTo
AngleArc
BeginPath
GetStockObject
MoveToEx
SetBkMode
GetPixel
SetPixel
SetTextColor
EnumFontFamiliesExA
TextOutA
CreateFontA
GetClipBox
SetBkColor
ExtTextOutA
SaveDC
RestoreDC
GetObjectA
SetDIBColorTable
CreateCompatibleBitmap
GetDeviceCaps
RoundRect
GetBitmapBits
PtVisible
RectVisible
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreatePen
SetMapMode
CreateBitmap
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
DeleteObject
DeleteDC

comdlg32

ChooseFontA
ChooseColorA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueA
RegSetValueExA

shell32

SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteA
SHEmptyRecycleBinA
ShellExecuteExA
SHQueryRecycleBinA
SHFileOperationA
SHGetDiskFreeSpaceExA
SHGetMalloc

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA
PathFindExtensionW
StrToInt64ExA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

irPlg_Action_RegisterActions
irPlg_GetAuthorInfo
irPlg_GetLuaVersion
irPlg_GetPluginActionXML
irPlg_GetPluginName
irPlg_GetPluginVersion
irPlg_GetSDKVersion
irPlg_ShowHelpForAction
irPlg_ShowHelpForPlugin
irPlg_ValidateLicense

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 606KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Auto Shutdowner 1.5.2/Bin/Plugins/sb_Windows7.png
.png
Auto Shutdowner 1.5.2/Bin/dat01/ap1.dat
Auto Shutdowner 1.5.2/Bin/dat01/ap10.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap11.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap12.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap13.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap14.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap15.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap16.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap17.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap18.dat
.png
Auto Shutdowner 1.5.2/Bin/dat01/ap19.dat
.png
Auto Shutdowner 1.5.2/Bin/dat01/ap2.dat
Auto Shutdowner 1.5.2/Bin/dat01/ap20.dat
.png
Auto Shutdowner 1.5.2/Bin/dat01/ap21.dat
.png
Auto Shutdowner 1.5.2/Bin/dat01/ap22.dat
.png
Auto Shutdowner 1.5.2/Bin/dat01/ap23.dat
.png
Auto Shutdowner 1.5.2/Bin/dat01/ap3.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap4.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap5.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap6.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap7.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap8.dat
.zip
Auto Shutdowner 1.5.2/Bin/dat01/ap9.dat
.zip
Auto Shutdowner 1.5.2/Lang/English.lng
Auto Shutdowner 1.5.2/Lang/Russian.lng
Auto Shutdowner 1.5.2/License.txt
Auto Shutdowner 1.5.2/lua5.1.dll
.dll windows x86

15d95afb470c5f82193b2d9e98fc96d1

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

83:be:82:48:d6:37:ee:d3:5d:ad:4d:bf:af:36:63:15
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/01/2016, 00:00

Not After

02/06/2019, 23:59

Subject

CN=Indigo Rose Software Design Corporation,O=Indigo Rose Software Design Corporation,POSTALCODE=R3B 0R3,STREET=123 Bannatyne Ave,L=Winnipeg,ST=MB,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:be:82:48:d6:37:ee:d3:5d:ad:4d:bf:af:36:63:15
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/01/2016, 00:00

Not After

02/06/2019, 23:59

Subject

CN=Indigo Rose Software Design Corporation,O=Indigo Rose Software Design Corporation,POSTALCODE=R3B 0R3,STREET=123 Bannatyne Ave,L=Winnipeg,ST=MB,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f0:e8:4e:54:90:bb:de:82:e5:e8:7d:0f:81:18:60:87:bd:32:73:ea:86:7b:38:74:71:85:57:eb:bf:54:e6:58
Signer

Actual PE Digest

f0:e8:4e:54:90:bb:de:82:e5:e8:7d:0f:81:18:60:87:bd:32:73:ea:86:7b:38:74:71:85:57:eb:bf:54:e6:58

Digest Algorithm

sha256

PE Digest Matches

true

bf:7d:e1:e7:00:96:8e:8d:48:1f:91:19:cc:66:c9:bd:bb:6c:90:47
Signer

Actual PE Digest

bf:7d:e1:e7:00:96:8e:8d:48:1f:91:19:cc:66:c9:bd:bb:6c:90:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
FormatMessageA
GetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
GetModuleHandleW
Sleep
ExitProcess
RtlUnwind
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
DeleteFileA
MoveFileA
GetTimeFormatA
GetDateFormatA
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
InitializeCriticalSectionAndSpinCount
GetFileAttributesA
CreatePipe
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcessId
CreateFileA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
RaiseException
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
SetStdHandle
HeapSize
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA

Exports

Exports

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Auto Shutdowner 1.5.2/lua51.dll
.dll windows x86

a1b69e6994ef9135a30507dd76a0652e

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

83:be:82:48:d6:37:ee:d3:5d:ad:4d:bf:af:36:63:15
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/01/2016, 00:00

Not After

02/06/2019, 23:59

Subject

CN=Indigo Rose Software Design Corporation,O=Indigo Rose Software Design Corporation,POSTALCODE=R3B 0R3,STREET=123 Bannatyne Ave,L=Winnipeg,ST=MB,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:be:82:48:d6:37:ee:d3:5d:ad:4d:bf:af:36:63:15
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/01/2016, 00:00

Not After

02/06/2019, 23:59

Subject

CN=Indigo Rose Software Design Corporation,O=Indigo Rose Software Design Corporation,POSTALCODE=R3B 0R3,STREET=123 Bannatyne Ave,L=Winnipeg,ST=MB,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cf:02:28:b4:6f:88:00:59:50:e0:9c:53:0e:47:1a:7c:1d:8b:bd:23:39:68:9f:5c:ac:9a:e3:d2:b5:d3:e3:dc
Signer

Actual PE Digest

cf:02:28:b4:6f:88:00:59:50:e0:9c:53:0e:47:1a:7c:1d:8b:bd:23:39:68:9f:5c:ac:9a:e3:d2:b5:d3:e3:dc

Digest Algorithm

sha256

PE Digest Matches

true

c0:f1:36:ca:1f:4f:4a:c3:07:78:12:c8:cc:34:a8:cc:93:8d:c4:9e
Signer

Actual PE Digest

c0:f1:36:ca:1f:4f:4a:c3:07:78:12:c8:cc:34:a8:cc:93:8d:c4:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lua5.1

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Exports

Exports

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.0MB

UPX1 Size: 2.5MB - Virtual size: 2.5MB

.rsrc Size: 158KB - Virtual size: 160KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 854KB - Virtual size: 854KB

.data Size: 145KB - Virtual size: 474KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

3b7c26dea2ca08957237c2f216839cc9

Headers

File Characteristics

Imports

msvcrt

kernel32

lua5.1

user32

advapi32

oleaut32

shell32

ole32

atl

Exports

Exports

Sections

AMSWaves Size: 85KB - Virtual size: 85KB

.text Size: 13KB - Virtual size: 13KB

'.text' Size: 512B - Virtual size: 21B

.rdata Size: 512B - Virtual size: 418B

.data Size: 63KB - Virtual size: 63KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 7KB - Virtual size: 6KB

7e8347c7ae2a6aefc30d9fc57caa46a1

Headers

File Characteristics

Imports

msvcrt

kernel32

lua5.1

user32

comctl32

ole32

shell32

version

Exports

Exports

Sections

.code Size: 43KB - Virtual size: 43KB

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 127KB - Virtual size: 129KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

96c912c7e683eb60ac64ab8b4fe0567d

Headers

File Characteristics

Imports

lua5.1

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Exports

Exports

Sections

UPX0
Size: - Virtual size: 4.0MB

UPX1
Size: 2.5MB - Virtual size: 2.5MB

.rsrc
Size: 158KB - Virtual size: 160KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 854KB - Virtual size: 854KB

.data
Size: 145KB - Virtual size: 474KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

AMSWaves
Size: 85KB - Virtual size: 85KB

.text
Size: 13KB - Virtual size: 13KB

'.text'
Size: 512B - Virtual size: 21B

.rdata
Size: 512B - Virtual size: 418B

.data
Size: 63KB - Virtual size: 63KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 7KB - Virtual size: 6KB

.code
Size: 43KB - Virtual size: 43KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 127KB - Virtual size: 129KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 16KB - Virtual size: 38KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 16KB - Virtual size: 14KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 606KB

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 20KB - Virtual size: 16KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 606KB

.rsrc
Size: 120KB - Virtual size: 116KB

.reloc
Size: 20KB - Virtual size: 19KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

83:be:82:48:d6:37:ee:d3:5d:ad:4d:bf:af:36:63:15
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

83:be:82:48:d6:37:ee:d3:5d:ad:4d:bf:af:36:63:15
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate