e96d9ac96c99a3742c8a27f704b19586117f997c735717c86515f70be6f99193

Sharing

Copy URL Twitter E-mail

General

Target

e96d9ac96c99a3742c8a27f704b19586117f997c735717c86515f70be6f99193
Size

3.8MB
MD5

8480867823f23cf256ad4295a9d32885
SHA1

29106877a4941e1c45ee69e0b3a5f1759a36adb4
SHA256

e96d9ac96c99a3742c8a27f704b19586117f997c735717c86515f70be6f99193
SHA512

a199ecd21993ccddde11a537993b9a16f3cae7a38e1922bcb17f84764166d7709bd9ad96a7aafa0093b9d990436a2b9d6c8ed8246a088bc45962328019ce1aa1
SSDEEP

98304:7/73/toGK8exyI71Akk8/7jBAUeNBjfNQ7/4MnvjdJz9:7/DtDK1XAkXjCh9fNQRvD9

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/׼Ӻ/mfc100u.dll	vmprotect
static1/unpack001/׼Ӻ/rk1H4B.exe_	vmprotect

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/׼Ӻ/iSignWrap.dll
unpack001/׼Ӻ/mfc100u.dll

Files

e96d9ac96c99a3742c8a27f704b19586117f997c735717c86515f70be6f99193
.zip
׼Ӻ/iSignWrap.dll
.dll windows x86

88e517632d270821206a93a7a51ee672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CryptEncodeObjectEx
CryptVerifyMessageSignature
CryptMsgOpenToEncode
CryptImportPublicKeyInfo
CryptMsgCalculateEncodedLength
CryptDecodeObjectEx
CryptAcquireCertificatePrivateKey
CertStrToNameA
CertSetCertificateContextProperty
CryptEncodeObject
CryptMsgOpenToDecode
CryptSignAndEncodeCertificate
CryptMsgGetParam
CryptMsgUpdate
CertCreateCertificateContext
CertStrToNameW
CertAddCertificateContextToStore
CryptBinaryToStringA
CertOpenStore
CryptMsgClose
CryptExportPublicKeyInfo
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertNameToStrW
CryptDecodeObject
CertVerifySubjectCertificateContext

kernel32

GetCurrentProcessId
GetLastError
LocalAlloc
FormatMessageA
SetEndOfFile
GetModuleFileNameW
GetProcAddress
LoadLibraryW
OutputDebugStringA
LockResource
LoadLibraryA
SizeofResource
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
CloseHandle
CreateFileW
GetVersionExW
WriteFile
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
DeleteCriticalSection
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WriteConsoleW
SetStdHandle
CreateFileA
IsValidLocale
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
Sleep
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineA
GetCPInfo
RtlUnwind
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
GetLocaleInfoW
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
ReadFile
SetHandleCount
GetFileType
GetStartupInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA

user32

MessageBoxW

advapi32

RegQueryValueExW
CryptExportKey
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptSignHashW
CryptImportKey
CryptCreateHash
CryptGenKey
CryptDestroyKey
CryptDestroyHash
CryptGetUserKey
CryptHashData
CryptVerifySignatureW
RegOpenKeyExW
RegCloseKey
CryptGetKeyParam
CryptEnumProvidersW
CryptGetProvParam
CryptGetHashParam

ole32

CoCreateGuid

Exports

Exports

??0CiSignWrap@@QAE@XZ
??4CiSignWrap@@QAEAAV0@ABV0@@Z
?CreateX509ReqData@CiSignWrap@@QAEPADHHHHPAD00@Z
?FreeMemory@CiSignWrap@@QAEXPAX@Z
?GetCertList@CiSignWrap@@QAEPADHPADH@Z
?GetLastError@CiSignWrap@@QAEPADXZ
?GetSignCert@CiSignWrap@@QAEPADXZ
?GetSignCertInfo@CiSignWrap@@QAEPADXZ
?ImportCertData@CiSignWrap@@QAE_NPAD000@Z
?ImportCertDataEx@CiSignWrap@@QAE_NHHHPAD00000@Z
?Init@CiSignWrap@@QAE_NH@Z
?SelectCert@CiSignWrap@@QAE_NPAD00@Z
?Sign@CiSignWrap@@QAEPADPADHH0@Z
?SignBase64@CiSignWrap@@QAEPADPADHH0@Z
?UnInit@CiSignWrap@@QAEXXZ

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
׼Ӻ/mfc100u.dll
.dll windows x86

71ab434994f245f19035a6416306484b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GetStdHandle
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
GetTimeZoneInformation
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
FindNextFileW
FindFirstFileExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
OutputDebugStringW
GetFileAttributesExW
IsValidCodePage
GetEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
CreateFileW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalUnlock
LocalLock
GetUserDefaultLCID
FreeEnvironmentStringsW
ReplaceFileA
GetTempFileNameA
GetDiskFreeSpaceA
SearchPathA
GetProfileIntA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
FindResourceExW
lstrcpyA
GetACP
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesA
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
SystemTimeToFileTime
FileTimeToSystemTime
GetCPInfo
GetOEMCP
GetAtomNameA
GetStringTypeExA
MoveFileA
lstrcmpiA
LoadLibraryExA
GetCurrentProcess
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
CreateFileA
DeleteFileA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryA
CopyFileA
FormatMessageA
GlobalSize
LocalFree
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
MulDiv
GlobalFree
GlobalFlags
GlobalUnlock
GlobalGetAtomNameA
GlobalFindAtomA
FindResourceA
lstrcmpW
GetSystemDirectoryW
EncodePointer
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
GlobalAddAtomA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryW
FindResourceW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetVersionExA
GetCurrentThread
OutputDebugStringA
ResumeThread
SuspendThread
SetThreadPriority
GetCurrentThreadId
CreateEventA
SetEvent
CloseHandle
GetThreadLocale
IsBadReadPtr
lstrlenA
GetShortPathNameA
LoadLibraryA
GetProcAddress
GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
VirtualFree
VirtualProtect
VirtualAlloc
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
CreateProcessA
CreateThread
ExitProcess
Sleep
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
DecodePointer
HeapQueryInformation
CreateDirectoryA
WriteConsoleW
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

LoadCursorW
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
LoadImageA
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetDialogBaseUnits
LoadImageW
TrackMouseEvent
IntersectRect
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
OffsetRect
SetRectEmpty
InflateRect
GetMenuItemInfoA
DestroyMenu
CharUpperA
DestroyIcon
FillRect
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SystemParametersInfoA
CopyImage
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuState
GetMenuStringA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetSystemMetrics
RealChildWindowFromPoint
GetDesktopWindow
ClientToScreen
IsDialogMessageA
SetWindowTextA
ScrollWindowEx
SendDlgItemMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
NotifyWinEvent
GetWindow
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenuEx
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetClipboardData
EmptyClipboard
DrawStateA
GetMenuBarInfo
UnregisterClassA
SendMessageA
GetFocus
CheckMenuItem
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
SetClassLongA
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
IsZoomed
LoadMenuW
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyA
GetKeyNameTextA
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
LoadIconA
CloseClipboard
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
GetParent
LoadBitmapW
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
PostMessageA
PostQuitMessage
ShowOwnedPopups
SetCursor
EnableWindow
InsertMenuItemA
IsWindowEnabled
MessageBoxA
GetWindowLongA
GetWindowThreadProcessId
GetLastActivePopup
UnhookWindowsHookEx
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
IsWindow
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageA
WaitMessage
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
DestroyAcceleratorTable
CopyAcceleratorTableA
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuA
RegisterClipboardFormatA
CharUpperBuffA
IsClipboardFormatAvailable
GetUpdateRect
EnumChildWindows
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
SendNotifyMessageA
MonitorFromRect
InSendMessage
CreateMenu
WindowFromDC
GetWindowRgn
DestroyCursor
GetDCEx
GetTabbedTextExtentA
GetTabbedTextExtentW
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MessageBoxA

gdi32

Escape
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocA
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutA
ExtTextOutA
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
GetTextExtentPoint32A
CombineRgn
CreateRectRgnIndirect
CreateSolidBrush
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsA
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetDIBits
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
GetCurrentObject
CreateFontA
GetCharWidthA
StretchDIBits
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextExtentPointA
GetTextExtentPoint32W
GetTextFaceA
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateCompatibleDC
BitBlt
CreateDCA
CopyMetaFileA
GetDeviceCaps
DeleteObject
GetObjectA
SetTextColor
SetBkColor
GetMapMode
CreateBitmap
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
GetJobA
OpenPrinterA
DocumentPropertiesA

advapi32

GetFileSecurityA
SetFileSecurityA
RegEnumKeyExA
RegOpenKeyExW
RegEnumValueA
RegSetValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetMalloc
DragFinish
DragQueryFileA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteA
SHGetFileInfoA
ExtractIconA
SHAddToRecentDocs
ShellExecuteExA
SHGetPathFromIDListA
SHAppBarMessage

shlwapi

PathStripToRootA
PathIsUNCA
PathRemoveExtensionA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW
StrFormatKBSizeA

uxtheme

DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeSysColor
GetCurrentThemeName
DrawThemeBackground
GetThemeColor
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
IsAppThemed
GetThemePartSize

ole32

OleSetMenuDescriptor
PropVariantCopy
StgOpenStorage
StgOpenStorageOnILockBytes
StgIsStorageFile
CreateILockBytesOnHGlobal
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
StgCreateDocfileOnILockBytes
WriteClassStm
OleLockRunning
OleUninitialize
CreateGenericComposite
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
OleRun
GetHGlobalFromILockBytes
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CreateStreamOnHGlobal
CoInitializeEx
CLSIDFromString
StringFromGUID2
CoDisconnectObject
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
StgCreateDocfile
CoTreatAsClass

oleaut32

VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SysAllocString
SafeArrayRedim
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
VarDecFromStr
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
SysStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocStringLen
SafeArrayGetDim
SafeArrayAllocData

oledlg

ord8

winmm

PlaySoundA

gdiplus

GdipDrawImageI
GdipCreateFromHDC
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdipGetImagePalette

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Exports

Exports

�4Z��B�0"sg>�TC��7��޵�qYb�o@>�f�b��.U��0 ۥY5O$i��D(��17<�w|W[ǵ�쉯s ��-BDH�6�!�!�y�HZ��*d@,J�r�F�!�KWe��iO��A=C��d��P��e~2ύ�d�WQ�UBw�׸o�*9��h�xDw��B�+�f%�5~��D°.�p(��Tpgő�S�܏��t�@�n{�M�#�t��%1fU�X�2/��k��+��eyQ�@a�"��1t�h�lq+�ZV��#��~��M)V��{��g�f�ޞ��T�W��T��l�)��!@�~�3��I��m~�t��+M��h�mZ�5��%��=oEe�m��G�d�G�Ȭx��5�� ,c7S�T��;�~��-��ɟf#b=��FT��w��/�veT��(u�]g��v$L^u�k�z��V��k�>:�%��qWE��(9P b,�=�� 5�a��[�l�9��K/��oI�b�5��d��F�v��L��(s��$��u8��"�m�a<R~kZ��6��+iy�5`��m��-��?�g�x�>)�>��KTs��'R_jz�/��Z�*Oֱ�F"��c|I؊�[��Hb�C߮;~��L�L5ǫ0޽�RRD�,WpA3��.^Rȴ��'H%~R�A��I�ל��=.�-��W�_̱�e�ς��u��!z@�,�Wj(<�%d��n$��qL3H��4m�\d�6-;%V۵�}ߪ��;��C`/�`��Y:D�,��Յ�b΅,��f�l=�*2p�I��NFcHer��,�kF�~T�+��!�Cg��'��N�Oi,F%9�*�o��T*5�Z��Hr��m3��w}�$�C{^`��Q�3�"�m��j��e�T?��#�+г��ퟘrW��/�%��[�Fdc�n}��]��fRL�m��F.6AEg��6鴀c�v*Lm_�v� 3��u�A��k��\?�WA&8�� K��r�A�� 5��qַ��)Byԍ�|$��E8��h��K<u$��W/]25q�&�=xJb��y�#̫�U��n�䪀L�c�3�cn�!��r��$��p~u�.��M^q��Gѽ�*[��Х��C>�fqě_q�+�W82��Ġ=m*��E��9�5��]��?�;��@�0��- O��5d4)H�L2\y��k� ��<l��4��J��A�׊�Lx0�16�$�|S�iM��<��\��E�б��K��mɁ=Yi.D�vq�gB�ϑ��E��h��փ�9�N�C��<e�~Ϸ��[��g��z%��Ph��B��mU&�d~�uAS��W�b��bȦ�wk-z<��0��]<q��A_q�_,�c�x�D��,ff�>U -��0Y�х��S�?\ꑳ� wG��e�'b~DN!�u�u��XU�x\��}��f0��w�g~;�]VJ��y�Rә�2n�(��'��e�d�*��}��?N-q��̼�;�l�B��D[y�\ޝ��r�U��I��b�e�D\��M�T{α'6!}�!P�o,��&j��p2i�6ޞ4`3�4�`��##��,��Z��D��ZP�x��>b��RO�+Ho*BtQ�nz�ㄭv�o��N{�{��T��!n|?U��ܑ:�`r�}G #��(��?�tWn��0��ؽ+OH�k�4�gv˽3�(�LS�h��Go�ӜE+��0�acS_��_!XR#��sa�+y<��k��B�%�2��W��0�r��&�Ϝr� 5]y�@�f��|HG�x��v��H�u�>��=hY�rqW(��޺q}(�ۯx �_�m%��o��ki��#�7��[�=�Ɲ6{Gf��F��pHv.H n�2��8�5 ��@z�4�BCIr��.��9J��0&3u��1��q1��Ч�7�[%��??��&<�ߞ�mMao+p&��Ph5}��s��8gd��A�t�<�[�1�$Ցc�D�&8�L��ؓ��۸�E��O�;+��U��H�mC��k��<��Ί��R��`Z��F�Zޙ��@��C�I��_��y��xV��l��Y�;Y,�gE�-'�. 2��K�k��U��-��qA��j�'�w�T��BV�#�X/eoboOÞxֆ��v�� K�-?��i�fԵ��~��r�Q4�qx�feqQc�}:zH�N�D�Zb��{Ms�P6yY9Y(��8 !]��.��;��q0��r��Q��lO3&��T��V[J��Tu��q��!�YG�h��C_Qׄ!�V�켆� jE��gx��T"4:�K/�ZŬ��֧�*�A`��%Z�r�mȸ��j��F�k�D\{k�qU��9:qu��m��p��q K��{5R"� O��E�`D3��wݚ��tW��Q`�ea�U��K�Ž=gB�e�Y�l��у\��EUN�7�q ��P�ozL� (T��՝O:��U�1��ܱ��p��$�l��%ҵ��G��F��^ 7䒳�P)X��Z�W�*7�M��E�8M�3c�2P�Qj�V�4�(�F.��&�^��w��X�@Bx�&��fqj��VD�b�V%J)�'w��)o�l��'�N>�p)'F] |�� "3*?�3�V��z� �C��N�ޕ�F"�� tJ�0gP�1�h\V̨uH�x^(��R1�Q��0ZVҸk=�p/�RjD��hӮi�:��j@%y!��ح��S�� 걜^�~h�ݹ��C䞔�>x�g&y>��ݛi�r�R�/W�>ON��n:�C�5�b��"�Z#u@��]5�-��

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
׼Ӻ/rk1H4B.exe_
.exe windows x86

be0519434adf2fe61d3c96bad61d99a5

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:89:90:dd:3a:fc:2e:61:66:b5:e8:96:86:a7:04:99
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/04/2021, 00:00

Not After

02/08/2023, 23:59

Subject

CN=北京云核网络技术有限公司,O=北京云核网络技术有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

30/08/2022, 00:00

Not After

29/08/2023, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:89:90:dd:3a:fc:2e:61:66:b5:e8:96:86:a7:04:99
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/04/2021, 00:00

Not After

02/08/2023, 23:59

Subject

CN=北京云核网络技术有限公司,O=北京云核网络技术有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:67:18:6e:c2:85:ec:da:7b:2d:e5:29:f8:af:16:8f:d1:1a:2e:09:61:ee:35:c2:8d:60:fd:9b:9a:28:0e:8c
Signer

Actual PE Digest

70:67:18:6e:c2:85:ec:da:7b:2d:e5:29:f8:af:16:8f:d1:1a:2e:09:61:ee:35:c2:8d:60:fd:9b:9a:28:0e:8c

Digest Algorithm

sha256

PE Digest Matches

true

88:4b:9c:a2:c4:c0:fd:e4:b4:51:6a:b7:3d:1e:02:c6:f6:45:d0:fd
Signer

Actual PE Digest

88:4b:9c:a2:c4:c0:fd:e4:b4:51:6a:b7:3d:1e:02:c6:f6:45:d0:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringBindingComposeW

mfc100u

ord11374

msvcr100

_wcmdln

kernel32

TlsAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetCapture

gdi32

CreateSolidBrush

advapi32

LookupPrivilegeValueW

shell32

Shell_NotifyIconW

comctl32

_TrackMouseEvent

ole32

CreateStreamOnHGlobal

oleaut32

SysFreeString

gdiplus

GdipDeleteFont

ws2_32

WSAStartup

msvcp100

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

userenv

LoadUserProfileW

crypt32

CertAddCertificateContextToStore

version

VerQueryValueW

iphlpapi

GetAdaptersInfo

isignwrap

?Init@CiSignWrap@@QAE_NH@Z

netapi32

NetUserGetLocalGroups

Sections

.text
Size: - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88e517632d270821206a93a7a51ee672

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 249KB - Virtual size: 249KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

71ab434994f245f19035a6416306484b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

winmm

gdiplus

oleacc

imm32

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 615KB - Virtual size: 614KB

.data Size: 34KB - Virtual size: 110KB

.rsrc Size: 14KB - Virtual size: 14KB

.vmp0 Size: 262KB - Virtual size: 261KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 51KB - Virtual size: 51KB

.reloc Size: 262KB - Virtual size: 261KB

be0519434adf2fe61d3c96bad61d99a5

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:89:90:dd:3a:fc:2e:61:66:b5:e8:96:86:a7:04:99Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:89:90:dd:3a:fc:2e:61:66:b5:e8:96:86:a7:04:99Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

.text
Size: 249KB - Virtual size: 249KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 615KB - Virtual size: 614KB

.data
Size: 34KB - Virtual size: 110KB

.rsrc
Size: 14KB - Virtual size: 14KB

.vmp0
Size: 262KB - Virtual size: 261KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 51KB - Virtual size: 51KB

.reloc
Size: 262KB - Virtual size: 261KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:89:90:dd:3a:fc:2e:61:66:b5:e8:96:86:a7:04:99
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:89:90:dd:3a:fc:2e:61:66:b5:e8:96:86:a7:04:99
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

70:67:18:6e:c2:85:ec:da:7b:2d:e5:29:f8:af:16:8f:d1:1a:2e:09:61:ee:35:c2:8d:60:fd:9b:9a:28:0e:8c
Signer

88:4b:9c:a2:c4:c0:fd:e4:b4:51:6a:b7:3d:1e:02:c6:f6:45:d0:fd
Signer

.text
Size: - Virtual size: 321KB

.rdata
Size: - Virtual size: 121KB

.data
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 1.3MB

.vmp1
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 512B - Virtual size: 156B

.rsrc
Size: 50KB - Virtual size: 50KB