v0[.]2[.]0-win-x64[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

v0.2.0-win-x64.zip
Size

5.9MB
MD5

63895d721e746d23039e5c90490d0175
SHA1

456c517c65104317aebfddcd4711975b35dbf747
SHA256

e30840edcad14fcb3476d65da41cdaf9a0c4e8238b2f49dcd6f10b5ce15c298a
SHA512

e8a1969598ff996ff96b2adb3c75b2e2cd37d945767cb4b8e0a7bc9c99a2aee2043c6615974cef1a0bd1739d9b3b67c1cd7b5ded9a7d4aafd962a6eb636b08c7
SSDEEP

98304:WWCAMJHDyWA6yAAdf7DgasKcwbshsjMZHQZKsPKbpvH9nTNQBDAEdfyLYxVV6/rh:WWCAMJjyNXnLAhBZHzFbpvdnTNKDAwVE

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/calligrapher-ai.dll
unpack001/calligrapher-ai.exe

Files

v0.2.0-win-x64.zip
.zip
calligrapher-ai.dll
.dll windows x64

15b437978676664b7b699af76672e459

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

bcrypt

BCryptGenRandom

kernel32

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle
ReleaseMutex
GetLastError
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
WriteFile
GetCurrentProcessId
QueryPerformanceCounter
GetProcessHeap
HeapFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleW
GetStdHandle
FormatMessageW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetConsoleMode
WriteConsoleW
SetUnhandledExceptionFilter
HeapAlloc
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId

advapi32

SystemFunction036

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
_CxxThrowException
memset
memcpy
__CxxFrameHandler3
memcmp
memmove

api-ms-win-crt-math-l1-1-0

exp
logf
expf
floorf
cosf
roundf
fmodf

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initterm
_initterm_e
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

rust_eh_personality
write

Sections

.text
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
calligrapher-ai.exe
.exe windows x64

7b1ff13cdfde663a46319ac54ebfc38e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
GetProcAddress
FreeLibrary
SetThreadErrorMode
LoadLibraryA
InitializeCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
CloseHandle
ReleaseMutex
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
WriteFile
EnterCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
GetProcessHeap
AcquireSRWLockExclusive
HeapFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
WaitForSingleObjectEx
CreateMutexA
GetModuleHandleW
GetStdHandle
FormatMessageW
CreateThread
GetSystemTimeAsFileTime
GetConsoleMode
WriteConsoleW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId
LoadLibraryExW
HeapAlloc
ReleaseSRWLockExclusive

user32

DispatchMessageW
TranslateMessage
GetMessageW
ShowWindow

ole32

OleInitialize

vcruntime140

__CxxFrameHandler3
__current_exception
memmove
memcmp
memcpy
__C_specific_handler
memset
__current_exception_context

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_initterm
_seh_filter_exe
_initterm_e
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_get_initial_narrow_environment
_set_app_type
_exit
exit
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sciter64.dll
.dll windows x64

32049693b19e84948ed30dcfeb3a1eec

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:92:4e:9f:56:46:70:c0:12:8f:4c:48:a8:f1:7d:cf
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

23/09/2019, 00:00

Not After

22/09/2021, 23:59

Subject

CN=Terra Informatica Software\, Inc,O=Terra Informatica Software\, Inc,L=Richmond,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5d:5e:de:df:04:7a:41:f5:f5:c7:79:38:92:cd:cf:ba:a2:c5:56:7a:05:de:d7:a6:73:c3:57:e9:81:35:33:df
Signer

Actual PE Digest

5d:5e:de:df:04:7a:41:f5:f5:c7:79:38:92:cd:cf:ba:a2:c5:56:7a:05:de:d7:a6:73:c3:57:e9:81:35:33:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

GetAddrInfoW
htonl
WSARecv
connect
socket
getsockname
FreeAddrInfoW
freeaddrinfo
getaddrinfo
WSAIoctl
select
ioctlsocket
WSASocketW
htons
ntohl
ntohs
WSASetLastError
WSAStartup
WSASendTo
WSARecvFrom
bind
WSASend
closesocket
getsockopt
setsockopt
WSAGetLastError
shutdown
getpeername
listen

wininet

HttpQueryInfoW
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
InternetQueryOptionW
InternetErrorDlg
HttpSendRequestA
InternetSetOptionW
InternetReadFile
InternetCloseHandle
InternetOpenA

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW
SHGetFileInfoW
DragQueryFileW
ord74
ord727
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW
SHGetSpecialFolderPathW

advapi32

RegOpenKeyExW
GetUserNameW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegQueryValueExW
RegGetValueW
OpenProcessToken
SystemFunction036
RegCloseKey

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid
OleUninitialize
OleInitialize
CoUninitialize
ReleaseStgMedium
DoDragDrop
RevokeDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
CoInitialize
CoTaskMemAlloc
CoFreeUnusedLibraries

oleaut32

SysAllocStringLen
SysFreeString

gdi32

CreateBitmap
GetClipBox
GetDIBits
SelectObject
DeleteDC
CreateDIBSection
SaveDC
EnumFontFamiliesExW
CreateFontW
GetObjectA
EndPage
CreateCompatibleDC
CreateSolidBrush
GetObjectW
GetStockObject
BitBlt
GetDeviceCaps
AddFontMemResourceEx
GetGlyphIndicesW
SetViewportOrgEx
RestoreDC
StartPage
EndDoc
CreateDCW
SetMapMode
StartDocW
DeleteObject
StretchDIBits
GetFontUnicodeRanges
SetLayout

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW
PrintDlgW

winspool.drv

ord203

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetStringTypeW
HeapSize
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
DecodePointer
lstrlenW
VirtualProtect
VirtualFree
VirtualAlloc
GlobalFree
FormatMessageW
LocalAlloc
LocalSize
FindFirstFileExW
DeleteFileW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
GetFullPathNameW
GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
GetNumberFormatW
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetComputerNameW
GetUserDefaultLCID
GetSystemDefaultLCID
GetLocaleInfoW
LoadLibraryExW
GetProcAddress
GetSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime
OutputDebugStringW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CloseHandle
SetFilePointer
SetEndOfFile
MulDiv
GetTempPathA
GetTempFileNameA
GetLastError
GetFileAttributesW
Sleep
GetCurrentThreadId
GetCPInfo
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
SleepConditionVariableCS
TryEnterCriticalSection
TlsSetValue
EnterCriticalSection
ReleaseSemaphore
WaitForMultipleObjects
WakeConditionVariable
LeaveCriticalSection
InitializeCriticalSection
InitializeConditionVariable
WaitForSingleObject
ResumeThread
CreateEventW
SetEvent
TlsAlloc
GetNativeSystemInfo
DeleteCriticalSection
CreateSemaphoreW
TlsGetValue
TlsFree
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
LocalFree
FormatMessageA
DebugBreak
ReadFile
SetNamedPipeHandleState
CreateNamedPipeA
SetLastError
GetCurrentProcess
WriteFile
RegisterWaitForSingleObject
UnregisterWait
CreateNamedPipeW
PeekNamedPipe
DuplicateHandle
QueueUserWorkItem
CancelSynchronousIo
CreateFileA
GetNamedPipeHandleStateW
GetCurrentThread
CancelIoEx
SwitchToThread
GetCurrentProcessId
WaitNamedPipeW
ConnectNamedPipe
FlushFileBuffers
CreateDirectoryW
GetFileInformationByHandleEx
GetFileSizeEx
GetDiskFreeSpaceW
DeviceIoControl
RemoveDirectoryW
GetFinalPathNameByHandleW
SetFileTime
ReOpenFile
CreateHardLinkW
GetFileInformationByHandle
GetSystemInfo
SetFilePointerEx
MoveFileExW
CopyFileW
CreateSymbolicLinkW
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
GetConsoleCursorInfo
GetConsoleMode
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
ReadConsoleW
ResetEvent
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
SetHandleInformation
CancelIo
SetFileCompletionNotificationModes
GetLongPathNameW
GetShortPathNameW
GetCurrentDirectoryW
ReadDirectoryChangesW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetTempPathW
GetVersionExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetModuleHandleA
LoadLibraryA
SetInformationJobObject
AssignProcessToJobObject
TerminateProcess
CreateJobObjectW
UnregisterWaitEx
LCMapStringW
CreateProcessW
GetExitCodeProcess
GetStartupInfoW
GetStdHandle
ExitProcess
FreeLibrary
HeapFree
SetThreadPriority
HeapReAlloc
CreateThread
HeapAlloc
GetProcessHeap
GetCommandLineW
LoadLibraryExA
GetModuleFileNameA
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
lstrcmpW
LoadLibraryW
GetThreadPriority
GetTickCount
GetExitCodeThread
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
GetThreadTimes
InterlockedPopEntrySList
QueryDepthSList
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
GetConsoleOutputCP
GetFileAttributesExW
SetFileAttributesW
IsValidLocale
EnumSystemLocalesW

user32

DestroyWindow
RedrawWindow
WindowFromPoint
SetForegroundWindow
IsIconic
ScreenToClient
ClientToScreen
MapWindowPoints
RegisterWindowMessageW
LoadIconW
RegisterClassExW
AdjustWindowRectEx
SetClassLongW
GetClassLongW
PostMessageW
KillTimer
GetMessageExtraInfo
GetAsyncKeyState
SetWindowLongW
GetMessageTime
IsWindowUnicode
GetFocus
SetFocus
SetCursor
SetScrollInfo
GetScrollInfo
GetWindowTextW
SetWindowTextW
CallMsgFilterW
PostQuitMessage
PeekMessageW
SetCapture
GetUpdateRect
GetCapture
SendMessageW
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetActiveWindow
IsChild
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
EnumThreadWindows
IsRectEmpty
GetWindow
ShowWindow
RegisterRawInputDevices
GetRawInputData
GetRawInputDeviceInfoW
GetKeyboardLayout
CreateCaret
DestroyCaret
SetCaretPos
FindWindowW
GetWindowRect
GetKeyState
MonitorFromWindow
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplayDevicesW
SystemParametersInfoW
GetMessageW
MapVirtualKeyW
DispatchMessageW
SetWindowLongPtrW
MoveWindow
TranslateMessage
GetParent
ReleaseCapture
GetClipboardData
IsClipboardFormatAvailable
SetClipboardData
EnumClipboardFormats
CountClipboardFormats
CloseClipboard
SetTimer
CreateWindowExW
GetForegroundWindow
EmptyClipboard
OpenClipboard
RegisterClipboardFormatW
GetDesktopWindow
MessageBeep
NotifyWinEvent
GetDoubleClickTime
GetWindowThreadProcessId
GetSystemMetrics
DestroyIcon
DrawIconEx
GetIconInfo
CreateIconIndirect
LoadCursorFromFileA
LoadCursorW
DestroyCursor
GetSysColor
ReleaseDC
GetDC
GetWindowLongW
BeginPaint
EndPaint
RegisterClassW
GetWindowLongPtrW
DefWindowProcW
GetWindowPlacement
IsWindowVisible
AnimateWindow
SetWindowPos
UpdateWindow
InvalidateRect
GetCursorPos
GetClientRect
IsWindowEnabled
EnableWindow
MonitorFromPoint
UpdateLayeredWindow
SetActiveWindow
MessageBoxW
PostThreadMessageW
GetQueueStatus
MsgWaitForMultipleObjects
IsWindow

uxtheme

IsThemeBackgroundPartiallyTransparent
SetWindowTheme
DrawThemeBackground
GetThemePartSize
CloseThemeData
OpenThemeData

userenv

GetUserProfileDirectoryW

shlwapi

PathIsRelativeW

winmm

timeSetEvent
timeBeginPeriod
timeGetTime
timeEndPeriod
timeKillEvent

comctl32

ImageList_GetIconSize
ImageList_Destroy
ImageList_DrawEx

oleacc

LresultFromObject
AccessibleObjectFromWindow

hid

HidP_GetCaps
HidP_GetButtonCaps
HidP_GetUsageValue
HidP_GetScaledUsageValue
HidP_GetUsages
HidP_GetValueCaps
HidP_MaxUsageListLength

imm32

ImmSetCandidateWindow
ImmIsIME
ImmGetContext
ImmGetCompositionStringW
ImmAssociateContextEx
ImmReleaseContext
ImmNotifyIME

usp10

ScriptItemize
ScriptBreak
ScriptShape
ScriptPlace
ScriptFreeCache
ScriptApplyDigitSubstitution

gdiplus

GdipCloneBrush
GdipFillRectangleI
GdipCreatePath
GdipDeletePath
GdipAddPathArcI
GdipAddPathLineI
GdipFillPath
GdipGetClipBoundsI
GdipCreateLineBrush
GdipMultiplyLineTransform
GdipCreateMatrix2
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipAddPathEllipse
GdipCreatePathGradientFromPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientCenterPoint
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipDrawPath
GdipFillRectanglesI
GdipDrawLine
GdipSetClipRectI
GdipTranslateWorldTransform
GdipGetSmoothingMode
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipGetPathWorldBounds
GdipClonePath
GdipSetClipRect
GdipAddPathRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipSetSmoothingMode
GdipEndContainer
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRect
GdipTransformPoints
GdipMultiplyWorldTransform
GdipResetWorldTransform
GdipCreateMatrix
GdipDeleteMatrix
GdipGetWorldTransform
GdipGetMatrixElements
GdipTranslateMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipShearMatrix
GdipCreateTexture
GdipFillEllipse
GdipDrawEllipse
GdipFillPie
GdipDrawPie
GdipDrawArc
GdipFillRectangle
GdipDrawRectangle
GdipResetPath
GdipIsVisiblePathPoint
GdipStartPathFigure
GdipAddPathLine
GdipClosePathFigure
GdipSetPathFillMode
GdipAddPathArc
GdipAddPathBezier
GdipSetPageUnit
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHWND
GdipCreateFromHDC
GdipCreatePen2
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenDashStyle
GdipSetPenDashArray
GdipSetPenDashOffset
GdipGetFontSize
GdipDeleteFont
GdipGetCellAscent
GdipCreateFontFromDC
GdipGetLineSpacing
GdipGetEmHeight
GdipCreateFontFromLogfontA
GdipGetFamily
GdipDeleteFontFamily
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromGraphics
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDeleteBrush
GdipSetPathGradientTransform

Exports

Exports

SciterAPI

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15b437978676664b7b699af76672e459

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

kernel32

advapi32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 270KB - Virtual size: 269KB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 512B - Virtual size: 584B

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 1KB - Virtual size: 1KB

7b1ff13cdfde663a46319ac54ebfc38e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 149KB - Virtual size: 148KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 512B - Virtual size: 856B

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 331KB - Virtual size: 330KB

.reloc Size: 1KB - Virtual size: 1KB

32049693b19e84948ed30dcfeb3a1eec

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

38:92:4e:9f:56:46:70:c0:12:8f:4c:48:a8:f1:7d:cfCertificate

Extended Key Usages

Key Usages

5d:5e:de:df:04:7a:41:f5:f5:c7:79:38:92:cd:cf:ba:a2:c5:56:7a:05:de:d7:a6:73:c3:57:e9:81:35:33:dfSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wininet

shell32

advapi32

ole32

oleaut32

gdi32

comdlg32

winspool.drv

kernel32

user32

uxtheme

userenv

shlwapi

winmm

comctl32

oleacc

hid

.text
Size: 270KB - Virtual size: 269KB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 512B - Virtual size: 584B

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 512B - Virtual size: 856B

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 331KB - Virtual size: 330KB

.reloc
Size: 1KB - Virtual size: 1KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

38:92:4e:9f:56:46:70:c0:12:8f:4c:48:a8:f1:7d:cf
Certificate

5d:5e:de:df:04:7a:41:f5:f5:c7:79:38:92:cd:cf:ba:a2:c5:56:7a:05:de:d7:a6:73:c3:57:e9:81:35:33:df
Signer

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 144KB - Virtual size: 2.7MB

.pdata
Size: 215KB - Virtual size: 215KB

.gehcont
Size: 512B - Virtual size: 20B

.rsrc
Size: 269KB - Virtual size: 268KB

.reloc
Size: 84KB - Virtual size: 83KB