663126a62cef14fd66d7b35eb5ef2bdd752ce65d8161cba0e2fcc5008fd754f7

Sharing

Copy URL Twitter E-mail

General

Target

663126a62cef14fd66d7b35eb5ef2bdd752ce65d8161cba0e2fcc5008fd754f7
Size

4.2MB
MD5

2b236b504587f8bffbc02366b7a33513
SHA1

be92b9aaaf7d9c17e6bdfc393793750119cec0fd
SHA256

663126a62cef14fd66d7b35eb5ef2bdd752ce65d8161cba0e2fcc5008fd754f7
SHA512

a6485cda0aea61aba40dada987aee969eb444164a6b087e1f9cdb58d100880053b986757cd01da3fb0b0d5dfd4c0923e129f117b3bd23dc28eae74c743f6c725
SSDEEP

98304:+EZPJi6uU9E/X/w2Yc57uhblfLbGEJVwxpZDEJB4HYp8ww8SN6aP:cfGEf/w2r5ahBLbGEJVwvZDWB4HYusaP

Score

1^/10

Malware Config

Signatures

Files

663126a62cef14fd66d7b35eb5ef2bdd752ce65d8161cba0e2fcc5008fd754f7
.zip
Holo\CapScheme.exe
.exe windows:6 windows x86

c17285545a91635de3473150a68b89dd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:8f:3d:54:1f:4c:ac:0b:c7:36:90:95:7c:89:15:d2:29:e4:97:8c:f4:46:b1:a6:ce:d3:31:ff:13:79:f9:53
Signer

Actual PE Digest

82:8f:3d:54:1f:4c:ac:0b:c7:36:90:95:7c:89:15:d2:29:e4:97:8c:f4:46:b1:a6:ce:d3:31:ff:13:79:f9:53

Digest Algorithm

sha256

PE Digest Matches

true

2c:5b:26:5f:2e:a5:44:d7:6a:8f:2c:ab:36:73:a4:ee:41:35:08:a7
Signer

Actual PE Digest

2c:5b:26:5f:2e:a5:44:d7:6a:8f:2c:ab:36:73:a4:ee:41:35:08:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostMessageW
GetSystemMetrics

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

ws2_32

inet_ntoa
__WSAFDIsSet
htons
getsockopt
recv
connect
socket
send
gethostbyname
select
WSAStartup
closesocket

netapi32

Netbios

kernel32

FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
ReadConsoleW
HeapSize
GetCurrentProcess
GetProcessHeap
SetFilePointerEx
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetACP
GetCommandLineW
GetModuleHandleExW
ReadFile
WriteFile
CreateFileW
GetLastError
CloseHandle
FindNextFileW
FindClose
GetFileAttributesA
Sleep
CreateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
EnumResourceLanguagesA
SizeofResource
BeginUpdateResourceA
SetLastError
EnumResourceNamesA
EnumResourceTypesA
FindResourceA
EndUpdateResourceW
LoadLibraryA
LockResource
LoadResource
UpdateResourceW
FreeLibrary
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
SetEndOfFile
TerminateProcess
GetVersionExW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetSystemInfo
LoadLibraryW
GetProcAddress
GetModuleHandleW
WinExec
CreateProcessA
GetExitCodeProcess
GetCommandLineA
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
GetStdHandle
GetModuleFileNameW
ExitProcess

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Holo\HoloPostcap.exe
.exe windows:6 windows x86

078a770075e4790becc8c7fe0f10684b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:14:11:2c:33:48:79:86:fa:67:ac:30:d3:17:38:6c:bd:94:e0:33:4c:4c:08:93:a0:ad:07:5a:34:87:74:87
Signer

Actual PE Digest

e4:14:11:2c:33:48:79:86:fa:67:ac:30:d3:17:38:6c:bd:94:e0:33:4c:4c:08:93:a0:ad:07:5a:34:87:74:87

Digest Algorithm

sha256

PE Digest Matches

true

84:ff:f1:8c:b1:f8:15:db:4d:ae:42:02:50:71:b4:b7:ac:c0:67:22
Signer

Actual PE Digest

84:ff:f1:8c:b1:f8:15:db:4d:ae:42:02:50:71:b4:b7:ac:c0:67:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

MakeSureDirectoryPathExists

user32

DrawIconEx
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
ReuseDDElParam
UnpackDDElParam
LoadImageW
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
EnumDisplayMonitors
SetLayeredWindowAttributes
GetNextDlgGroupItem
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
MonitorFromPoint
UnionRect
EnableScrollBar
UpdateLayeredWindow
IsRectEmpty
SetMenuDefaultItem
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
IntersectRect
MessageBeep
SetWindowRgn
LoadMenuW
GetAsyncKeyState
IsZoomed
TrackMouseEvent
OffsetRect
SetRectEmpty
SendDlgItemMessageA
CharUpperW
DestroyIcon
GetSysColorBrush
LoadCursorW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
CopyImage
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
DestroyMenu
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
InvalidateRect
DrawStateW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
EqualRect
CopyRect
MapWindowPoints
GetDoubleClickTime
RegisterClipboardFormatW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
ModifyMenuW
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
FillRect
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
MapDialogRect
GetWindow
SetWindowContextHelpId
SetWindowPos
UnhookWindowsHookEx
PtInRect
ScreenToClient
ClientToScreen
GetFocus
RegisterWindowMessageW
GetDesktopWindow
SetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyCursor
DrawMenuBar
AppendMenuW
GetClientRect
LoadIconW
DrawIcon
SendMessageW
DestroyWindow
GetLastActivePopup
DrawEdge
DrawFrameControl
DrawFocusRect
SetClassLongW
SetParent
CharUpperBuffW
GetWindowTextLengthW
LockWindowUpdate
GetSystemMenu
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
PostQuitMessage
ShowOwnedPopups
SetCursor
IsWindowEnabled
MessageBoxW
GetParent
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsCharLowerW
MapVirtualKeyExW
GetComboBoxInfo
GetUpdateRect
CreateMenu
SubtractRect
GetWindowRgn
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
CreateAcceleratorTableW
DestroyAcceleratorTable
SetCursorPos
CopyIcon
FrameRect
PostThreadMessageW
GetKeyNameTextW
GetIconInfo
HideCaret
InvertRect
SetMenu
IsClipboardFormatAvailable
IsIconic
EnableWindow
UnregisterClassW
GetClassInfoW
GetWindowLongW
GetWindowThreadProcessId
GetWindowRect
GetSystemMetrics
IsWindow
PostMessageW
AdjustWindowRectEx

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken

shell32

SHAppBarMessage
DragFinish
DragQueryFileW
ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathA
SHGetSpecialFolderPathA

ws2_32

getsockopt
recv
connect
socket
htons
WSAStartup
select
gethostbyname
closesocket
__WSAFDIsSet
inet_ntoa
send

netapi32

Netbios

kernel32

OutputDebugStringW
RtlUnwind
SetStdHandle
GetFileType
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineW
SetVolumeLabelW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetDriveTypeW
GetCPInfo
GetStringTypeW
LCMapStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserDefaultLCID
GetDiskFreeSpaceW
FindResourceExW
GetTempPathW
GetTempFileNameW
GetProfileIntW
GetTickCount
SearchPathW
GetWindowsDirectoryW
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
VerifyVersionInfoW
VerSetConditionMask
VirtualProtect
SystemTimeToFileTime
FileTimeToSystemTime
GlobalGetAtomNameW
GetThreadLocale
MoveFileW
lstrcmpiW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
GlobalFlags
WriteConsoleW
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
HeapQueryInformation
QueryPerformanceFrequency
VirtualQuery
ExitProcess
GetACP
SetEnvironmentVariableA
GetFullPathNameA
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetUserDefaultUILanguage
GetCurrentDirectoryW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalFindAtomW
GetSystemDirectoryW
EncodePointer
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalSize
InitializeCriticalSectionAndSpinCount
lstrcpyW
GlobalFree
GlobalUnlock
FreeResource
OutputDebugStringA
GlobalAddAtomW
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpW
lstrcmpA
ReadFile
WriteFile
SetFilePointer
CreateFileW
GetLastError
DeleteFileW
CloseHandle
GetFileSize
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesA
DeleteFileA
Sleep
CreateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
EnumResourceLanguagesA
SizeofResource
BeginUpdateResourceA
SetLastError
EnumResourceNamesA
EnumResourceTypesA
FindResourceA
EndUpdateResourceW
LoadLibraryA
LockResource
LoadResource
UpdateResourceW
FreeLibrary
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetCurrentProcess
TerminateProcess
GetVersionExW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetSystemInfo
LoadLibraryW
GetProcAddress
GetModuleHandleW
CreateDirectoryA
VirtualAlloc
GetModuleHandleA
HeapFree
GetStdHandle
InitializeCriticalSectionEx
CreateMutexA
HeapSize
GetCommandLineA
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
GetProcessHeap
GetCurrentDirectoryA
SetCurrentDirectoryA
FindResourceW
SetEvent
CreateEventW
GetCurrentThreadId
SetThreadPriority
ResumeThread
GetCurrentThread
GetModuleFileNameW
LoadLibraryExW
GlobalAlloc
GlobalLock
GlobalDeleteAtom

gdi32

CreateDCW
GetDeviceCaps
BitBlt
CreateBitmap
CreateCompatibleDC
CopyMetaFileW
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteObject
DeleteDC
GetTextFaceW
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
SetPaletteEntries
ExtFloodFill
LPtoDP
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
Rectangle
Polyline
Polygon
CreatePolygonRgn
Ellipse
CreateEllipticRgn
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
RealizePalette
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CombineRgn
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
CreateDIBSection
CreateCompatibleBitmap
CreateRoundRectRgn
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
GetObjectW
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
StrFormatKBSizeW

uxtheme

IsThemeBackgroundPartiallyTransparent
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemePartSize
GetThemeSysColor
GetWindowTheme
IsAppThemed
GetCurrentThemeName
GetThemeColor
DrawThemeBackground

ole32

CoRegisterMessageFilter
OleDuplicateData
ReleaseStgMedium
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoInitializeEx
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRevokeClassObject

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantChangeType
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
LoadTypeLi
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

winmm

PlaySoundW

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Holo\MoickDmot.exe
.exe windows:6 windows x86

7136a204a4869b6d1afbc26d8cbcae86

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:e2:97:1a:c7:86:b0:a4:61:70:99:1c:cd:e9:81:b8:8c:e6:ed:44:9b:81:e1:c8:73:15:bb:f5:28:a9:56:5d
Signer

Actual PE Digest

c1:e2:97:1a:c7:86:b0:a4:61:70:99:1c:cd:e9:81:b8:8c:e6:ed:44:9b:81:e1:c8:73:15:bb:f5:28:a9:56:5d

Digest Algorithm

sha256

PE Digest Matches

true

64:d2:20:6f:27:0d:9e:92:11:d8:f6:49:9f:b1:60:ae:3b:18:b0:75
Signer

Actual PE Digest

64:d2:20:6f:27:0d:9e:92:11:d8:f6:49:9f:b1:60:ae:3b:18:b0:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
SetLastError
FreeLibrary
LoadResource
LockResource
SizeofResource
LoadLibraryA
FindResourceA
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
BeginUpdateResourceA
BeginUpdateResourceW
UpdateResourceA
UpdateResourceW
EndUpdateResourceA
EndUpdateResourceW
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryA
GetCurrentProcess
TerminateProcess
CreateProcessW
OpenProcess
WaitForSingleObject
GetVersionExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
LoadLibraryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32GetModuleFileNameExA
CreatePipe
CreateProcessA
GetSystemDirectoryA
GetStartupInfoA
HeapSize
ReadConsoleW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
ReleaseMutex
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateThread
Sleep
RemoveDirectoryA
GetFileAttributesA
FindNextFileW
FindFirstFileW
FindClose
DeleteFileA
GetLastError
CloseHandle
WriteFile
SetFilePointer
ReadFile
GetFileSize
DeleteFileW
CreateFileW
GetSystemInfo
CreateFileA
FindFirstFileExA
GetProcessHeap
SetConsoleCtrlHandler
SetEndOfFile
OutputDebugStringW
OutputDebugStringA
SetFilePointerEx
FlushFileBuffers
GetFileAttributesExW
GetExitCodeProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetStdHandle
MoveFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetACP
GetCommandLineW
GetCommandLineA
ExitProcess
HeapReAlloc
FormatMessageW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
HeapAlloc
HeapFree

user32

GetSystemMetrics
GetWindowRect
FindWindowA
FindWindowW
FindWindowExW
GetWindowThreadProcessId
GetWindowLongW
PostMessageW
IsWindow

advapi32

RegSetValueExA
RegSaveKeyA
RegRestoreKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
RegEnumValueA
RegCloseKey
CreateProcessWithTokenW
LookupPrivilegeValueW
GetTokenInformation
FreeSid
DuplicateTokenEx
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegDeleteTreeA

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteA
ShellExecuteExA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imagehlp

MakeSureDirectoryPathExists

ws2_32

gethostbyname
WSAStartup
inet_ntoa
__WSAFDIsSet
closesocket
connect
getsockopt
htons
recv
select
socket
send

netapi32

Netbios

Sections

.text
Size: 645KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Holo\des\moutesch.dll
.dll regsvr32 windows:5 windows x86

05c50410df471ab3ee7ed852f7daed17

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:73:05:b7:d9:e7:f2:b4:2a:6f:12:a3:e2:8f:e0:5d:d5:1f:fe:a4:f2:a9:da:0d:c0:ee:2b:32:5e:fe:02:e8
Signer

Actual PE Digest

be:73:05:b7:d9:e7:f2:b4:2a:6f:12:a3:e2:8f:e0:5d:d5:1f:fe:a4:f2:a9:da:0d:c0:ee:2b:32:5e:fe:02:e8

Digest Algorithm

sha256

PE Digest Matches

true

0a:a6:a8:d0:b2:9f:fa:16:8b:26:e4:a4:5a:13:95:88:5b:5b:87:96
Signer

Actual PE Digest

0a:a6:a8:d0:b2:9f:fa:16:8b:26:e4:a4:5a:13:95:88:5b:5b:87:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

uxtheme

GetThemeFont
CloseThemeData
DrawThemeParentBackground
GetThemeColor
OpenThemeData
IsAppThemed

gdi32

CreateFontIndirectW
DeleteObject
CreateSolidBrush

advapi32

RegOpenKeyExA
RegEnumKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
OpenProcessToken
RegQueryValueExA
RegCreateKeyExW
RegCloseKey

kernel32

HeapReAlloc
WriteConsoleW
SetEndOfFile
GetProcessHeap
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
GetCurrentProcess
GetProcAddress
Process32FirstW
GetModuleFileNameA
Process32NextW
CreateToolhelp32Snapshot
GetCurrentProcessId
Sleep
CreateThread
CreateMutexW
WaitForSingleObject
ReleaseMutex
FindResourceA
FreeLibrary
LoadResource
UpdateResourceA
EndUpdateResourceW
EnumResourceTypesA
SizeofResource
EnumResourceLanguagesA
SetLastError
BeginUpdateResourceW
LoadLibraryA
LockResource
BeginUpdateResourceA
UpdateResourceW
CompareStringW
EndUpdateResourceA
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
OpenProcess
LoadLibraryW
GetVersionExW
GetFileAttributesA
TerminateProcess
CreateDirectoryA
GetSystemInfo
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GlobalDeleteAtom
TerminateThread
CreateProcessA
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalFindAtomW
SetEvent
GetModuleFileNameW
lstrlenW
DisableThreadLibraryCalls
CreateEventW
OpenEventW
GlobalAddAtomW
GetVersion
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
GetCommandLineA
GetCurrentThreadId
ExitProcess
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
InterlockedExchange
DecodePointer
EncodePointer
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapSize
EnumResourceNamesA
SetEnvironmentVariableA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetStartupInfoW
HeapCreate
HeapDestroy
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileA
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
IsProcessorFeaturePresent

user32

GetSysColorBrush
SystemParametersInfoW
CallNextHookEx
FindWindowW
GetWindowTextLengthW
GetSysColor
GetWindowTextW
FillRect
SetWindowsHookExW
UnhookWindowsHookEx
DestroyWindow
SetTimer
UnregisterClassW
KillTimer
LoadCursorW
SetFocus
PtInRect
InvalidateRect
ShowWindow
IsWindow
CreateWindowExW
RegisterClassW
SendMessageW
UpdateWindow
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetSystemMetrics
PostMessageW
FindWindowExW

shell32

SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHLoadInProc

ole32

CoCreateInstance
CoUninitialize
StringFromGUID2
CoInitialize

imagehlp

MakeSureDirectoryPathExists

ws2_32

__WSAFDIsSet
closesocket
gethostbyname
socket
getsockopt
recv
htons
select
WSAStartup
inet_ntoa
connect
send

netapi32

Netbios

gdiplus

GdiplusStartup
GdiplusShutdown

shlwapi

PathFileExistsA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetClassObjectEx
DllGetClassObjectNew
DllInstall
DllRegisterServer
DllShowBar
DllUnregisterServer
UnInstall

Sections

.text
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Holo\des\remoutegde.dll
.dll regsvr32 windows:5 windows x64

e76ba15250ca47f37cc57bcf6484883f

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:c3:9e:b7:0e:88:d1:23:ed:d6:f0:e9:70:5e:2b:62:cb:5a:45:b3:4f:c0:c1:6b:36:04:9f:db:94:d4:f9:3d
Signer

Actual PE Digest

7d:c3:9e:b7:0e:88:d1:23:ed:d6:f0:e9:70:5e:2b:62:cb:5a:45:b3:4f:c0:c1:6b:36:04:9f:db:94:d4:f9:3d

Digest Algorithm

sha256

PE Digest Matches

true

cb:48:b2:b7:56:f7:7e:64:3e:6b:57:69:96:6d:c7:7d:d4:3d:94:f1
Signer

Actual PE Digest

cb:48:b2:b7:56:f7:7e:64:3e:6b:57:69:96:6d:c7:7d:d4:3d:94:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

uxtheme

GetThemeFont
CloseThemeData
DrawThemeParentBackground
GetThemeColor
OpenThemeData
IsAppThemed

gdi32

CreateFontIndirectW
DeleteObject
CreateSolidBrush

advapi32

RegOpenKeyExA
RegEnumKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
OpenProcessToken
RegQueryValueExA
RegCreateKeyExW
RegCloseKey

kernel32

HeapReAlloc
WriteConsoleW
SetEndOfFile
GetProcessHeap
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
GetCurrentProcess
GetProcAddress
Process32FirstW
GetModuleFileNameA
Process32NextW
CreateToolhelp32Snapshot
GetCurrentProcessId
Sleep
CreateThread
CreateMutexW
WaitForSingleObject
ReleaseMutex
FindResourceA
FreeLibrary
LoadResource
UpdateResourceA
EndUpdateResourceW
SizeofResource
SetLastError
BeginUpdateResourceW
LoadLibraryA
LockResource
BeginUpdateResourceA
UpdateResourceW
CompareStringW
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
OpenProcess
LoadLibraryW
GetVersionExW
GetFileAttributesA
TerminateProcess
CreateDirectoryA
GetSystemInfo
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GlobalDeleteAtom
TerminateThread
CreateProcessA
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalFindAtomW
SetEvent
GetModuleFileNameW
lstrlenW
DisableThreadLibraryCalls
CreateEventW
OpenEventW
GlobalAddAtomW
GetVersion
RtlVirtualUnwind
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
RaiseException
GetCommandLineA
FlsSetValue
GetCurrentThreadId
ExitProcess
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
DecodePointer
EncodePointer
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
FlsAlloc
HeapSize
SetStdHandle
EndUpdateResourceA
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
GetFileType
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetStartupInfoW
HeapSetInformation
HeapCreate
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileA
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
HeapDestroy

user32

GetSysColor
FillRect
GetWindowTextLengthW
CallNextHookEx
GetSysColorBrush
SystemParametersInfoW
FindWindowW
GetWindowTextW
FindWindowExW
SetWindowsHookExW
UnhookWindowsHookEx
DestroyWindow
SetTimer
UnregisterClassW
KillTimer
LoadCursorW
GetWindowLongPtrW
SetFocus
PtInRect
InvalidateRect
ShowWindow
IsWindow
CreateWindowExW
RegisterClassW
SetWindowLongPtrW
SendMessageW
UpdateWindow
DefWindowProcW
GetWindowLongW
SetWindowLongW
PostMessageW
GetSystemMetrics

shell32

SHLoadInProc
SHGetFolderPathA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
StringFromGUID2
CoInitialize

imagehlp

MakeSureDirectoryPathExists

ws2_32

__WSAFDIsSet
closesocket
gethostbyname
socket
getsockopt
recv
htons
select
WSAStartup
inet_ntoa
connect
send

netapi32

Netbios

gdiplus

GdiplusStartup
GdiplusShutdown

shlwapi

PathFileExistsA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetClassObjectEx
DllGetClassObjectNew
DllInstall
DllRegisterServer
DllShowBar
DllUnregisterServer
UnInstall

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HologramCap.exe
.exe windows:5 windows x86

b96b50eb6405606d5c2b3ea7baa06dea

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:78:07:8f:f2:77:c8:5b:5f:a1:c5:30:2f:e0:e6:3e:cd:c4:ac:57:d4:bc:2e:cc:9b:53:23:de:4d:e6:d4:07
Signer

Actual PE Digest

75:78:07:8f:f2:77:c8:5b:5f:a1:c5:30:2f:e0:e6:3e:cd:c4:ac:57:d4:bc:2e:cc:9b:53:23:de:4d:e6:d4:07

Digest Algorithm

sha256

PE Digest Matches

true

5c:bf:f2:fa:f5:ad:d1:99:58:13:f0:97:68:bf:61:4e:9d:74:86:91
Signer

Actual PE Digest

5c:bf:f2:fa:f5:ad:d1:99:58:13:f0:97:68:bf:61:4e:9d:74:86:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

kernel32

BeginUpdateResourceA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetSystemInfo
GetProcAddress
LoadLibraryW
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcess
GetFileAttributesA
TerminateProcess
CreateDirectoryA
CreateEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ResetEvent
GetOverlappedResult
FreeResource
GetCurrentProcessId
GetCurrentThreadId
SetCurrentDirectoryA
SetCurrentDirectoryW
GetModuleFileNameW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
HeapSize
GetLocaleInfoW
IsValidCodePage
LeaveCriticalSection
GetACP
FlushFileBuffers
LoadLibraryA
GetStdHandle
SetHandleCount
HeapCreate
GetConsoleMode
GetConsoleCP
GetFileType
InitializeCriticalSectionAndSpinCount
SetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
RtlUnwind
RaiseException
DecodePointer
EncodePointer
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
DeleteCriticalSection
FreeEnvironmentStringsW
InitializeCriticalSection
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetEndOfFile
GetProcessHeap
LocalFree
CreateThread
CreateFileA
SetFilePointer
SetLastError
FindResourceA
FreeLibrary
SizeofResource
LoadResource
LockResource
BeginUpdateResourceW
UpdateResourceA
EndUpdateResourceA
WaitForSingleObject
ExitProcess
CloseHandle
ReadFile
WriteFile
CreateFileW
GetLastError
GetFileSize
GetCommandLineA
Sleep
GetOEMCP

user32

GetCursorPos
PtInRect
GetDC
ReleaseDC
InvalidateRect
SetWindowRgn
DialogBoxParamA
UnregisterHotKey
RegisterHotKey
LoadIconA
SetClassLongA
SetTimer
EndDialog
IsDlgButtonChecked
EnableWindow
SendDlgItemMessageA
SetFocus
CheckDlgButton
SetDlgItemInt
GetDlgItemTextA
SetDlgItemTextA
GetDesktopWindow
GetIconInfo
GetAsyncKeyState
DrawIconEx
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
InvalidateRgn
IsWindowVisible
ScreenToClient
SetWindowTextA
GetDlgItem
SendMessageA
EnumChildWindows
ShowWindow
CreateDialogParamA
SetWindowLongA
GetClientRect
GetClassNameA
DestroyWindow
SetWindowPos
CallWindowProcA
GetWindowLongA
FindWindowExA
GetWindowRect
GetSystemMetrics
PostMessageA
GetDlgItemInt

gdi32

BitBlt
CreateRectRgn
CombineRgn
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateRectRgnIndirect

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegOpenKeyA
RegCloseKey

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoTaskMemFree

ws2_32

connect
recv
send
gethostbyname
select
__WSAFDIsSet
getsockopt
htons
socket
WSAStartup
inet_ntoa
closesocket

netapi32

Netbios

Sections

.text
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:6 windows x86

29ac6cfdb129627a70dc3561ebe80089

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

14/04/2023, 08:21

Not After

13/04/2024, 08:21

Subject

CN=Hangzhou Yanyan Network Technology Co.\, Ltd,O=Hangzhou Yanyan Network Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:2b:5e:75:8d:e7:0c:1b:eb:bd:3e:df:e7:bf:89:cc:f2:fa:68:1e:e9:15:21:97:76:14:5b:f1:1b:47:15:67
Signer

Actual PE Digest

8d:2b:5e:75:8d:e7:0c:1b:eb:bd:3e:df:e7:bf:89:cc:f2:fa:68:1e:e9:15:21:97:76:14:5b:f1:1b:47:15:67

Digest Algorithm

sha256

PE Digest Matches

true

49:8f:15:22:b9:93:c9:ad:3b:af:22:9a:be:28:e0:97:50:7a:51:b2
Signer

Actual PE Digest

49:8f:15:22:b9:93:c9:ad:3b:af:22:9a:be:28:e0:97:50:7a:51:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrFormatKBSizeW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFileExistsW

kernel32

SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
ReadConsoleW
GetTimeZoneInformation
SetFilePointerEx
GetConsoleMode
GetConsoleCP
MoveFileExW
EnumSystemLocalesW
IsValidLocale
GetCPInfo
GetDateFormatW
GetACP
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
OutputDebugStringW
GetStringTypeW
LCMapStringW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalUnlock
LocalLock
GetUserDefaultLCID
ReplaceFileW
GetDiskFreeSpaceW
SearchPathW
GetProfileIntW
GetTickCount
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
GetWindowsDirectoryW
FindResourceExW
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
GetStringTypeExW
MoveFileW
lstrcmpiW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
FlushFileBuffers
GetCurrentDirectoryW
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetAtomNameW
GlobalGetAtomNameW
GlobalFlags
InitializeCriticalSectionAndSpinCount
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalSize
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
lstrcmpA
ResumeThread
SuspendThread
CreateEventW
SetEvent
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
FreeResource
GetCurrentThreadId
EncodePointer
OutputDebugStringA
WaitForSingleObject
ReleaseMutex
CreateThread
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryW
GetProcAddress
GetSystemInfo
OpenProcess
TerminateProcess
GetFileAttributesW
WideCharToMultiByte
CreateDirectoryW
GetVersionExW
CreateProcessW
EndUpdateResourceW
EndUpdateResourceA
UpdateResourceW
UpdateResourceA
BeginUpdateResourceW
BeginUpdateResourceA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
FindResourceA
LoadLibraryA
FreeLibrary
Sleep
SetLastError
FindNextFileW
FindFirstFileW
FindClose
GetFileAttributesA
DeleteFileA
CloseHandle
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
MultiByteToWideChar
DeleteFileW
lstrcatW
lstrcpyW
GetModuleFileNameW
SetPriorityClass
SetThreadPriority
GetCurrentThread
ExitProcess
GetCurrentProcess
RemoveDirectoryW
GetEnvironmentVariableW
CreateMutexW
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
WriteConsoleW
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
GetModuleHandleW
SetConsoleCtrlHandler
GetTimeFormatW

user32

ReleaseCapture
SetCapture
WaitMessage
CharUpperW
DestroyIcon
KillTimer
SetTimer
DeleteMenu
GetDialogBaseUnits
MapDialogRect
GetAsyncKeyState
CopyImage
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
MapVirtualKeyW
GetKeyNameTextW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
SystemParametersInfoW
InflateRect
GetMenuItemInfoW
DestroyMenu
FillRect
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
InsertMenuW
GetMenuState
GetMenuStringW
GetWindowThreadProcessId
SetCursor
ShowOwnedPopups
PostQuitMessage
GetCursorPos
TranslateMessage
GetMessageW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
LoadMenuW
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
CopyRect
GetSysColor
WindowFromPoint
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
IntersectRect
TrackMouseEvent
LoadImageW
CreatePopupMenu
UnregisterClassW
EnableWindow
BeginPaint
EndPaint
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
GetMenuDefaultItem
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
GetNextDlgGroupItem
DrawFocusRect
IsRectEmpty
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
GetClientRect
MessageBoxW
SendMessageW
MoveWindow
IsIconic
GetSystemMetrics
GetSystemMenu
AppendMenuW
CreateAcceleratorTableW
DrawIcon
UpdateWindow
InvalidateRect
LoadIconW
PostMessageW
GetWindowLongW
SetWindowLongW
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetParent
LoadBitmapW
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
SetParent
OpenClipboard
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
SetCursorPos
CopyIcon
FrameRect
UnionRect
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
GetTabbedTextExtentW
DestroyCursor
GetWindowRgn
WindowFromDC
CreateMenu
InSendMessage
MonitorFromRect
SendNotifyMessageW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
EnumChildWindows
GetDCEx
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableW
DestroyAcceleratorTable
MapWindowPoints

gdi32

OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocW
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
PatBlt
GetTextMetricsW
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
LineTo
CreateCompatibleBitmap
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
GetCharWidthW
StretchDIBits
Rectangle
GetRgnBox
OffsetRgn
GetCurrentObject
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateDIBPatternBrushPt
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
EnumFontFamiliesExW
CreateHatchBrush
CreateFontW

msimg32

AlphaBlend
TransparentBlt

winspool.drv

GetJobW
ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

GetFileSecurityW
RegEnumKeyExW
RegEnumValueW
RegSetValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExA
RegSaveKeyA
RegRestoreKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyW
RegEnumValueA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW
RegOpenKeyExA
RegCloseKey
SetFileSecurityW

shell32

ShellExecuteExW
SHChangeNotify
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderW
SHGetMalloc
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetFileInfoW
ExtractIconW
SHAddToRecentDocs
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteA

uxtheme

GetThemePartSize
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
GetThemeSysColor

ole32

StgIsStorageFile
CreateFileMoniker
CreateILockBytesOnHGlobal
OleCreateMenuDescriptor
IsAccelerator
OleRun
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleDestroyMenuDescriptor
OleRegGetMiscStatus
StgOpenStorageOnILockBytes
StgOpenStorage
OleRegEnumVerbs
StgCreateDocfileOnILockBytes
GetHGlobalFromILockBytes
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
StgCreateDocfile
OleLockRunning
OleSetMenuDescriptor
PropVariantCopy
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleSave
OleSaveToStream
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoInitializeEx
CLSIDFromString
StringFromGUID2
CoDisconnectObject
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemAlloc
StringFromCLSID
CoCreateGuid
CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
OleSetContainedObject
OleGetIconOfClass
OleTranslateAccelerator

oleaut32

LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
LoadTypeLi
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
VariantClear
VariantChangeType
VariantInit
SafeArrayGetLBound
SysAllocStringLen

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imagehlp

MakeSureDirectoryPathExists

netapi32

Netbios

ws2_32

WSAStartup
gethostbyname
inet_ntoa
send
select
recv
htons
getsockopt
closesocket
__WSAFDIsSet
socket
connect

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 622KB - Virtual size: 621KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c17285545a91635de3473150a68b89dd

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14Certificate

Extended Key Usages

Key Usages

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

82:8f:3d:54:1f:4c:ac:0b:c7:36:90:95:7c:89:15:d2:29:e4:97:8c:f4:46:b1:a6:ce:d3:31:ff:13:79:f9:53Signer

2c:5b:26:5f:2e:a5:44:d7:6a:8f:2c:ab:36:73:a4:ee:41:35:08:a7Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

shell32

ws2_32

netapi32

kernel32

Sections

.text Size: 251KB - Virtual size: 251KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 4KB - Virtual size: 8KB

.gfids Size: 1024B - Virtual size: 824B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 13KB - Virtual size: 12KB

078a770075e4790becc8c7fe0f10684b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14Certificate

Extended Key Usages

Key Usages

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

82:8f:3d:54:1f:4c:ac:0b:c7:36:90:95:7c:89:15:d2:29:e4:97:8c:f4:46:b1:a6:ce:d3:31:ff:13:79:f9:53
Signer

2c:5b:26:5f:2e:a5:44:d7:6a:8f:2c:ab:36:73:a4:ee:41:35:08:a7
Signer

.text
Size: 251KB - Virtual size: 251KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 4KB - Virtual size: 8KB

.gfids
Size: 1024B - Virtual size: 824B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 13KB - Virtual size: 12KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e4:14:11:2c:33:48:79:86:fa:67:ac:30:d3:17:38:6c:bd:94:e0:33:4c:4c:08:93:a0:ad:07:5a:34:87:74:87
Signer

84:ff:f1:8c:b1:f8:15:db:4d:ae:42:02:50:71:b4:b7:ac:c0:67:22
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 398KB - Virtual size: 397KB

.data
Size: 25KB - Virtual size: 51KB

.gfids
Size: 107KB - Virtual size: 106KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 163KB - Virtual size: 162KB

.reloc
Size: 133KB - Virtual size: 133KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

51:bc:c9:45:5b:c5:9b:01:65:20:7a:fc:4f:7a:8a:14
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate