c55f324135743ab848af1afeff28b9a47ce5336c48faa3d06083acfb043d5045

Sharing

Copy URL Twitter E-mail

General

Target

c55f324135743ab848af1afeff28b9a47ce5336c48faa3d06083acfb043d5045
Size

2.7MB
MD5

004ba68a333c566039e1fde49537343e
SHA1

469a916879ff38fdc6556ef3f37aeb6eaa1b4895
SHA256

c55f324135743ab848af1afeff28b9a47ce5336c48faa3d06083acfb043d5045
SHA512

932df06485d41a2d8f2531a89520e5d7171d26185690c7dc6e95de535f6a9a6a740aa858a36148bc66affce846d8ca5cb359c30b23ac12a6b2054e234609e8ec
SSDEEP

49152:63/gwWwwiPCYk4r8/HTOjDHEIXokqQNWdDADGuNiTSoieoN/NkcITXXSVMFHvjtU:63/O2CbLaHEI0QUdDATiTS1eoIc49H7W

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/记事本替换工具_v1.23.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Notepad3_x64.exe
unpack001/记事本替换工具_v1.23.exe

Files

c55f324135743ab848af1afeff28b9a47ce5336c48faa3d06083acfb043d5045
.zip
Notepad3_x64.exe
.exe windows:6 windows x64

1b6520e89d40c44fca701a8aa538d8f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetNtVersionNumbers
RtlPcToFileHeader
VerSetConditionMask
RtlUnwindEx

comctl32

ord413
ord410
ImageList_AddMasked
ord8
ImageList_Create
ImageList_Destroy
ord412
InitMUILanguage
InitCommonControlsEx
ImageList_ReplaceIcon
ord381
ImageList_GetIcon

shlwapi

ord157
StrRChrW
StrChrIW
StrCmpNIW
StrFormatByteSizeEx
StrSpnW
PathFindFileNameW
PathRemoveExtensionW
StrCmpNA
StrCmpNIA
StrTrimA
PathCreateFromUrlW
StrStrA
StrChrA
StrCSpnA
StrStrIA
StrCmpLogicalW
UrlCreateFromPathW
StrChrIA
StrRetToBufW
PathMatchSpecW
StrToIntExW
SHAutoComplete
StrStrIW
StrStrW
StrTrimW
StrDupW
StrCmpW
StrCmpIW
PathIsUNCW
PathIsRelativeW
UrlIsW
PathStripToRootW
StrChrW

user32

UpdateWindow
IsIconic
LoadMenuW
GetMenuItemCount
LoadStringA
LoadStringW
GetMenuState
DispatchMessageW
PeekMessageW
TranslateMessage
SystemParametersInfoA
IsCharAlphaNumericA
IsCharLowerW
GetKeyState
CharUpperW
CharLowerW
GetMenu
DestroyWindow
GetActiveWindow
IsWindow
OpenClipboard
GetCapture
SetTimer
CloseClipboard
EmptyClipboard
GetDoubleClickTime
IsCharUpperA
SetFocus
CharNextW
GetClipboardData
SetClipboardData
GetComboBoxInfo
CheckMenuItem
IsClipboardFormatAvailable
KillTimer
GetSysColorBrush
EnableMenuItem
ReleaseCapture
ChildWindowFromPoint
IsCharUpperW
GetWindowLongW
GetWindowTextLengthW
DrawAnimatedRects
DeferWindowPos
GetSystemMenu
FindWindowExW
GetWindowRect
GetFocus
GetDC
SetWindowPos
CheckRadioButton
GetPropW
CopyImage
MonitorFromRect
MonitorFromWindow
SetActiveWindow
MessageBoxExW
SetWindowLongPtrW
GetIconInfo
CallNextHookEx
RemovePropW
SetWindowTextW
MessageBeep
CreatePopupMenu
PostQuitMessage
GetWindowPlacement
TrackPopupMenu
BeginDeferWindowPos
OffsetRect
GetDlgItemTextA
GetMonitorInfoW
GetDlgCtrlID
ClientToScreen
MonitorFromPoint
CreateIconIndirect
InflateRect
AdjustWindowRectEx
DrawTextW
DrawTextA
CallWindowProcW
GetAncestor
NotifyWinEvent
GetScrollInfo
SetScrollInfo
PtInRect
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
ValidateRect
GetUpdateRgn
SetMenuItemInfoW
CharPrevW
MapWindowPoints
SetWindowPlacement
GetSysColor
DialogBoxIndirectParamW
IsWindowEnabled
SetMenu
UnhookWindowsHookEx
DestroyMenu
SetLayeredWindowAttributes
GetMenuStringW
IsCharAlphaNumericW
LoadCursorW
DrawMenuBar
MsgWaitForMultipleObjects
RegisterClipboardFormatW
GetMessageTime
EndDeferWindowPos
SetWindowsHookExW
InsertMenuW
SetCursor
GetDlgItemInt
SetWindowLongW
GetClientRect
IsZoomed
AppendMenuW
SetRect
DrawIconEx
GetDesktopWindow
CreateDialogIndirectParamW
SetDlgItemInt
SetForegroundWindow
LoadImageW
ReleaseDC
BeginPaint
EndPaint
EnableWindow
GetWindowTextW
SetPropW
SystemParametersInfoW
GetSystemMetrics
SetCursorPos
GetCursorPos
CharUpperBuffW
PostMessageW
SendMessageW
EndDialog
ShowWindow
RedrawWindow
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
IsDlgButtonChecked
GetDlgItem
CheckDlgButton
GetParent
InvalidateRect
TrackMouseEvent
SetWindowCompositionAttribute
RegisterWindowMessageW
GetKeyboardLayout
DestroyCursor
SetCapture
GetCaretBlinkTime
GetMessageW
GetMenuItemInfoW
DefWindowProcW
ModifyMenuW
ShowWindowAsync
CheckMenuRadioItem
IsWindowVisible
SetClipboardViewer
FillRect
CreateWindowExW
ShowOwnedPopups
ScreenToClient
UnregisterClassW
RegisterClassExW
GetMenuBarInfo
LoadAcceleratorsW
GetSubMenu
IsDialogMessageW
DestroyIcon
ChangeClipboardChain
IsChild
CountClipboardFormats
FrameRect
SetMenuDefaultItem
GetForegroundWindow
EnumWindows
TranslateAcceleratorW
GetClassNameW
GetWindowDC
GetWindowLongPtrW
TrackPopupMenuEx
IsCharLowerA
CharLowerA

kernel32

SizeofResource
WaitForSingleObject
GetCurrentThreadId
FreeResource
Sleep
FormatMessageW
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GetFileSizeEx
GetTimeFormatEx
SetFileTime
GetDateFormatEx
lstrcmpA
GetTickCount64
QueryPerformanceFrequency
GetLocalTime
LCMapStringW
lstrcmpiA
QueryPerformanceCounter
GetFileTime
GetOEMCP
GetCPInfo
IsValidCodePage
GetCPInfoExW
GetACP
CreateEventW
SetEvent
ResetEvent
SetThreadUILanguage
GetUserPreferredUILanguages
ResolveLocaleName
SetProcessPreferredUILanguages
IsValidLocaleName
GetStartupInfoW
GlobalHandle
GetCommandLineW
lstrlenW
HeapLock
SetErrorMode
GetTempPathW
HeapWalk
FindFirstChangeNotificationW
GetFileAttributesExW
FindCloseChangeNotification
DeleteFileW
GetSystemInfo
VerifyVersionInfoW
FindNextChangeNotification
SetCurrentDirectoryW
CreateProcessW
GetTempFileNameW
UnlockFileEx
GetTimeFormatW
GetDateFormatW
SetLastError
FindFirstFileW
FindNextFileW
FindClose
LCIDToLocaleName
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
MapViewOfFile
CreateFileMappingW
LocaleNameToLCID
UnmapViewOfFile
GetVersionExW
GetLocaleInfoW
GetTickCount
GlobalSize
GetLocaleInfoA
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
WakeConditionVariable
InitializeConditionVariable
TryAcquireSRWLockExclusive
InitOnceComplete
InitOnceBeginInitialize
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualQuery
RaiseException
LoadLibraryExW
GetModuleHandleW
CompareStringOrdinal
VirtualProtect
FlushFileBuffers
MulDiv
GetFileSize
LockFileEx
LocalFree
FindResourceExW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetStdHandle
EnumSystemLocalesW
SetStdHandle
GetFileType
GetConsoleOutputCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeW
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
SetEndOfFile
GetLocaleInfoEx
SetEnvironmentVariableW
GetCurrentProcess
ReadFile
CreateDirectoryW
FreeLibrary
GetProcAddress
GetCurrentDirectoryW
LoadLibraryW
CloseHandle
SetFileAttributesW
GetFileAttributesW
CreateFileW
GetEnvironmentVariableW
GetModuleFileNameW
GetFinalPathNameByHandleW
ExpandEnvironmentStringsW
GetLongPathNameW
SearchPathW
WideCharToMultiByte
GetLastError
HeapReAlloc
MultiByteToWideChar
HeapSize
GlobalUnlock
GetProcessHeap
GlobalLock
HeapAlloc
SetFilePointer
WriteFile
HeapFree
CompareStringW
GetModuleHandleExW
GetNativeSystemInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
TlsFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
WriteConsoleW
IsValidLocale
HeapUnlock
GetUserDefaultLCID

gdi32

LineTo
GetTextMetricsW
CreateFontW
EndDoc
StartPage
SetDIBits
GetDIBits
ExtTextOutW
CreateBitmap
CreateRectRgn
CreateRectRgnIndirect
BitBlt
CreatePatternBrush
EnumFontFamiliesExW
CreatePen
GetTextExtentPoint32A
GetTextExtentExPointA
GetTextExtentExPointW
IntersectClipRect
RestoreDC
RoundRect
SaveDC
StretchBlt
GdiAlphaBlend
CreateDIBSection
ExtCreatePen
ExtTextOutA
Polygon
Polyline
MoveToEx
SetTextAlign
StartDocW
DPtoLP
EndPage
GetStockObject
GetTextExtentPoint32W
SetBkMode
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetObjectW
SetMapMode
CreateFontIndirectW
Ellipse
DeleteObject
CreateSolidBrush
CombineRgn
SetBkColor
SetTextColor

comdlg32

PageSetupDlgW
PrintDlgW
ChooseColorW
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AllocateAndInitializeSid
CreateWellKnownSid
FreeSid
CheckTokenMembership
GetTokenInformation
IsTextUnicode
AccessCheck
OpenProcessToken
GetFileSecurityW
DuplicateToken
MapGenericMask

shell32

ShellExecuteW
SHAppBarMessage
SHGetFileInfoW
ShellExecuteExW
SHGetDataFromIDListW
SHGetDesktopFolder
SHAddToRecentDocs
DragQueryFileW
Shell_NotifyIconW
DragAcceptFiles
DragFinish
SHOpenFolderAndSelectItems
ord155
SHParseDisplayName
SHGetPathFromIDListW
SHGetKnownFolderPath
SetCurrentProcessExplicitAppUserModelID
ord180
SHBrowseForFolderW

ole32

ReleaseStgMedium
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleInitialize
StringFromGUID2
CLSIDFromProgID
OleUninitialize
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocStringLen
SysFreeString

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmSetCompositionFontW
ImmEscapeW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

Exports

Exports

CreateLexer
GetLexerCount
GetLexerFactory
GetLexerName
GetLibraryPropertyNames
GetNameSpace
LexerNameFromID
Scintilla_AdjustWindowRectForDpi
Scintilla_GetSystemMetricsForDpi
Scintilla_GetWindowDPI
Scintilla_InputCodePage
Scintilla_RegisterClasses
Scintilla_ReleaseResources
SetLibraryProperty

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 589KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 794KB - Virtual size: 794KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Notepad3_x64.ini
Themes/Dark.ini
Themes/Obsidian.ini
Themes/Sombra.ini
grepWinNP3.exe
.exe windows:6 windows x64

9c45c2cc47d52cedbb499b62df699bba

Code Sign

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:8a:6a:91:ba:30:15:fa:95:c8:3e:6c:37:f2:7b:ab
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

16/06/2023, 12:52

Not After

15/06/2024, 12:52

Subject

CN=Open Source Developer\, Derick Payne,O=Open Source Developer,L=George,C=ZA,1.2.840.113549.1.9.1=#0c13696e666f4072697a6f6e65736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:5e:a6:fc:6a:5d:26:2d:a5:b8:aa:f9:22:4c:66:a9:43:16:15:97:04:e4:05:4b:60:a4:4c:3d:ab:1e:d4:59
Signer

Actual PE Digest

7d:5e:a6:fc:6a:5d:26:2d:a5:b8:aa:f9:22:4c:66:a9:43:16:15:97:04:e4:05:4b:60:a4:4c:3d:ab:1e:d4:59

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathIsDirectoryW
PathIsURLW
PathIsRelativeW
PathCanonicalizeW
PathIsRootW
SHDeleteKeyW
PathAppendW
PathRemoveFileSpecW
SHAutoComplete
PathCompactPathExW
StrFormatByteSizeW
AssocQueryStringW
StrCmpLogicalW
PathFileExistsW
PathRelativePathToW
SHSetValueW
SHGetValueW

uxtheme

BeginBufferedPaint
BufferedPaintSetAlpha
GetThemeColor
GetThemeInt
SetWindowTheme
CloseThemeData
OpenThemeData
GetThemeBackgroundContentRect
DrawThemeBackground
EndBufferedPaint

kernel32

lstrlenW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
GetFullPathNameW
GetLongPathNameW
GetShortPathNameW
GetModuleFileNameW
CreateFileW
CloseHandle
CreateDirectoryW
GetCurrentDirectoryW
Sleep
SetCurrentDirectoryW
FormatMessageW
GetTickCount64
GetWindowsDirectoryW
GetCurrentProcess
GetFileTime
WriteFile
SetFileTime
GetFileSizeEx
GlobalMemoryStatusEx
ReadFile
WideCharToMultiByte
GetFileSize
FlushFileBuffers
SetFilePointer
SetEndOfFile
GetCommandLineW
SetDllDirectoryW
CreateMutexW
GetSystemDirectoryW
SystemTimeToFileTime
SetErrorMode
GetUserDefaultLCID
GetStringTypeExW
LoadLibraryA
LCMapStringW
ExpandEnvironmentStringsW
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeExA
LCMapStringA
GetSystemTime
FileTimeToSystemTime
CreateThread
CreateProcessW
GetFileInformationByHandle
CompareFileTime
CopyFileW
GetFileAttributesW
SetFileAttributesW
MoveFileExA
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetTimeFormatW
CreateFileA
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAddAtomW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
GlobalUnlock
IsValidLocale
GetLocaleInfoW
CompareStringW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
GetStdHandle
ExitProcess
SetEnvironmentVariableW
RtlUnwind
LoadLibraryExW
TlsFree
lstrcpyW
TlsGetValue
TlsAlloc
RtlUnwindEx
CreateFileMappingA
GetModuleHandleA
MapViewOfFileEx
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetSystemTimeAsFileTime
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoEx
RaiseException
RtlPcToFileHeader
IsProcessorFeaturePresent
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceBeginInitialize
InitOnceComplete
GetNativeSystemInfo
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
FormatMessageA
GlobalFree
GlobalLock
GlobalAlloc
FindNextFileW
FindClose
FindFirstFileW
FindFirstFileExW
lstrcpynW
GetModuleHandleW
MulDiv
GetLastError
GetProcAddress
FreeLibrary
LoadLibraryW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
LocalFree
LocalAlloc
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
DeleteAtom
EnumSystemLocalesW
TlsSetValue

user32

SetCapture
GetClassNameW
InvalidateRgn
BeginPaint
GetClientRect
GetWindowLongPtrW
SendMessageW
GetWindowTextLengthW
GetWindowTextW
EndPaint
DrawTextW
InflateRect
GetWindowRect
GetCursorPos
PtInRect
GetFocus
GetSystemMetrics
IntersectRect
MapWindowPoints
GetParent
GetDC
ReleaseDC
ScreenToClient
SystemParametersInfoW
DialogBoxParamW
CreateDialogParamW
EnableWindow
ShowWindow
BringWindowToTop
SetForegroundWindow
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DestroyWindow
EndDialog
SetFocus
GetSysColor
PostMessageW
CheckDlgButton
RedrawWindow
CreatePopupMenu
CheckMenuItem
CheckRadioButton
CreateDialogIndirectParamW
GetWindowPlacement
GetDesktopWindow
CopyRect
SendDlgItemMessageW
AppendMenuW
InsertMenuW
DestroyMenu
GetDCEx
LoadStringA
SetTimer
KillTimer
IsDlgButtonChecked
EnumWindows
RegisterWindowMessageW
TrackPopupMenu
GetSubMenu
LoadMenuW
ClientToScreen
LoadStringW
SetDlgItemTextW
DrawIconEx
GetSysColorBrush
SetClipboardData
EmptyClipboard
OpenClipboard
CloseClipboard
EnumDisplayMonitors
GetMonitorInfoW
SetWindowTextW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
GetSystemMenu
EnumThreadWindows
EnumChildWindows
CloseWindow
LoadCursorW
SetCursor
GetKeyState
ReleaseCapture
DrawFocusRect
RemovePropW
GetPropW
SetPropW
RegisterClipboardFormatW
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
InvalidateRect
SetWindowRgn
CallWindowProcW
SetWindowPlacement
MoveWindow
GetWindowDC
SetLayeredWindowAttributes
MessageBoxW
SetCursorPos
GetDlgItemTextW
DefDlgProcW
CreateWindowExW
SetWindowLongPtrW
GetDlgItem
LoadImageW
SetWindowPos
OffsetRect

gdi32

PatBlt
SelectObject
GetDeviceCaps
SetBkColor
ExtTextOutW
CreateFontIndirectW
SetBkMode
DeleteObject
SetTextColor
EnumFontsW
CreateSolidBrush
CreateRectRgn
GetObjectW
SetRectRgn
CreateRectRgnIndirect
CombineRgn

comdlg32

GetOpenFileNameW

advapi32

CryptCreateHash
CryptReleaseContext
CryptHashData
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW

shell32

SHGetDesktopFolder
ord701
DragQueryFileW
CommandLineToArgvW
SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
SHGetKnownFolderPath
SHCreateItemFromParsingName

ole32

DoDragDrop
CoUninitialize
OleInitialize
CoInitializeEx
OleUninitialize
RegisterDragDrop
OleDuplicateData
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
ReleaseStgMedium

gdiplus

GdipDrawRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathArcI
GdipClosePathFigure
GdipStartPathFigure
GdipDrawPath
GdipDeletePath
GdipCreatePath
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipResetPath

comctl32

ord413
InitCommonControlsEx
ord412
ord410
ord381
ImageList_GetImageCount
ImageList_GetImageInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
grepwinNP3.ini
断剑留痕版特点.txt
记事本替换工具_v1.23.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 137KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1b6520e89d40c44fca701a8aa538d8f2

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

comctl32

shlwapi

user32

kernel32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

imm32

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.data Size: 589KB - Virtual size: 677KB

.pdata Size: 74KB - Virtual size: 74KB

.idata Size: 18KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 794KB - Virtual size: 794KB

.reloc Size: 18KB - Virtual size: 17KB

9c45c2cc47d52cedbb499b62df699bba

Code Sign

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

76:8a:6a:91:ba:30:15:fa:95:c8:3e:6c:37:f2:7b:abCertificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

7d:5e:a6:fc:6a:5d:26:2d:a5:b8:aa:f9:22:4c:66:a9:43:16:15:97:04:e4:05:4b:60:a4:4c:3d:ab:1e:d4:59Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

gdiplus

comctl32

version

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 21KB - Virtual size: 30KB

.pdata Size: 41KB - Virtual size: 40KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 170KB - Virtual size: 170KB

.reloc Size: 6KB - Virtual size: 5KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 572KB

UPX1 Size: 263KB - Virtual size: 264KB

.rsrc Size: 137KB - Virtual size: 140KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 589KB - Virtual size: 677KB

.pdata
Size: 74KB - Virtual size: 74KB

.idata
Size: 18KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 794KB - Virtual size: 794KB

.reloc
Size: 18KB - Virtual size: 17KB

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

76:8a:6a:91:ba:30:15:fa:95:c8:3e:6c:37:f2:7b:ab
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

7d:5e:a6:fc:6a:5d:26:2d:a5:b8:aa:f9:22:4c:66:a9:43:16:15:97:04:e4:05:4b:60:a4:4c:3d:ab:1e:d4:59
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 21KB - Virtual size: 30KB

.pdata
Size: 41KB - Virtual size: 40KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 170KB - Virtual size: 170KB

.reloc
Size: 6KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 572KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 137KB - Virtual size: 140KB