1dd9c7de32d1132c667a740078d3214aa80d6d91f22cede2d87b6243026ae380

Sharing

Copy URL

Twitter E-mail

General

Target

1dd9c7de32d1132c667a740078d3214aa80d6d91f22cede2d87b6243026ae380
Size

1.7MB
MD5

26f44607466b4e4b062181e69d4f78f2
SHA1

60350a6d9474989381034ee9097d58cfa3967ab1
SHA256

1dd9c7de32d1132c667a740078d3214aa80d6d91f22cede2d87b6243026ae380
SHA512

9e81cd6531b54e88ad2c20938fc1ef327c80cf769f1376bd7e1ab3cda99b2cbbce93c31b777e6ade6c1b4a71d8060999390e022415f132d581b7ee35ae0d76a6
SSDEEP

24576:vr6XY1txmIUCPNSEHTDieL+0+hQ5CTCnwAV8ctnwe7JVrBsGIQh+9fPYQ44zclaH:zutKPM0DrLiTG8chwetVVC6QfPYQ4Ju

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Orbs/Windows 7.orb
unpack001/StartAllBackCfg.exe
unpack001/Styles/Plain8.msstyles
unpack001/Styles/Windows 7.msstyles
unpack001/UpdateCheck.exe

Files

1dd9c7de32d1132c667a740078d3214aa80d6d91f22cede2d87b6243026ae380
.rar
DarkMagicLoaderX64.exe
.exe windows:6 windows x64

e75f4984b1f4f72162793ec77624ebf2

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:96:a3:75:6f:e6:ca:57:2f:2f:09:88:ee:3c:95:a3:da:23:e7:c2:7b:53:e2:a0:c4:59:b0:34:f7:e9:ff:77
Signer

Actual PE Digest

46:96:a3:75:6f:e6:ca:57:2f:2f:09:88:ee:3c:95:a3:da:23:e7:c2:7b:53:e2:a0:c4:59:b0:34:f7:e9:ff:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

ExitProcess

api-ms-win-downlevel-shlwapi-l1-1-0

StrToIntW

Sections

.text
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DarkMagicLoaderX86.exe
.exe windows:6 windows x86

e75f4984b1f4f72162793ec77624ebf2

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:95:59:ac:91:57:05:d3:a2:c9:1e:43:35:94:f5:ce:86:52:fb:30:5b:54:f8:7b:c0:ec:4f:7c:88:4a:a8:ed
Signer

Actual PE Digest

7e:95:59:ac:91:57:05:d3:a2:c9:1e:43:35:94:f5:ce:86:52:fb:30:5b:54:f8:7b:c0:ec:4f:7c:88:4a:a8:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

ExitProcess

api-ms-win-downlevel-shlwapi-l1-1-0

StrToIntW

Sections

.text
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DarkMagicX64.dll
.dll windows:6 windows x64

20516cbd158707451b9fce1880f26077

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:77:3d:f3:ac:52:e2:65:67:f9:a7:8d:0b:73:98:19:aa:dc:93:da:84:cd:9a:e6:af:65:0c:2f:5f:8f:8a:22
Signer

Actual PE Digest

48:77:3d:f3:ac:52:e2:65:67:f9:a7:8d:0b:73:98:19:aa:dc:93:da:84:cd:9a:e6:af:65:0c:2f:5f:8f:8a:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpA
lstrlenW
lstrcmpW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetProcessIdOfThread
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
SetThreadPriority
OpenProcessToken
GetCurrentThreadId
TerminateProcess
GetThreadId
ResumeThread

api-ms-win-core-atoms-l1-1-0

AddAtomW
DeleteAtom
FindAtomW

api-ms-win-core-synch-l1-1-0

OpenEventW
SetEvent
WaitForSingleObjectEx
SleepEx
WaitForSingleObject
ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
GetCurrentActCtx
FindActCtxSectionStringW
DeactivateActCtx

api-ms-win-core-memory-l1-1-0

VirtualProtect

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

SetFilePointer
ReadFile
CreateFileW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW
PathAppendW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeGetTime
timeEndPeriod

user32

SendMessageCallbackW
GetWindowThreadProcessId
SendNotifyMessageW
IsMenu
GetSystemMenu
KillTimer
GetGUIThreadInfo
GetSubMenu
GetDpiForMonitorInternal
ord2557
SetWindowCompositionAttribute
GetParent
IsWindow
RegisterShellHookWindow
DeregisterShellHookWindow
GetDpiForWindow
SystemParametersInfoForDpi
SendMessageW
GetMenu
EndPaint
BeginPaint
EnableWindow
SystemParametersInfoA
DrawEdge
GetWindow
FindWindowW
GetUpdateRect
DrawTextW
DefWindowProcW
InvalidateRect
MonitorFromWindow
PtInRect
GetSystemMetrics
GetMenuItemRect
GetIconInfo
SetMenuItemInfoW
GetClassLongPtrW
GetCurrentInputMessageSource
LoadIconW
SendMessageTimeoutW
SetWinEventHook
SetMessageExtraInfo
SetWindowsHookExW
CallNextHookEx
UnhookWinEvent
PrintWindow
UnhookWindowsHookEx
IsWindowVisible
IsIconic
DestroyWindow
AnimateWindow
RegisterWindowMessageW
GetClassWord
GetAncestor
GetPropW
FindWindowExW
GetWindowInfo
OffsetRect
GetSysColor
GetDesktopWindow
GetDC
ReleaseDC
GetMenuItemInfoW
GetMenuItemCount
InflateRect
SetWindowLongW
SetLayeredWindowAttributes
WindowFromDC
RegisterClassW
SetClassLongPtrW
SetWindowLongPtrW
GetSystemMetricsForDpi
DrawIconEx
EnumChildWindows
GetClassInfoW
GetDpiForSystem
EnumThreadWindows
GetCIMSSM
GetWindowRect
GetThreadDpiAwarenessContext
SystemParametersInfoW
ShowWindow
SetPropW
PostMessageW
CreateWindowExW
GetWindowLongW
GetWindowLongPtrW
UpdateLayeredWindow
SetWindowPos
SetTimer
GetMessageExtraInfo
RemovePropW
GetMenuBarInfo
GetMenuInfo
GetClientRect
SetMenuInfo
UpdateWindow

gdi32

SetBkMode
ExcludeClipRect
DeleteDC
StretchDIBits
GdiAlphaBlend
CreateCompatibleDC
GetObjectW
GetObjectType
DeleteObject
GetLayout
StretchBlt
SelectObject
CreateDIBSection
RestoreDC
SaveDC
CreateFontW
CreateFontIndirectW
GetStockObject
GetTextColor
GetTextExtentExPointW
SetTextColor
SetLayout
GetCurrentObject
SetBkColor
ExtTextOutW
GetDCDpiScaleValue
GdiDrawStream

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

wcsncpy_s
_wcsicmp
memset
_wcsnicmp
wcscmp
strcmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAdjustPrivilege
NtResumeThread
NtAlpcSendWaitReceivePort
RtlInitUnicodeString

api-ms-win-crt-private-l1-1-0

__std_type_info_destroy_list
__std_exception_copy
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler
wcschr
__std_exception_destroy
memcpy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-math-l1-1-0

acos
cos
sin

Exports

Exports

DllCanUnloadNow
DllGetClassObject
InitDarkMagic
LoadRemote

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DarkMagicX86.dll
.dll windows:6 windows x86

de0bd64bf3145d189366986499e5331a

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:aa:02:e0:5c:e9:69:17:c9:73:ad:04:f3:b6:e1:7c:51:aa:a8:c1:e2:d4:ac:d9:0c:b7:4e:7b:ee:0d:5f:fe
Signer

Actual PE Digest

52:aa:02:e0:5c:e9:69:17:c9:73:ad:04:f3:b6:e1:7c:51:aa:a8:c1:e2:d4:ac:d9:0c:b7:4e:7b:ee:0d:5f:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenW
lstrcmpA
lstrcmpiA

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-0

GetProcessIdOfThread
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess
GetCurrentThread
SetThreadPriority
CreateThread
GetCurrentThreadId
TerminateProcess
GetThreadId
ResumeThread

api-ms-win-core-atoms-l1-1-0

AddAtomW
DeleteAtom
FindAtomW

api-ms-win-core-synch-l1-1-0

SleepEx
OpenEventW
CreateEventW
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
SetEvent

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
GetTokenInformation

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sidebyside-l1-1-0

FindActCtxSectionStringW
DeactivateActCtx
GetCurrentActCtx
ActivateActCtx

api-ms-win-core-memory-l1-1-0

VirtualProtect

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
SetFilePointer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAppendW
PathRemoveFileSpecW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegGetValueW

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeGetTime
timeEndPeriod

user32

IsMenu
GetSystemMenu
KillTimer
GetGUIThreadInfo
GetDpiForMonitorInternal
GetSubMenu
GetMenu
GetWindowThreadProcessId
ord2557
SetWindowCompositionAttribute
SendMessageCallbackW
SendMessageW
RegisterShellHookWindow
DeregisterShellHookWindow
GetDpiForWindow
SystemParametersInfoForDpi
SendNotifyMessageW
GetSystemMetrics
EndPaint
BeginPaint
EnableWindow
SystemParametersInfoA
DrawEdge
GetWindow
GetParent
IsWindow
DrawTextW
FindWindowW
GetUpdateRect
PtInRect
GetIconInfo
GetMenuItemRect
SetMenuItemInfoW
MonitorFromWindow
GetClassLongW
SetMessageExtraInfo
GetCurrentInputMessageSource
LoadIconW
SendMessageTimeoutW
SetWinEventHook
SetWindowsHookExW
SetMenuInfo
CallNextHookEx
UnhookWinEvent
UnhookWindowsHookEx
GetClientRect
IsWindowVisible
IsIconic
DestroyWindow
AnimateWindow
UpdateWindow
RegisterWindowMessageW
GetClassWord
GetAncestor
GetPropW
FindWindowExW
GetWindowInfo
OffsetRect
GetSysColor
GetDesktopWindow
PrintWindow
GetDC
GetMenuItemInfoW
GetMenuItemCount
InflateRect
ReleaseDC
DefWindowProcW
WindowFromDC
InvalidateRect
RegisterClassW
SetClassLongW
GetSystemMetricsForDpi
DrawIconEx
SetWindowLongW
EnumChildWindows
GetDpiForSystem
GetClassInfoW
GetCIMSSM
EnumThreadWindows
GetWindowRect
SystemParametersInfoW
GetThreadDpiAwarenessContext
SetPropW
PostMessageW
CreateWindowExW
GetWindowLongW
SetLayeredWindowAttributes
UpdateLayeredWindow
SetWindowPos
SetTimer
GetMessageExtraInfo
RemovePropW
GetMenuBarInfo
GetMenuInfo
ShowWindow

gdi32

SetTextColor
ExcludeClipRect
DeleteDC
StretchDIBits
GdiAlphaBlend
CreateCompatibleDC
GetObjectW
GetObjectType
DeleteObject
GetLayout
StretchBlt
SelectObject
CreateDIBSection
RestoreDC
SaveDC
CreateFontW
CreateFontIndirectW
GetStockObject
GetTextColor
SetLayout
SetBkMode
GetCurrentObject
SetBkColor
ExtTextOutW
GetDCDpiScaleValue
GdiDrawStream
GetTextExtentExPointW

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_initterm
_initterm_e
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-string-l1-1-0

wcsncpy_s
memset
_wcsnicmp
_wcsicmp

ntdll

NtResumeThread
NtAlpcSendWaitReceivePort
RtlInitUnicodeString
RtlAdjustPrivilege

api-ms-win-crt-private-l1-1-0

memcpy
_except_handler4_common
__std_exception_destroy
__std_type_info_destroy_list
__CxxFrameHandler3
__std_exception_copy
wcschr
_CxxThrowException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-math-l1-1-0

_libm_sse2_cos_precise
_libm_sse2_acos_precise
_libm_sse2_sin_precise

Exports

Exports

InitDarkMagic
LoadRemote

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Orbs/Windows 7.orb
.dll windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Orbs/clover.svg
Orbs/e1evenorb-pr.png
.png
Orbs/w8logo.svg
Ribbon/theme-dark/Windows.AddRemovePrograms.svg
.xml
Ribbon/theme-dark/Windows.Computer.Manage.svg
.xml
Ribbon/theme-dark/Windows.CopyToMenu.svg
.xml
Ribbon/theme-dark/Windows.MoveToMenu.svg
.xml
Ribbon/theme-dark/Windows.MultiVerb.cmd.svg
.xml
Ribbon/theme-dark/Windows.MultiVerb.cmdPromptAsAdministrator.svg
.xml
Ribbon/theme-dark/Windows.RibbonPermissionsDialog.svg
.xml
Ribbon/theme-dark/Windows.shareprivate.svg
.xml
Ribbon/theme-dark/accessmedia.svg
Ribbon/theme-dark/easyaccess.svg
.xml
Ribbon/theme-dark/windows.SystemProperties.svg
.xml
Ribbon/theme-dark/windows.folderoptions.svg
Ribbon/theme-dark/windows.help.svg
.xml
Ribbon/theme-dark/windows.hideSelected.svg
.xml
Ribbon/theme-dark/windows.layout.svg
.xml
Ribbon/theme-dark/windows.open.svg
.xml
Ribbon/theme-dark/windows.opencontrolpanel.svg
Ribbon/theme-dark/windows.pastelink.svg
Ribbon/theme-dark/windows.removeproperties.svg
.xml
Ribbon/theme-dark/windows.slideshow.svg
.xml
Ribbon/theme-dark/windows.troubleshoot.svg
Ribbon/theme-light/Windows.AddRemovePrograms.svg
Ribbon/theme-light/Windows.Computer.Manage.svg
Ribbon/theme-light/Windows.CopyToMenu.svg
.xml
Ribbon/theme-light/Windows.MoveToMenu.svg
Ribbon/theme-light/Windows.MultiVerb.cmd.svg
.xml
Ribbon/theme-light/Windows.MultiVerb.cmdPromptAsAdministrator.svg
.xml
Ribbon/theme-light/Windows.RibbonPermissionsDialog.svg
.xml
Ribbon/theme-light/Windows.shareprivate.svg
.xml
Ribbon/theme-light/accessmedia.svg
Ribbon/theme-light/easyaccess.svg
.xml
Ribbon/theme-light/windows.SystemProperties.svg
Ribbon/theme-light/windows.edit.svg
.xml
Ribbon/theme-light/windows.email.svg
.xml
Ribbon/theme-light/windows.folderoptions.svg
Ribbon/theme-light/windows.help.svg
.xml
Ribbon/theme-light/windows.hideSelected.svg
.xml
Ribbon/theme-light/windows.layout.svg
.xml
Ribbon/theme-light/windows.open.svg
Ribbon/theme-light/windows.openControlPanel.svg
Ribbon/theme-light/windows.pastelink.svg
Ribbon/theme-light/windows.removeproperties.svg
.xml
Ribbon/theme-light/windows.slideshow.svg
.xml
Ribbon/theme-light/windows.troubleshoot.svg
StartAllBackCfg.exe
.exe windows:5 windows x64

d430d979f0bbf66dc1327a586a7d606c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegSetValueExW
RegSetKeySecurity
RegQueryInfoKeyW
RegFlushKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW
RegDeleteTreeW
RegDeleteKeyExW
RegDeleteKeyValueW

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
WindowFromPoint
WindowFromDC
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TrackMouseEvent
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
IsCharAlphaNumericW
InvalidateRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetAncestor
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CopyImage
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow
SetProcessDefaultLayout
SwitchToThisWindow
GetDpiForWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
LoadLibraryA
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
lstrcpyW
lstrcmpiW
lstrcmpW
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
UnmapViewOfFile
SuspendThread
SizeofResource
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
QueueUserWorkItem
OpenFileMappingW
MulDiv
MoveFileExW
MapViewOfFile
LockResource
LoadResource
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExW
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemTime
GetLocalTime
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
FreeResource
FormatMessageW
FindResourceW
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
AddAtomW
GetUserPreferredUILanguages
CheckElevationEnabled
GetSystemWindowsDirectoryW
IsWow64Process2

msimg32

GradientFill
AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
GdiAlphaBlend
SetLayout
GetLayout

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

SHFileOperationW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHAppBarMessage
SHGetSpecialFolderPathW
SHAddToRecentDocs
SHDefExtractIconW
ord896
ILSaveToStream
ILLoadFromStreamEx

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

comdlg32

ChooseColorW

shlwapi

PathParseIconLocationW
PathIsNetworkPathW
PathFileExistsW
PathCanonicalizeW
PathAppendW
PathAddBackslashW
StrCatW
StrDupW
StrCmpNIW
SHLoadIndirectString
SHOpenRegStream2W

ntdll

RtlAdjustPrivilege

gdiplus

GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFillPath
GdipGraphicsClear
GdipDrawPath
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

shcore

GetDpiForMonitor

uxtheme

ord121
ord120
SetWindowTheme

wtsapi32

WTSTerminateProcess

winmm

PlaySoundW

crypt32

CryptStringToBinaryA

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 484B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StartAllBackLoaderX64.dll
.dll windows:6 windows x64

8d84ac60d65a19835a8dc294d87b31f8

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:78:f7:f8:7e:58:47:87:50:a2:d9:af:c1:1b:21:fd:24:a8:e7:2d:18:e7:f3:0f:a9:dd:21:92:c8:85:28:5a
Signer

Actual PE Digest

57:78:f7:f8:7e:58:47:87:50:a2:d9:af:c1:1b:21:fd:24:a8:e7:2d:18:e7:f3:0f:a9:dd:21:92:c8:85:28:5a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAppend

kernel32

FreeLibrary
OutputDebugStringA
GetModuleFileNameW
WaitForSingleObject
GetVersion
DisableThreadLibraryCalls
CloseHandle
LoadLibraryW
GetProcAddress
CreateProcessW
GetModuleHandleW

user32

IsWindow
GetShellWindow

advapi32

RegDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1024B - Virtual size: 611B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StartAllBackX64.dll
.dll windows:6 windows x64

f1a1a8e6adc1c3f786641d3950d2c332

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:13:04:f4:8a:72:73:27:59:1b:9e:4a:fe:c2:6b:fe:42:3c:fd:50:20:6c:11:ca:8d:7c:99:82:42:5e:bf:52
Signer

Actual PE Digest

4b:13:04:f4:8a:72:73:27:59:1b:9e:4a:fe:c2:6b:fe:42:3c:fd:50:20:6c:11:ca:8d:7c:99:82:42:5e:bf:52

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

StrCpyNW
StrCmpNIW
ord219
StrNCatW
PathParseIconLocationW
PathAddBackslashW
StrCSpnA
StrStrIA
HashData
StrStrNIW
ord158
ord215
StrTrimW
ord513
ord212
ord512
ord184
ord388
PathIsNetworkPathW
StrCmpIW
ord168
PathIsRootW
PathStripToRootW
PathIsFileSpecW
ord256
PathRemoveExtensionW
PathIsUNCW
PathIsDirectoryW
SHStrDupW
StrStrIW
UrlIsW
PathCreateFromUrlW
PathFindExtensionW
StrCmpNW
ord176
SHOpenRegStream2W
ord12
PathRemoveBlanksW
ord174
ord172
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
PathRemoveBackslashW
PathFileExistsW
StrToIntW
ord16
StrStrW
PathRemoveFileSpecW
PathAppendW
SHRegGetValueW
PathIsRelativeW
ord487

dwmapi

DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea
ord138
ord141
DwmGetWindowAttribute
ord139
ord163
ord164
ord187
ord159
ord113
DwmInvalidateIconicBitmaps
DwmTransitionOwnedWindow
DwmFlush
DwmSetIconicThumbnail
ord140
DwmUpdateThumbnailProperties

uxtheme

GetThemeBackgroundExtent
IsThemePartDefined
GetThemePropertyOrigin
GetThemeBackgroundRegion
GetThemeTextExtent
GetThemeRect
GetThemeBool
GetThemeFont
GetThemeMetric
ord121
ord120
ord126
ord50
ord138
ord140
ord135
ord49
ord74
ord133
ord132
GetThemeMargins
GetWindowTheme
GetBufferedPaintTargetDC
GetThemePartSize
GetCurrentThemeName
EndBufferedAnimation
DrawThemeBackground
SetWindowTheme
GetThemeBackgroundContentRect
SetWindowThemeAttribute
OpenThemeData
GetThemeBitmap
CloseThemeData
GetThemeInt
BeginBufferedPaint
EndBufferedPaint
GetThemeEnumValue
GetThemeColor
ord47
DrawThemeParentBackground
OpenThemeDataForDpi
DrawThemeTextEx
BufferedPaintSetAlpha
IsThemeBackgroundPartiallyTransparent

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory
RoActivateInstance

ntdll

RtlAdjustPrivilege
NtQueryWnfStateData
RtlInitUnicodeString
NtQueryInformationToken
RtlCaptureContext

msvcrt

strcmp
sin
memset
memmove
memcpy
vsprintf_s
??2@YAPEAX_K@Z
wcschr
_wcsnicmp
wcscpy_s
wcscat_s
wcsncmp
malloc
free
_wcsicmp
vswprintf_s
isspace
tolower
isprint
_vsnwprintf
wcsstr
wcstok_s
abort
__C_specific_handler
wcsncpy_s
??_U@YAPEAX_K@Z
_wtoi
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
atoi
_unlock
_lock
__dllonexit
wcscmp
_onexit
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_XcptFilter
_initterm
_amsg_exit
memcmp
cos
acos
bsearch

gdi32

GdiAlphaBlend
GetObjectW
SelectObject
CreateCompatibleDC
CreateDIBSection
SelectClipRgn
OffsetClipRgn
GetObjectType
StretchDIBits
GetTextExtentExPointW
SetBkMode
TextOutW
SetWindowOrgEx
DeleteDC
GetDCDpiScaleValue
GdiDrawStream
GetDCBrushColor
StretchBlt
GetBkColor
GetBkMode
SetBoundsRect
GetBoundsRect
OffsetRgn
CreateCompatibleBitmap
SetViewportOrgEx
GetTextExtentPoint32W
GetDeviceCaps
AddFontResourceExW
CreateBitmap
DeleteObject
SetBitmapBits
CreateRectRgn
GetClipBox
CreateSolidBrush
SetLayout
BitBlt
SaveDC
ExcludeClipRect
RestoreDC
SetBkColor
GetStockObject
SetTextColor
ExtTextOutW
CreateRectRgnIndirect
GetCurrentObject
CombineRgn
GetRgnBox
GdiFlush
CreateFontIndirectW
GetTextExtentPointW
GetTextColor
CreateFontW
GetCharWidth32W
GetBitmapBits
GetGlyphIndicesW
GetLayout

user32

SetWindowLongPtrW
GetSystemMetricsForDpi
SetWindowRgn
RemovePropW
SendMessageW
GetClassNameW
EnumChildWindows
DefWindowProcW
EqualRect
IsZoomed
SetClassLongPtrW
GetSysColorBrush
RegisterClassW
TrackPopupMenu
TrackPopupMenuEx
GetMenuItemInfoW
RedrawWindow
GetDCEx
ReleaseDC
FillRect
GetDlgItem
SetWindowPos
BeginPaint
EndPaint
GetWindowInfo
OffsetRect
InflateRect
GetWindowDC
GetClassLongPtrW
GetSystemMetrics
GetComboBoxInfo
SystemParametersInfoW
ShowWindow
FindWindowW
UpdateWindow
AnimateWindow
DrawFocusRect
LoadImageW
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
GetWindowThreadProcessId
SetWinEventHook
CreateWindowExW
GetGUIThreadInfo
IsChild
MonitorFromWindow
UpdateLayeredWindow
SendMessageTimeoutW
DestroyWindow
GetMonitorInfoW
SetRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetWindow
LockSetForegroundWindow
GetFocus
IsWindow
SetFocus
SetLayeredWindowAttributes
PeekMessageW
NotifyWinEvent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
TrackMouseEvent
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
DestroyMenu
CheckMenuRadioItem
GetMenuItemCount
CheckMenuItem
ReleaseCapture
InvalidateRect
SystemParametersInfoForDpi
PtInRect
DragDetect
SetCapture
SetMenuItemBitmaps
DrawTextW
IsCharAlphaNumericA
RegisterClassExW
DestroyIcon
PostQuitMessage
SetThreadDpiAwarenessContext
GetCursorPos
MonitorFromPoint
SetWindowTextW
MsgWaitForMultipleObjectsEx
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
EndDialog
DialogBoxParamW
GetActiveWindow
WindowFromDC
GetMessageExtraInfo
GetMenuBarInfo
GetMenuInfo
SetMenuInfo
GetSystemMenu
IsMenu
SetMessageExtraInfo
SetMenuItemInfoW
DeleteMenu
AppendMenuW
GetMenuItemID
TranslateMessage
GetMenuDefaultItem
GetAsyncKeyState
GetDC
GetShellWindow
ExitWindowsEx
GetMenuState
GetDoubleClickTime
EnableWindow
IsCharAlphaNumericW
IsCharAlphaW
CharNextW
CallWindowProcW
CharLowerW
EnumThreadWindows
SetSysColors
SystemParametersInfoA
GetDesktopWindow
LoadImageA
UnhookWinEvent
SwitchToThisWindow
GetLayeredWindowAttributes
IsRectEmpty
InternalGetWindowText
GetWindowPlacement
IsIconic
MonitorFromRect
CopyRect
ShowWindowAsync
PrintWindow
ModifyMenuW
EnumDisplayMonitors
DrawEdge
DrawTextExW
GetUpdateRect
SetWindowLongW
CalculatePopupWindowPosition
DrawIconEx
UnionRect
UnregisterClassW
SetForegroundWindow
GetWindowRgnBox
GetForegroundWindow
SetRectEmpty
EnumWindows
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorInfo
GetIconInfo
CopyImage
SubtractRect
PostThreadMessageW
RegisterHotKey
AllowSetForegroundWindow
GetDpiForSystem
SetActiveWindow
RegisterClipboardFormatW
ChildWindowFromPointEx
InsertMenuItemW
GetMessageW
GetCurrentInputMessageSource
GetCIMSSM
GetWindowLongPtrW
RegisterWindowMessageW
GetClassWord
SetPropW
KillTimer
SetTimer
GetDpiForWindow
GetClientRect
GetPropW
GetAncestor
MapWindowPoints
GetWindowRect
GetParent
GetWindowTextW
FindWindowExW
PostMessageW
LoadStringW
GetSysColor
LoadCursorW
SetCursor
CreateIconIndirect
GetKeyState
wsprintfW
wsprintfA
GetWindowLongW
SetWindowCompositionAttribute
GetWindowBand
ord2509
ord2510
SetWindowBand
GetWindowRgn
GetDpiForMonitorInternal

kernel32

GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
lstrcmpiA
SetUnhandledExceptionFilter
GetTempPathW
PackageFamilyNameFromFullName
GetModuleFileNameW
CreateProcessW
Sleep
CreateTimerQueueTimer
DeleteTimerQueueTimer
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
UnregisterWaitEx
RegisterWaitForSingleObject
MoveFileW
lstrcpynW
TlsSetValue
TlsAlloc
FindPackagesByPackageFamily
TlsGetValue
GetPackagesByPackageFamily
ParseApplicationUserModelId
SetEvent
QueueUserAPC
QueueUserWorkItem
GlobalFree
GlobalAlloc
GetSystemFirmwareTable
CreateFileA
ExpandEnvironmentStringsW
SubmitThreadpoolWork
GetCurrentThread
GetThreadPriority
DeleteCriticalSection
CompareFileTime
LCMapStringW
LocalFree
LocalAlloc
MoveFileExW
DeleteFileW
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryW
GetWindowsDirectoryW
OpenProcess
QueryFullProcessImageNameW
CreateMutexW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
ResolveDelayLoadedAPI
UnhandledExceptionFilter
GetProcessId
IsBadReadPtr
TerminateProcess
ExitThread
GlobalLock
GlobalUnlock
IsBadCodePtr
GetApplicationUserModelId
GetVersionExW
DisableThreadLibraryCalls
GetCurrentActCtx
GlobalAddAtomW
GetUserDefaultUILanguage
GetComputerNameExW
DebugBreak
lstrcpynA
SetFileAttributesW
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
GetModuleHandleExW
GetCurrentProcessId
CreateEventW
RtlVirtualUnwind
RtlLookupFunctionEntry
QueryPerformanceCounter
DelayLoadFailureHook
WaitForSingleObjectEx
SleepEx
IsWow64Process2
GetCurrentProcess
ProcessIdToSessionId
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
OutputDebugStringA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
RaiseException
GetUserPreferredUILanguages
MulDiv
VirtualProtect
GetFileAttributesExW
InitOnceExecuteOnce
GetProcAddress
GetCurrentThreadId
LoadLibraryExW
InitOnceBeginInitialize
InitOnceComplete
lstrcmpW
FindResourceW
LoadResource
SizeofResource
CompareStringOrdinal
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
InitializeCriticalSection
WaitForSingleObject
CreateThread
SetThreadPriority
GetTickCount
ActivateActCtx
DeactivateActCtx
FindAtomW
AddAtomW
DeleteAtom
FreeLibrary
OpenEventW

advapi32

RegSetValueW
GetUserNameW
RegQueryValueW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegNotifyChangeKeyValue
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyValueW
GetSidSubAuthority
RegGetValueW
RegSetKeyValueW
RegCreateKeyW
RegQueryInfoKeyW
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA

shell32

ord85
SHFileOperationW
SHAppBarMessage
ord62
ord645
SHCreateItemWithParent
ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHGetStockIconInfo
SHCreateItemFromParsingName
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
ShellExecuteExW
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
ord22
ord132
ord2
ord4
ord134
SHGetFileInfoW
SHGetIDListFromObject
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
ShellExecuteW
Shell_NotifyIconW
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHGetFolderPathW
SHChangeNotify
SHGetNameFromIDList
ord162
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord193
SHBindToParent
ord23
ord727
ord17
SHGetFolderLocation
SHGetDesktopFolder
ord98
SHParseDisplayName
ord88
ord644

ole32

CoMarshalInterThreadInterfaceInStream
StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoCreateFreeThreadedMarshaler
CoAllowSetForegroundWindow
CoWaitForMultipleHandles
CoCreateInstance
CoUninitialize
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoInitialize
RevokeDragDrop
ReleaseStgMedium
RegisterDragDrop

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GlassControls
LoadSVG
LoadSVGOrb
PickGlyphDlg
Startup
UninstallW
Uninstall_AllUsersW

Sections

.text
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Styles/Plain8.msstyles
.dll windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Styles/Windows 7.msstyles
.dll windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpdateCheck.exe
.exe windows:5 windows x86

354defb512e4142e057dcecf18a87b7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__getmainargs
__set_app_type
_except_handler3
_controlfp
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
malloc
free
__p__fmode

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

kernel32

GetProcAddress
FreeLibrary
LoadLibraryA
GetStartupInfoA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
使用说明.txt
当下软件园.URL
.url

Sharing

General

Malware Config

Signatures

Files

e75f4984b1f4f72162793ec77624ebf2

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

09:63:74:f3:62:b9:30:81:d4:3c:a2:16Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

46:96:a3:75:6f:e6:ca:57:2f:2f:09:88:ee:3c:95:a3:da:23:e7:c2:7b:53:e2:a0:c4:59:b0:34:f7:e9:ff:77Signer

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-downlevel-shlwapi-l1-1-0

Sections

.text Size: 512B - Virtual size: 154B

.rdata Size: 1024B - Virtual size: 904B

.pdata Size: 512B - Virtual size: 60B

.rsrc Size: 512B - Virtual size: 480B

e75f4984b1f4f72162793ec77624ebf2

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

09:63:74:f3:62:b9:30:81:d4:3c:a2:16Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

7e:95:59:ac:91:57:05:d3:a2:c9:1e:43:35:94:f5:ce:86:52:fb:30:5b:54:f8:7b:c0:ec:4f:7c:88:4a:a8:edSigner

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-downlevel-shlwapi-l1-1-0

Sections

.text Size: 512B - Virtual size: 223B

.idata Size: 1024B - Virtual size: 612B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 28B

20516cbd158707451b9fce1880f26077

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

09:63:74:f3:62:b9:30:81:d4:3c:a2:16Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

46:96:a3:75:6f:e6:ca:57:2f:2f:09:88:ee:3c:95:a3:da:23:e7:c2:7b:53:e2:a0:c4:59:b0:34:f7:e9:ff:77
Signer

.text
Size: 512B - Virtual size: 154B

.rdata
Size: 1024B - Virtual size: 904B

.pdata
Size: 512B - Virtual size: 60B

.rsrc
Size: 512B - Virtual size: 480B

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

7e:95:59:ac:91:57:05:d3:a2:c9:1e:43:35:94:f5:ce:86:52:fb:30:5b:54:f8:7b:c0:ec:4f:7c:88:4a:a8:ed
Signer

.text
Size: 512B - Virtual size: 223B

.idata
Size: 1024B - Virtual size: 612B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 28B

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

48:77:3d:f3:ac:52:e2:65:67:f9:a7:8d:0b:73:98:19:aa:dc:93:da:84:cd:9a:e6:af:65:0c:2f:5f:8f:8a:22
Signer

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 384B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate