e6e029b545bb36bde10cade3da5fe5e2c09a70a68d8854052f0c78fe165621d7

Sharing

Copy URL Twitter E-mail

General

Target

e6e029b545bb36bde10cade3da5fe5e2c09a70a68d8854052f0c78fe165621d7
Size

4.2MB
MD5

53c0a730a6a2e3fd7cb28a67902832d2
SHA1

d5e36bc67e50029a0038dece3bf52d7c6f5c6f5b
SHA256

e6e029b545bb36bde10cade3da5fe5e2c09a70a68d8854052f0c78fe165621d7
SHA512

f96ecea526fd2ac270876a9fab780bd80f987a3270ab70cfe1f62ebde38fb1e3f2c3684240992cb2dd235b654cc631d399945016815eaa1263483457d7f332a2
SSDEEP

98304:vVxXtiXQcpw96MCrPns7evHWvLkl9IMxWtlYKEzpTp/2Vb8K:vliXQcpw96Vzs7evHWvgvIMFp9Kf

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinHex/Chinese.dat
unpack001/WinHex/ins.dll
unpack001/WinHex/x64/hash2.dll
unpack001/WinHex/x64/ins.dll
unpack001/WinHex/x64/zlib1.dll
unpack001/WinHex/zlib1.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/WinHex/Dokan.exe	nsis_installer_1
static1/unpack001/WinHex/Dokan.exe	nsis_installer_2

Files

e6e029b545bb36bde10cade3da5fe5e2c09a70a68d8854052f0c78fe165621d7
.zip
WinHex/Boot Sector FAT.tpl
WinHex/Boot Sector FAT32.tpl
WinHex/Boot Sector NTFS.tpl
WinHex/Chinese.dat
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinHex/Chinese.txt
WinHex/Dokan.exe
.exe windows:4 windows x86

e160ef8e55bb9d162da4e266afd9eef3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:56:90:01:d5:0f:c4:57
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

30/01/2015, 09:32

Not After

30/01/2016, 09:32

Subject

CN=ISLOG,O=ISLOG,L=Strasbourg,ST=Alsace,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:37:b9:08:f8:71:ee:b5:e9:94:00:00:00:00:00:37
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/08/2013, 17:38

Not After

27/08/2023, 17:48

Subject

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:26:68:01:77:1b:3c:bd:da:ee:1a:b6:4b:b8:03:b9:e0:73:d3:b8
Signer

Actual PE Digest

64:26:68:01:77:1b:3c:bd:da:ee:1a:b6:4b:b8:03:b9:e0:73:d3:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinHex/Ext Directory Entry.tpl
WinHex/Ext Group Descriptor.tpl
WinHex/Ext Inode.tpl
WinHex/Ext Superblock.tpl
WinHex/Ext4 Inode.tpl
WinHex/FAT Directory Entry.tpl
WinHex/FAT LFN Entry.tpl
WinHex/File Type Signatures Search.txt
.pdf
WinHex/GUID Partition Table.tpl
WinHex/HFS+ Volume Header.tpl
WinHex/Master Boot Record.tpl
WinHex/NTFS FILE Record.tpl
WinHex/Sample script.whs
WinHex/Text file conversion UNIX - Windows.whs
WinHex/Text file conversion Windows - UNIX.whs
WinHex/Tooltips.txt
WinHex/WinHex.cfg
WinHex/WinHex64.exe
.exe windows:5 windows x64

4f367307e2b014ddc793f2ed28338861

Code Sign

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:f8:1a:38:50:63:79:c9:b4:78:e3:3d:a1:13:4f:d6
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/05/2023, 16:54

Not After

16/05/2026, 16:54

Subject

CN=X-Ways Software Technology AG,O=X-Ways Software Technology AG,L=Bunde,ST=North Rhine-Westphalia,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8e:f4:2c:1c:bd:29:6e:c6:58:72:d4:c7:24:eb:11:cd:52:9e:f7:96:56:5e:82:1e:67:22:c5:dd:75:06:78:cb
Signer

Actual PE Digest

8e:f4:2c:1c:bd:29:6e:c6:58:72:d4:c7:24:eb:11:cd:52:9e:f7:96:56:5e:82:1e:67:22:c5:dd:75:06:78:cb

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen

user32

MessageBoxA
SetWindowLongPtrA
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TranslateAcceleratorA
TrackPopupMenu
SystemParametersInfoA
SystemParametersInfoW
SwitchDesktop
AnimateWindow
ShowWindow
ShowScrollBar
ShowCaret
SetWindowsHookExA
SetWindowTextA
SetWindowTextW
SetWindowPos
SetTimer
SetScrollInfo
SetParent
SetMenuItemInfoW
SetMenuItemBitmaps
SetMenuDefaultItem
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetDlgItemTextA
SetDlgItemTextW
SetCursorPos
SetCursor
SetClipboardData
SetCaretPos
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
SendInput
SendDlgItemMessageA
SendDlgItemMessageW
ScrollWindow
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageW
OpenDesktopW
OpenClipboard
OffsetRect
OemToCharBuffA
OemToCharA
MoveWindow
ModifyMenuA
ModifyMenuW
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
LoadMenuA
LoadImageA
LoadIconA
LoadCursorA
LoadCursorW
LoadBitmapA
LoadAcceleratorsA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
IsDlgButtonChecked
IsDialogMessageW
IsClipboardFormatAvailable
InvertRect
InvalidateRect
IntersectRect
InsertMenuA
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextA
GetWindowTextW
GetWindowRect
GetWindowInfo
GetWindowDC
GetSystemMetrics
GetSystemMenu
GetSysColor
GetSubMenu
GetScrollPos
GetScrollInfo
GetParent
GetWindow
GetNextDlgTabItem
GetMessageW
GetMenuStringA
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetKeyboardState
GetKeyState
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItemTextA
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetClipboardOwner
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassInfoW
GetAsyncKeyState
GetActiveWindow
FindWindowA
FindWindowW
FillRect
ExitWindowsEx
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDialog
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DispatchMessageW
DialogBoxParamW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCaret
DeleteMenu
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateMDIWindowW
CreateCaret
CountClipboardFormats
CopyImage
CloseClipboard
CheckRadioButton
CheckMenuRadioItem
CheckMenuItem
CheckDlgButton
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AppendMenuA
AppendMenuW
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharUpperA
CharToOemBuffA
CharToOemA
GetMonitorInfoA
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
SetThreadLocale
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
DeleteFileW
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenW
lstrcpynW
lstrcpyA
lstrcpyW
lstrcmpiA
lstrcmpW
lstrcatW
WriteProcessMemory
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
VirtualAlloc
UnlockFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadContext
SetPriorityClass
SetLastError
SetHandleInformation
SetFileTime
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetEndOfFile
SetCurrentDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReadProcessMemory
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
PeekNamedPipe
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileW
LockResource
LockFile
LocalUnlock
LocalLock
LocalFree
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsBadWritePtr
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationA
GetVolumeInformationW
GetVersionExW
GetTimeZoneInformation
GetTickCount
GetThreadTimes
GetThreadLocale
GetThreadContext
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemPowerStatus
GetSystemInfo
GetShortPathNameA
GetProcessVersion
GetProcessTimes
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoA
GetLocalTime
GetLastError
GetHandleInformation
GetFileTime
GetFileSize
GetFileInformationByHandle
GetFileAttributesA
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDriveTypeA
GetDriveTypeW
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCommandLineW
GetACP
FreeLibrary
FormatMessageA
FormatMessageW
FlushInstructionCache
FlushFileBuffers
FindResourceA
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemCodePagesA
EnterCriticalSection
DuplicateHandle
DosDateTimeToFileTime
DeviceIoControl
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateHardLinkW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Beep
GetLongPathNameA
GetLongPathNameW
GlobalMemoryStatusEx
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetCPInfoExW
GetCPInfoExA
RtlCaptureStackBackTrace
GetDiskFreeSpaceExW
GetProcAddress
GetComputerNameExW
SetFilePointerEx
GetVolumePathNamesForVolumeNameW
OpenThread
GetFileSizeEx
FreeUserPhysicalPages
AllocateUserPhysicalPages

gdi32

TextOutA
TextOutW
StretchDIBits
StartPage
StartDocA
StartDocW
SetWorldTransform
SetTextColor
SetTextAlign
SetPixelV
SetPixel
SetGraphicsMode
SetDIBits
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
Rectangle
PtInRegion
Polygon
MoveToEx
ModifyWorldTransform
LineTo
GetTextMetricsA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextColor
GetStockObject
GetPixel
GetObjectA
GetObjectW
GetDeviceCaps
GetCharABCWidthsFloatW
GetBkColor
GetBitmapBits
ExtTextOutA
ExtTextOutW
EndPage
EndDoc
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateFontIndirectA
CreateFontIndirectW
CreateFontA
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
AbortDoc

advapi32

SetSecurityDescriptorDacl
SetFileSecurityW
RegSetValueExA
RegSetValueExW
RegSetValueA
RegSetValueW
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegOpenKeyExA
RegOpenKeyA
RegDeleteValueW
RegDeleteKeyA
RegDeleteKeyW
RegCreateKeyA
RegCreateKeyW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
LookupAccountNameW
IsTextUnicode
InitializeSecurityDescriptor
GetUserNameW
GetCurrentHwProfileA
AdjustTokenPrivileges

shell32

SHGetFileInfoA
SHGetFileInfoW
ShellExecuteA
ShellExecuteW
ExtractIconW
ExtractAssociatedIconW
DragQueryPoint
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW

winspool.drv

GetDefaultPrinterA
OpenPrinterA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

powrprof

SetSuspendState

comctl32

ImageList_GetIconSize
ImageList_Draw
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_Destroy
ImageList_Create

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsW

winhttp

WinHttpSetOption
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpOpen
WinHttpConnect
WinHttpCloseHandle

comdlg32

CommDlgExtendedError
ChooseFontA
ChooseColorA
GetSaveFileNameW
GetOpenFileNameW

winmm

PlaySoundA

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 168KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 687KB - Virtual size: 687KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinHex/ins.dll
.dll windows:6 windows x86

0b92aae1ada53b49377da61277d48436

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WaitForSingleObjectEx
GetCurrentThreadId
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
CreateFileW
WriteConsoleW
DecodePointer

Exports

Exports

??0ReturnGuard@@QAE@XZ
??1ReturnGuard@@QAE@XZ
?setClean@ReturnGuard@@QAGXXZ
setMissingReturnCallback
stEnterScope
stGetCurrentThreadStackTrace
stGetCurrentThreadStackTraceW
stGetStackTrace
stGetStackTraceW
stGetThreadError
stGetThreadStacktrace
stGetThreadState
stInitialize
stJoinThread
stPrepareUnload
stRemoveThread
stResetThread
stReturn
stRunThreaded
stSetMaxStacktraceDepth
stSetOp
stSetThreadError

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinHex/language.dat
WinHex/setup.exe
.exe windows:4 windows x86

Code Sign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:9d:54:af:0b:b0:ed:94
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

14/05/2020, 19:28

Not After

14/05/2023, 19:28

Subject

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:e5:0c:49:ed:d3:c6:3f:99:4d:f6:d3:b5:ba:6e:19:2b:47:ea:50:cb:b5:70:08:ab:37:39:70:5a:70:e3:7f
Signer

Actual PE Digest

a9:e5:0c:49:ed:d3:c6:3f:99:4d:f6:d3:b5:ba:6e:19:2b:47:ea:50:cb:b5:70:08:ab:37:39:70:5a:70:e3:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinHex/timezone.dat
WinHex/user.txt
WinHex/winhex.exe
.exe windows:4 windows x86

Code Sign

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:f8:1a:38:50:63:79:c9:b4:78:e3:3d:a1:13:4f:d6
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/05/2023, 16:54

Not After

16/05/2026, 16:54

Subject

CN=X-Ways Software Technology AG,O=X-Ways Software Technology AG,L=Bunde,ST=North Rhine-Westphalia,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9d:4d:9f:0b:c8:d1:62:ca:51:79:a5:63:35:18:3e:17:bb:6f:b2:e8:ac:82:d1:6e:e1:fc:b1:92:ee:c0:29:12
Signer

Actual PE Digest

9d:4d:9f:0b:c8:d1:62:ca:51:79:a5:63:35:18:3e:17:bb:6f:b2:e8:ac:82:d1:6e:e1:fc:b1:92:ee:c0:29:12

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 124KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 380B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 541KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinHex/x64/hash2.dll
.dll windows:5 windows x64

65a07e83ad2d464605bbfa043427c1b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinHex/x64/ins.dll
.dll windows:6 windows x64

aa9066ff6615b4253738c478cf3ed64e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WaitForSingleObjectEx
GetCurrentThreadId
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
CreateFileW
WriteConsoleW

Exports

Exports

??0ReturnGuard@@QEAA@XZ
??1ReturnGuard@@QEAA@XZ
?setClean@ReturnGuard@@QEAAXXZ
setMissingReturnCallback
stEnterScope
stGetCurrentThreadStackTrace
stGetCurrentThreadStackTraceW
stGetStackTrace
stGetStackTraceW
stGetThreadError
stGetThreadStacktrace
stGetThreadState
stInitialize
stJoinThread
stPrepareUnload
stRemoveThread
stResetThread
stReturn
stRunThreaded
stSetMaxStacktraceDepth
stSetOp
stSetThreadError

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinHex/x64/zlib1.dll
.dll windows:5 windows x64

d049ce821cc525c2e44f2c025b76a32c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
SetFilePointer
CloseHandle
GetFileType
CreateFileW
HeapFree
HeapAlloc
WideCharToMultiByte
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteCriticalSection
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
RtlUnwindEx
EncodePointer
DecodePointer
WriteFile
GetConsoleCP
GetConsoleMode
SetEndOfFile
GetProcessHeap
MultiByteToWideChar
ReadFile
GetProcAddress
GetModuleHandleW
ExitProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleW
LoadLibraryW
LCMapStringW
GetStringTypeW
HeapReAlloc
HeapSize
FlushFileBuffers
CreateFileA

Exports

Exports

adler32
adler32_combine
adler32_combine64
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinHex/zlib1.dll
.dll windows:4 windows x86

66a201125fb55b79ced6d0ecd1985e10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
Sleep
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_lseek
_open
_read
_write
__dllonexit
__lc_codepage
__mb_cur_max
_errno
_iob
abort
fflush
fputc
free
fwrite
getenv
localeconv
malloc
memchr
memcpy
sprintf
strcat
strcpy
strerror
strlen
vfprintf
wcslen

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzoffset
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 4KB - Virtual size: 3KB

DATA Size: 512B - Virtual size: 160B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 702B

.reloc Size: 512B - Virtual size: 424B

.rsrc Size: 14KB - Virtual size: 14KB

e160ef8e55bb9d162da4e266afd9eef3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

03:01Certificate

Key Usages

8f:56:90:01:d5:0f:c4:57Certificate

Extended Key Usages

Key Usages

33:00:00:00:37:b9:08:f8:71:ee:b5:e9:94:00:00:00:00:00:37Certificate

Extended Key Usages

Key Usages

64:26:68:01:77:1b:3c:bd:da:ee:1a:b6:4b:b8:03:b9:e0:73:d3:b8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 149KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 4KB

4f367307e2b014ddc793f2ed28338861

Code Sign

64:33:51:d3:c7:38:9f:08Certificate

Extended Key Usages

Key Usages

45:f8:1a:38:50:63:79:c9:b4:78:e3:3d:a1:13:4f:d6Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

8e:f4:2c:1c:bd:29:6e:c6:58:72:d4:c7:24:eb:11:cd:52:9e:f7:96:56:5e:82:1e:67:22:c5:dd:75:06:78:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

kernel32

gdi32

advapi32

shell32

winspool.drv

powrprof

comctl32

setupapi

winhttp

comdlg32

CODE
Size: 4KB - Virtual size: 3KB

DATA
Size: 512B - Virtual size: 160B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 702B

.reloc
Size: 512B - Virtual size: 424B

.rsrc
Size: 14KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

03:01
Certificate

8f:56:90:01:d5:0f:c4:57
Certificate

33:00:00:00:37:b9:08:f8:71:ee:b5:e9:94:00:00:00:00:00:37
Certificate

64:26:68:01:77:1b:3c:bd:da:ee:1a:b6:4b:b8:03:b9:e0:73:d3:b8
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 149KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 4KB

64:33:51:d3:c7:38:9f:08
Certificate

45:f8:1a:38:50:63:79:c9:b4:78:e3:3d:a1:13:4f:d6
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

8e:f4:2c:1c:bd:29:6e:c6:58:72:d4:c7:24:eb:11:cd:52:9e:f7:96:56:5e:82:1e:67:22:c5:dd:75:06:78:cb
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 174KB - Virtual size: 173KB

.bss
Size: - Virtual size: 168KB

.idata
Size: 19KB - Virtual size: 19KB

.didata
Size: 512B - Virtual size: 298B

.tls
Size: - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 40B

.pdata
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 687KB - Virtual size: 687KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

07
Certificate

ee:9d:54:af:0b:b0:ed:94
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

a9:e5:0c:49:ed:d3:c6:3f:99:4d:f6:d3:b5:ba:6e:19:2b:47:ea:50:cb:b5:70:08:ab:37:39:70:5a:70:e3:7f
Signer

CODE
Size: 22KB - Virtual size: 21KB

DATA
Size: 1024B - Virtual size: 940B

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

64:33:51:d3:c7:38:9f:08
Certificate

45:f8:1a:38:50:63:79:c9:b4:78:e3:3d:a1:13:4f:d6
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

9d:4d:9f:0b:c8:d1:62:ca:51:79:a5:63:35:18:3e:17:bb:6f:b2:e8:ac:82:d1:6e:e1:fc:b1:92:ee:c0:29:12
Signer