grandoreiro | i4D5zW6J[.]7z

Resubmissions

24-10-2023 21:15

231024-z3wresaa34 10

Sharing

Copy URL

Twitter E-mail

General

Target

i4D5zW6J.7z
Size

8.6MB
MD5

78b94db464a1a0e91cd6d3a976332668
SHA1

a616ef6e7d3c9dd600ddbebabb968742b39d593c
SHA256

e2751b8455728c372f6552335a8b5c12a2f80003bbe806f5464d8f3982c0d002
SHA512

8ed41498ea74ba1ce3d019973007cb6aa4080ba5e085ccdda143cdb59aefafc4881baa527a6bfdbf459edd415d52af1d29916646e559be6c862720c016fe87b0
SSDEEP

196608:5F344MDzauW/qdowZKCUgYI3Q9EslzvTMyUBWuZqEq2IBicr8dFi9A9k8maL1H:5FI44Jh5fY4axlvIdi3V78ka5

Score

10^/10

grandoreiro

Malware Config

Signatures

Detects Grandoreiro payload 1 IoCs

resource	yara_rule
static1/unpack002/i4D5zW6J\CBSCreateVC.dll	family_grandoreiro_v1

Grandoreiro family
grandoreiro

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/i4D5zW6J\CBSCreateVC.dll
unpack002/i4D5zW6J\CBSProducstInfo.dll
unpack002/i4D5zW6J\DAQExp.dll

Files

i4D5zW6J.7z
.7z

Password: infected
.zip
.zip
i4D5zW6J\CBSCreateVC.dll
.dll regsvr32 windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExportList
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetLoaderInterface
GetRegisteredUserName
GetTeamViewerInterface
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
IsAdmin
IsInternetConnected
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
OpenPages
RegistryCheck
RegistryCheckItems
RegistryImportFile
SearchTreeForFile
SearchTreeForFileW
SetRegistryItem
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
_libiconv_version
block
chksym
createVC
dbghelp
dh
fptr
homedir
itoldyouso
libiconv
libiconv_close
libiconv_open
libiconvctl
libiconvlist
lmi
lminfo
locale_charset
omap
png_access_version_number
png_build_grayscale_palette
png_calloc
png_chunk_error
png_chunk_warning
png_convert_from_struct_tm
png_convert_from_time_t
png_convert_to_rfc1123
png_create_info_struct
png_create_read_struct
png_create_read_struct_2
png_create_write_struct
png_create_write_struct_2
png_data_freer
png_destroy_info_struct
png_destroy_read_struct
png_destroy_write_struct
png_error
png_free
png_free_data
png_free_default
png_get_IHDR
png_get_PLTE
png_get_bKGD
png_get_bit_depth
png_get_cHRM
png_get_cHRM_fixed
png_get_channels
png_get_chunk_cache_max
png_get_chunk_malloc_max
png_get_color_type
png_get_compression_buffer_size
png_get_compression_type
png_get_copyright
png_get_error_ptr
png_get_filter_type
png_get_gAMA
png_get_gAMA_fixed
png_get_hIST
png_get_header_ver
png_get_header_version
png_get_iCCP
png_get_image_height
png_get_image_width
png_get_interlace_type
png_get_io_chunk_name
png_get_io_ptr
png_get_io_state
png_get_libpng_ver
png_get_mem_ptr
png_get_oFFs
png_get_pCAL
png_get_pHYs
png_get_pixel_aspect_ratio
png_get_pixels_per_meter
png_get_progressive_ptr
png_get_rgb_to_gray_status
png_get_rowbytes
png_get_rows
png_get_sBIT
png_get_sCAL
png_get_sPLT
png_get_sRGB
png_get_signature
png_get_tIME
png_get_tRNS
png_get_text
png_get_uint_31
png_get_unknown_chunks
png_get_user_chunk_ptr
png_get_user_height_max
png_get_user_transform_ptr
png_get_user_width_max
png_get_valid
png_get_x_offset_microns
png_get_x_offset_pixels
png_get_x_pixels_per_meter
png_get_y_offset_microns
png_get_y_offset_pixels
png_get_y_pixels_per_meter
png_handle_as_unknown
png_info_init_3
png_init_io
png_malloc
png_malloc_default
png_malloc_warn
png_permit_mng_features
png_process_data
png_progressive_combine_row
png_read_end
png_read_image
png_read_info
png_read_png
png_read_row
png_read_rows
png_read_update_info
png_reset_zstream
png_save_int_32
png_save_uint_16
png_save_uint_32
png_set_IHDR
png_set_PLTE
png_set_add_alpha
png_set_bKGD
png_set_background
png_set_bgr
png_set_cHRM
png_set_cHRM_fixed
png_set_chunk_cache_max
png_set_chunk_malloc_max
png_set_compression_buffer_size
png_set_compression_level
png_set_compression_mem_level
png_set_compression_method
png_set_compression_strategy
png_set_compression_window_bits
png_set_crc_action
png_set_error_fn
png_set_expand
png_set_expand_gray_1_2_4_to_8
png_set_filler
png_set_filter
png_set_filter_heuristics
png_set_flush
png_set_gAMA
png_set_gAMA_fixed
png_set_gamma
png_set_gray_to_rgb
png_set_hIST
png_set_iCCP
png_set_interlace_handling
png_set_invalid
png_set_invert_alpha
png_set_invert_mono
png_set_keep_unknown_chunks
png_set_longjmp_fn
png_set_mem_fn
png_set_oFFs
png_set_pCAL
png_set_pHYs
png_set_packing
png_set_packswap
png_set_palette_to_rgb
png_set_progressive_read_fn
png_set_quantize
png_set_read_fn
png_set_read_status_fn
png_set_read_user_chunk_fn
png_set_read_user_transform_fn
png_set_rgb_to_gray
png_set_rgb_to_gray_fixed
png_set_rows
png_set_sBIT
png_set_sCAL
png_set_sPLT
png_set_sRGB
png_set_sRGB_gAMA_and_cHRM
png_set_shift
png_set_sig_bytes
png_set_strip_16
png_set_strip_alpha
png_set_swap
png_set_swap_alpha
png_set_tIME
png_set_tRNS
png_set_tRNS_to_alpha
png_set_text
png_set_unknown_chunk_location
png_set_unknown_chunks
png_set_user_limits
png_set_user_transform_info
png_set_write_fn
png_set_write_status_fn
png_set_write_user_transform_fn
png_sig_cmp
png_start_read_image
png_warning
png_write_chunk
png_write_chunk_data
png_write_chunk_end
png_write_chunk_start
png_write_end
png_write_flush
png_write_image
png_write_info
png_write_info_before_PLTE
png_write_png
png_write_row
png_write_rows
png_write_sig
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

CODE
Size: 9.8MB - Virtual size: 9.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 80KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 321.8MB - Virtual size: 321.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
i4D5zW6J\CBSProducstInfo.dll
.dll windows:5 windows x86

e6cff948de5f9db698cc694c45855780

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
lstrcpyW
WritePrivateProfileStringA
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SwitchToThread
SizeofResource
SignalObjectAndWait
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OutputDebugStringW
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
GlobalFindAtomW
GlobalDeleteAtom
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
OffsetWindowOrgEx
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStretchBltMode
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
BitBlt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

IsEqualGUID
OleUninitialize
OleInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipRestoreGraphics
GdipSaveGraphics
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDrawImageRect
GdipGraphicsClear
GdipSetPageUnit
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetImagePaletteSize
GdipSetImagePalette
GdipGetImagePalette
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageFlags
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageType
GdipGetImageBounds
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

cbsproducstinfo

CompareVersion

Exports

Exports

CompareVersion
GetWSProductsCount

Sections

.text
Size: 561KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
i4D5zW6J\DAQExp.dll
.dll windows:5 windows x86

197129eab4c8ffe72aecb417b589b701

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

getpeername
connect
WSAStartup
select
WSAGetLastError
getsockname
WSACleanup
recv
bind
socket
closesocket
gethostbyaddr
gethostbyname
send
listen
accept
htonl
htons

kernel32

CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
GetTickCount
WaitForSingleObject
SetEvent
Sleep
CreateEventA
CloseHandle
DeleteFileA
FindFirstFileA
FindClose
FindNextFileA
TerminateThread
CreateDirectoryA
CopyFileA
GetModuleFileNameA
FreeLibrary
CompareStringW
GetProcAddress
LoadLibraryA
LoadLibraryExA
GetPrivateProfileStringA
FormatMessageA
GetLastError
LocalFree
WideCharToMultiByte
MultiByteToWideChar
GetACP
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateFileA
GetFileSize
SetFilePointer
ReadFile
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
FileTimeToSystemTime
GetModuleHandleA
GetSystemInfo
GetVersionExA
lstrlenA
GetSystemDefaultLCID
GetEnvironmentVariableA
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
InterlockedExchangeAdd
QueryPerformanceCounter
GetEnvironmentStringsW
SetEnvironmentVariableA
ExitProcess
GetOEMCP
InterlockedDecrement
GetFileAttributesA
FreeEnvironmentStringsW
HeapSize
GetEnvironmentStrings
FreeEnvironmentStringsA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
FlushFileBuffers
HeapFree
ExitThread
GetCurrentThreadId
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MoveFileA
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
IsValidCodePage

user32

GetSystemMetrics

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoCreateGuid

oleaut32

SysStringLen
SysAllocString
SysFreeString
SysStringByteLen
VariantClear

urlmon

URLDownloadToFileA

Exports

Exports

GetDAQServices

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i4D5zW6J\analistcs.exe
.exe windows:5 windows x86

23e9c927a639a2ea264655bc8cb838c9

Code Sign

5c:ca:a8:23:69:a2:6a:ee:30:d0:17:61:6b:1c:eb:69
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23-02-2017 00:00

Not After

23-02-2018 23:59

Subject

CN=Wondershare Technology Co.\,Ltd,OU=Information Security,O=Wondershare Technology Co.\,Ltd,L=Lasa,ST=Xizang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:57:24:d0:90:e9:62:0d:6f:f0:b1:84:72:79:a6:8d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22-02-2017 00:00

Not After

22-02-2018 23:59

Subject

CN=Wondershare Technology Co.\,Ltd,OU=Information Security,O=Wondershare Technology Co.\,Ltd,L=Lasa,ST=Xizang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:1b:fd:65:28:71:7a:02:6d:c5:a3:b1:f1:78:be:0c:12:5e:e5:92:25:e1:c6:6a:34:77:a4:9f:45:af:38:0e
Signer

Actual PE Digest

43:1b:fd:65:28:71:7a:02:6d:c5:a3:b1:f1:78:be:0c:12:5e:e5:92:25:e1:c6:6a:34:77:a4:9f:45:af:38:0e

Digest Algorithm

sha256

PE Digest Matches

true

26:4c:e3:2e:a8:d1:1c:02:1c:3b:ac:ee:5f:18:a3:e5:23:27:69:11
Signer

Actual PE Digest

26:4c:e3:2e:a8:d1:1c:02:1c:3b:ac:ee:5f:18:a3:e5:23:27:69:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
DispGetIDsOfNames
RegisterTypeLib
LoadTypeLibEx
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenuEx
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenuDefaultItem
SetMenu
SetForegroundWindow
SetFocus
SetDlgItemTextW
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
SendDlgItemMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostThreadMessageW
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadMenuW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCaretBlinkTime
GetCapture
GetActiveWindow
FrameRect
FlashWindowEx
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateIcon
CopyImage
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrlenW
lstrcpyW
WriteProcessMemory
WritePrivateProfileStringA
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
TerminateProcess
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SignalObjectAndWait
SetVolumeLabelW
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
RemoveDirectoryW
ReleaseMutex
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
OpenProcess
OpenMutexW
MultiByteToWideChar
MulDiv
MoveFileW
LockResource
LocalFileTimeToFileTime
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalLock
GlobalGetAtomNameW
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLCID
GetStdHandle
GetShortPathNameW
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileStringW
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameA
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesExW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCommandLineW
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FlushFileBuffers
FindResourceW
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeviceIoControl
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreateMutexW
CreateFileA
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
OffsetWindowOrgEx
OffsetRgn
OffsetClipRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStretchBltMode
GetStockObject
GetRgnBox
GetRegionData
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtSelectClipRgn
ExtCreateRegion
ExcludeClipRect
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseEnhMetaFile
BitBlt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetGetConnectionW

ole32

CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CLSIDFromProgID
ProgIDFromCLSID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoLockObjectExternal
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
IsEqualGUID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateGuid

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

urlmon

CoInternetCreateZoneManager
CoInternetCreateSecurityManager

wininet

InternetGetConnectedState
InternetSetOptionW
InternetOpenW
InternetConnectW
InternetCloseHandle

shell32

Shell_NotifyIconW
ShellExecuteA
ShellExecuteW
SHAppBarMessage
SHGetSpecialFolderPathW
SHGetFolderPathW

comdlg32

GetOpenFileNameW

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipRestoreGraphics
GdipSaveGraphics
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDrawImageRect
GdipGraphicsClear
GdipSetPageUnit
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorKeys
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetImagePaletteSize
GdipSetImagePalette
GdipGetImagePalette
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageFlags
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageType
GdipGetImageBounds
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

wsock32

__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
getservbyname
gethostbyname
socket
shutdown
setsockopt
send
select
recv
ntohs
ioctlsocket
inet_addr
htons
connect
closesocket

daqexp

GetDAQServices

cbscreatevc

IsAdmin
IsAdmin
createVC

cbsproducstinfo

CompareVersion
CompareVersion

msvcrt

_gcvt

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 68B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
i4D5zW6J\analistcs.ini

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 9.8MB - Virtual size: 9.8MB

DATA Size: 61KB - Virtual size: 61KB

BSS Size: - Virtual size: 80KB

.idata Size: 13KB - Virtual size: 13KB

.edata Size: 12KB - Virtual size: 11KB

.reloc Size: 139KB - Virtual size: 139KB

.rsrc Size: 321.8MB - Virtual size: 321.8MB

e6cff948de5f9db698cc694c45855780

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

version

ole32

comctl32

gdiplus

cbsproducstinfo

Exports

Exports

Sections

.text Size: 561KB - Virtual size: 560KB

.itext Size: 3KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 12KB

.bss Size: - Virtual size: 20KB

.idata Size: 13KB - Virtual size: 13KB

.edata Size: 512B - Virtual size: 114B

.reloc Size: 37KB - Virtual size: 36KB

.rsrc Size: 63KB - Virtual size: 63KB

197129eab4c8ffe72aecb417b589b701

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

urlmon

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 218KB - Virtual size: 217KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 62KB - Virtual size: 62KB

23e9c927a639a2ea264655bc8cb838c9

Code Sign

5c:ca:a8:23:69:a2:6a:ee:30:d0:17:61:6b:1c:eb:69Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

3d:57:24:d0:90:e9:62:0d:6f:f0:b1:84:72:79:a6:8dCertificate

CODE
Size: 9.8MB - Virtual size: 9.8MB

DATA
Size: 61KB - Virtual size: 61KB

BSS
Size: - Virtual size: 80KB

.idata
Size: 13KB - Virtual size: 13KB

.edata
Size: 12KB - Virtual size: 11KB

.reloc
Size: 139KB - Virtual size: 139KB

.rsrc
Size: 321.8MB - Virtual size: 321.8MB

.text
Size: 561KB - Virtual size: 560KB

.itext
Size: 3KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 12KB

.bss
Size: - Virtual size: 20KB

.idata
Size: 13KB - Virtual size: 13KB

.edata
Size: 512B - Virtual size: 114B

.reloc
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 63KB - Virtual size: 63KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 218KB - Virtual size: 217KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 62KB - Virtual size: 62KB

5c:ca:a8:23:69:a2:6a:ee:30:d0:17:61:6b:1c:eb:69
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

3d:57:24:d0:90:e9:62:0d:6f:f0:b1:84:72:79:a6:8d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

43:1b:fd:65:28:71:7a:02:6d:c5:a3:b1:f1:78:be:0c:12:5e:e5:92:25:e1:c6:6a:34:77:a4:9f:45:af:38:0e
Signer

26:4c:e3:2e:a8:d1:1c:02:1c:3b:ac:ee:5f:18:a3:e5:23:27:69:11
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.itext
Size: 6KB - Virtual size: 5KB

.data
Size: 65KB - Virtual size: 64KB

.bss
Size: - Virtual size: 25KB

.idata
Size: 19KB - Virtual size: 18KB

.tls
Size: - Virtual size: 68B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 106KB - Virtual size: 105KB

.rsrc
Size: 146KB - Virtual size: 146KB