6e713d402d02be4c325ba335fa9eff88c42d8a11f1bd2a2bdb6215b65a0c0a07

Sharing

Copy URL Twitter E-mail

General

Target

6e713d402d02be4c325ba335fa9eff88c42d8a11f1bd2a2bdb6215b65a0c0a07
Size

2.8MB
MD5

e19293953387e039795a7185ed5b16a2
SHA1

ae01490059505ecb0952a845b9d19a8ed4f4475a
SHA256

6e713d402d02be4c325ba335fa9eff88c42d8a11f1bd2a2bdb6215b65a0c0a07
SHA512

8141da19ef0b79d1023067d300cfb8ae64d730c091b066c614e76625396ea76a313bbe2359e7691eb9a0f29419c04a454c04df3ce931ba81110f7838f607acf0
SSDEEP

49152:pJHxsQuaAlTuR7jotbIWnTrcBIHOQg18jB5BRBCBarp91XNI:TuQdAlamttkBIRg1Y9RoBaz1Xe

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ImageOle.dll
unpack001/PL.exe
unpack001/RunApp.exe

Files

6e713d402d02be4c325ba335fa9eff88c42d8a11f1bd2a2bdb6215b65a0c0a07
.zip
GRA.ini
HHReplayer.swf
ImageOle.dll
.dll regsvr32 windows:4 windows x86

66a3a1bca6de4137317716abc09b2e8b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
FlushInstructionCache
MulDiv
GetCurrentProcess
LeaveCriticalSection
WideCharToMultiByte
InterlockedDecrement
GlobalUnlock
ReadFile
CloseHandle
GlobalFree
GlobalLock
GlobalAlloc
SetFilePointer
CreateFileA
EnterCriticalSection
lstrlenW
DisableThreadLibraryCalls
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement

user32

GetClientRect
IsChild
SetFocus
WindowFromDC
PtInRect
GetDC
ReleaseDC
IntersectRect
GetKeyState
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
SendMessageA
EndPaint
UpdateWindow
KillTimer
IsWindowVisible
SetTimer
GetDesktopWindow
CreateWindowExA
CallWindowProcA
GetWindowLongA
SetWindowLongA
BeginPaint
GetFocus
ShowWindow
GetParent
InvalidateRect
DefWindowProcA
DestroyWindow
IsWindow
UnionRect

gdi32

CreateCompatibleDC
CloseMetaFile
CreateRectRgnIndirect
DeleteDC
LPtoDP
DeleteObject
SelectClipRgn
BitBlt
SelectObject
GetClipRgn
ExcludeClipRect
RectVisible
CreateMetaFileA
SetWindowExtEx
DeleteMetaFile
CreateCompatibleBitmap
CreateRectRgn
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
RestoreDC
GetDeviceCaps

ole32

OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemFree
CreateStreamOnHGlobal
CreateDataAdviseHolder
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
SysFreeString
SysAllocString
OleCreatePropertyFrame
OleLoadPicture
SysStringLen
VariantClear

atl

ord26
ord43
ord44
ord50
ord46
ord51
ord58
ord27
ord32
ord57
ord18
ord15
ord16
ord21
ord23
ord31
ord30

msvcrt

_ftol
memcmp
_purecall
memcpy
memset
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_initterm
_adjust_fdiv
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
free
malloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LHN.txt
.xml
LSB.ini
LayoutMgr.ini
MAT_Config.bin
PL.exe
.exe windows:5 windows x86

7e30987d0b91ce1ab9cda598a29d458c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessImageFileNameW

kernel32

GetModuleHandleA
GetVersionExA
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
CompareStringA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
SetStdHandle
GetCurrentThreadId
HeapSize
Sleep
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GlobalAddAtomW
GlobalFlags
lstrcmpW
lstrlenA
lstrcmpA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
CompareStringW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetProcAddress
CreateFileW
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryW
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
WideCharToMultiByte
GetACP
lstrlenW
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
CloseHandle
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetFileType

shlwapi

PathFindFileNameW
PathIsUNCW
PathStripToRootW

oleacc

CreateStdAccessibleObject
LresultFromObject

user32

DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowPos
SetWindowLongW
IsWindow
GetDlgItem
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
PeekMessageW
ValidateRect
GetFocus
PostMessageW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSystemMetrics
CharUpperW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
LoadCursorW
UnhookWindowsHookEx
MessageBoxW
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
GetWindowTextW
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow

gdi32

CreateBitmap
GetStockObject
DeleteObject
SaveDC
RestoreDC
SetBkColor
SetTextColor
DeleteDC
SetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
GetDeviceCaps
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetClipBox
SetMapMode
ScaleViewportExtEx

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comdlg32

GetFileTitleW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PartyPokerFr.dll
.dll windows:5 windows x86

962f97bf5baceab3f836127f30f054d1

Code Sign

05:f5:1e:bf:e2:0c:2b:dc:a6:d3:6c:3e:5c:55:6e:b7
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/08/2023, 00:00

Not After

27/08/2026, 23:59

Subject

CN=ElectraWorks Limited,O=ElectraWorks Limited,L=Gibraltar,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:fd:ed:73:90:0d:f4:57:2f:8d:8d:ae:78:d5:fa:07:66:24:b9:97:d8:f5:37:c8:7b:a2:e2:f0:57:a0:f8:4b
Signer

Actual PE Digest

2b:fd:ed:73:90:0d:f4:57:2f:8d:8d:ae:78:d5:fa:07:66:24:b9:97:d8:f5:37:c8:7b:a2:e2:f0:57:a0:f8:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pgbrowser

??1CBrowserFactory@@UAE@XZ
??1CBasicBrowser@@UAE@XZ

pgimagedll_19

?Read@CxMemFile@@UAEIPAXII@Z
??0CxMemFile@@QAE@PAEI@Z
??1CxMemFile@@UAE@XZ
?Write@CxMemFile@@UAEIPBXII@Z
?Resample@CxImage@@QAE_NHHHPAV1@@Z
?IsValid@CxImage@@QBE_NXZ
?DrawSection@CxImage@@QAEHPAUHDC__@@HHHHHHHH_N@Z
?Draw@CxImage@@QAEHPAUHDC__@@HHHHPAUtagRECT@@_N2@Z
?MakeBitmap@CxImage@@QAEPAUHBITMAP__@@PAUHDC__@@_N@Z
?GetWidth@CxImage@@QBEIXZ
?GetHeight@CxImage@@QBEIXZ
?DestroyFrames@CxImage@@QAE_NXZ
?Destroy@CxImage@@QAE_NXZ
??0CxImage@@QAE@PB_WI@Z
??0CxImage@@QAE@ABV0@_N11@Z
??0CxImage@@QAE@I@Z
?Scanf@CxMemFile@@UAEHPBDPAX@Z
?GetS@CxMemFile@@UAEPADPADH@Z
?GetC@CxMemFile@@UAEHXZ
?PutC@CxMemFile@@UAE_NE@Z
?Error@CxMemFile@@UAEHXZ
?Eof@CxMemFile@@UAE_NXZ
?Flush@CxMemFile@@UAE_NXZ
?Size@CxMemFile@@UAEHXZ
?Tell@CxMemFile@@UAEHXZ
?Seek@CxMemFile@@UAE_NHH@Z
?Close@CxMemFile@@UAE_NXZ

winmm

PlaySoundW

mfc140u

ord5918
ord3852
ord6860
ord995
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord8000
ord12531
ord14466
ord11982
ord11983
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12541
ord9210
ord2486
ord5357
ord8324
ord4589
ord12865
ord12928
ord10433
ord12247
ord8386
ord1472
ord7653
ord8470
ord2205
ord14600
ord555
ord8509
ord1659
ord1186
ord4485
ord14259
ord3804
ord14127
ord14599
ord11038
ord5335
ord6499
ord11014
ord9039
ord5962
ord365
ord4091
ord6607
ord3932
ord2526
ord14377
ord4227
ord8746
ord2224
ord5763
ord12172
ord1111
ord9040
ord11015
ord11396
ord10472
ord4092
ord458
ord3403
ord3404
ord3164
ord6531
ord6129
ord6220
ord13756
ord3305
ord3302
ord10255
ord8210
ord2761
ord1476
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord3833
ord11936
ord14588
ord8965
ord12220
ord6978
ord9377
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord10250
ord4988
ord4502
ord5790
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord14234
ord13028
ord14128
ord7810
ord14131
ord8817
ord13703
ord5935
ord7820
ord14137
ord5422
ord4735
ord8177
ord5583
ord3677
ord3869
ord3816
ord1405
ord6395
ord3359
ord3237
ord6801
ord2750
ord14507
ord3697
ord14261
ord12586
ord14461
ord8499
ord4312
ord4806
ord1711
ord13053
ord14623
ord12367
ord11971
ord5893
ord6332
ord12430
ord971
ord6837
ord5114
ord14606
ord13669
ord5585
ord5588
ord5581
ord498
ord5954
ord2256
ord7175
ord8738
ord7178
ord7138
ord7107
ord6300
ord4885
ord4570
ord1450
ord13257
ord13964
ord974
ord14416
ord12239
ord13935
ord13936
ord13042
ord6884
ord2271
ord9468
ord321
ord2396
ord1462
ord2029
ord985
ord5984
ord9132
ord1180
ord4225
ord6589
ord11905
ord10428
ord6882
ord4884
ord13086
ord6795
ord8182
ord1171
ord3182
ord540
ord4477
ord7819
ord9126
ord1066
ord4219
ord3145
ord6490
ord5533
ord13544
ord4742
ord1663
ord5419
ord2682
ord12124
ord3941
ord3371
ord3372
ord3265
ord14328
ord12168
ord4890
ord4886
ord1002
ord8773
ord6973
ord5249
ord5549
ord5760
ord9350
ord5525
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord9209
ord1474
ord997
ord1068
ord362
ord13070
ord1108
ord13062
ord14047
ord13293
ord13087
ord13095
ord3864
ord450
ord3954
ord2520
ord4881
ord6486
ord6559
ord3882
ord3957
ord2522
ord4882
ord6566
ord1182
ord6175
ord12595
ord1655
ord8505
ord551
ord4815
ord12921
ord8757
ord8719
ord12884
ord4664
ord4663
ord12584
ord2996
ord5921
ord1687
ord1689
ord8365
ord8811
ord6812
ord1526
ord1525
ord285
ord3009
ord12559
ord5109
ord5110
ord5074
ord4323
ord6489
ord258
ord261
ord4856
ord1052
ord324
ord2899
ord11972
ord2399
ord2300
ord2184
ord2374
ord2268
ord485
ord3236
ord14657
ord12405
ord14604
ord12348
ord2990
ord6751
ord2378
ord2383
ord1513
ord1523
ord1045
ord290
ord286
ord280
ord296
ord266
ord265
ord1511
ord1449
ord12429
ord14678
ord973
ord277
ord1653
ord14451
ord954
ord6501
ord1452
ord976
ord1046
ord306
ord2172
ord11991
ord12317
ord13110
ord1987
ord5700
ord545
ord2332
ord3849
ord4715
ord1144
ord503
ord293
ord12251
ord8217
ord12219
ord2389
ord1142
ord2885
ord12351
ord5886
ord11962
ord500
ord5514
ord6555
ord8032
ord12784
ord5512
ord494
ord358
ord5117
ord9701
ord11080
ord13085
ord9128
ord1070
ord3872
ord2993
ord8744
ord4222
ord5882
ord3147
ord6497
ord7073
ord11392
ord4649
ord3606
ord2385
ord9135
ord1446
ord4236
ord3257
ord6834
ord8345
ord5210
ord13022
ord14123
ord13019
ord14112
ord8881
ord14115
ord13694
ord13289
ord12867
ord12953
ord12578
ord12558
ord13775
ord13261
ord6528
ord6883
ord7395
ord7654
ord2865
ord6865
ord1391
ord890
ord2246
ord8225
ord8464
ord8360
ord8756
ord14409
ord14411
ord14417
ord8712
ord12763
ord1692
ord13251
ord2439
ord2215
ord8776
ord2304
ord2335
ord1133
ord6549
ord7493
ord12131
ord6218
ord13752
ord4927
ord2760
ord1514
ord325
ord1053
ord2365
ord2408
ord2411
ord2376
ord2410
ord12542

kernel32

CopyFileW
GlobalMemoryStatus
GetVersionExW
GetACP
lstrcpyW
GetCurrentThreadId
ResumeThread
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
CloseHandle
lstrlenW
DeleteFileW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
lstrcmpiA
WriteProcessMemory
VirtualProtect
GetCurrentProcessId
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetFileAttributesW
OutputDebugStringW
WideCharToMultiByte
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
SizeofResource
Sleep
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
MultiByteToWideChar
lstrcmpiW
GetProcAddress
GetModuleHandleW
GetVersionExA
MulDiv
LoadLibraryW
LoadLibraryExW
FreeLibrary
GetWindowsDirectoryW
GetTickCount
FindResourceW
LockResource
LoadResource
MoveFileW
GetTempPathW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
LocalFree
LocalAlloc
SetLastError

user32

PtInRect
GetWindowLongW
SetWindowLongW
FindWindowW
GetClassNameW
GetWindow
DrawIconEx
SystemParametersInfoW
MonitorFromRect
GetMonitorInfoW
MoveWindow
BeginPaint
EndPaint
AdjustWindowRectEx
ClientToScreen
FillRect
DestroyIcon
CreateIconIndirect
CopyIcon
GetIconInfo
SetCursor
GetSysColor
LoadCursorW
DestroyCursor
LoadImageW
IsWindowVisible
SetTimer
KillTimer
IsWindowEnabled
CopyRect
ChildWindowFromPoint
IsRectEmpty
EqualRect
GetParent
GetFocus
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
RedrawWindow
GetWindowDC
GetWindowTextW
GetWindowTextLengthW
CallWindowProcW
SetPropW
GetPropW
SetWindowTextW
InflateRect
SetScrollInfo
GetComboBoxInfo
GetScrollInfo
GetWindowInfo
DrawFocusRect
LoadBitmapW
SetRectEmpty
SetRect
ScreenToClient
GetCursorPos
SetCursorPos
MessageBoxW
GetWindowRect
GetClientRect
InvalidateRect
SetWindowRgn
ReleaseDC
GetDC
UpdateWindow
GetSystemMetrics
EnableWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetActiveWindow
GetDlgCtrlID
IsZoomed
IsIconic
SetWindowPos
IsWindow
PostMessageW
SendMessageW
FrameRect
TrackMouseEvent
DispatchMessageW
GetMessageW
OffsetRect
RegisterWindowMessageW
WindowFromPoint
IsMenu
LoadMenuW
AnimateWindow
EnumWindows
SetForegroundWindow
ShowWindow
DisableProcessWindowsGhosting
GetDesktopWindow
LoadIconW
SetActiveWindow
ModifyMenuW
GetMenuItemID
GetSubMenu
RemovePropW
DrawStateW
GetMenuItemRect
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
GetSystemMenu

gdi32

StretchBlt
SetTextColor
CreateDIBSection
MoveToEx
SetBkColor
TextOutW
CombineRgn
CreateRectRgn
FillRgn
GetClipBox
OffsetRgn
SelectClipRgn
CreatePolygonRgn
Escape
PtVisible
RectVisible
DeleteDC
GetBkColor
GetTextColor
GetDIBits
SetDIBits
RestoreDC
SaveDC
GetCurrentObject
Rectangle
GetPixel
SetPixel
Ellipse
GetMapMode
GetViewportExtEx
GetWindowExtEx
LPtoDP
RoundRect
CreatePen
CreateBitmap
LineTo
SelectObject
GetTextExtentPointW
CreateFontW
DPtoLP
GetObjectW
GetTextMetricsW
SetTextJustification
GetTextExtentPoint32W
GetStockObject
GetDeviceCaps
SetBkMode
ExcludeClipRect
DeleteObject
CreateSolidBrush
CreateRoundRectRgn
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutW
BitBlt

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegEnumValueW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW

comctl32

ImageList_AddMasked
ord17
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocString
OleLoadPicture
OleCreatePictureIndirect
SysFreeString
GetErrorInfo

msvcp140

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?setf@ios_base@std@@QAEHH@Z
?setf@ios_base@std@@QAEHHH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z

dbghelp

ImageDirectoryEntryToData

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
memset
wcschr
__current_exception
__current_exception_context
_purecall

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_beginthreadex
_cexit
_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
terminate
_initterm
_initterm_e
_configure_narrow_argv
_crt_atexit
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

wcspbrk
toupper
iswdigit
wcscpy_s
_wcsicmp
isdigit
isspace

api-ms-win-crt-convert-l1-1-0

_wtol
_wtof
atof
_wtoi64
_wtoi
wcstoul

api-ms-win-crt-math-l1-1-0

floor
ceil

api-ms-win-crt-stdio-l1-1-0

_wfopen_s
fgetws
__stdio_common_vswprintf_s
fopen_s
_wfopen
fclose
__stdio_common_vswscanf
__stdio_common_vswprintf
feof
__stdio_common_vfscanf
getc
fwrite
ftell
fseek
fread
fputc
fputws
rewind
fgets
fflush
setvbuf
ferror
__stdio_common_vfwprintf

api-ms-win-crt-heap-l1-1-0

_recalloc
free
calloc

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
wcsftime

api-ms-win-crt-filesystem-l1-1-0

_waccess

Exports

Exports

??0CBasicBrowser@@QAE@ABV0@@Z
??0CBrowserFactory@@QAE@ABV0@@Z
??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??0IBadX509Certificate@@QAE@$$QAV0@@Z
??0IBadX509Certificate@@QAE@ABV0@@Z
??0IBadX509Certificate@@QAE@XZ
??0IBrowserCallback2@@QAE@$$QAV0@@Z
??0IBrowserCallback2@@QAE@ABV0@@Z
??0IBrowserCallback2@@QAE@XZ
??0IBrowserCallback3@@QAE@$$QAV0@@Z
??0IBrowserCallback3@@QAE@ABV0@@Z
??0IBrowserCallback3@@QAE@XZ
??0IBrowserCallback4@@QAE@$$QAV0@@Z
??0IBrowserCallback4@@QAE@ABV0@@Z
??0IBrowserCallback4@@QAE@XZ
??0IBrowserCallback@@QAE@$$QAV0@@Z
??0IBrowserCallback@@QAE@ABV0@@Z
??0IBrowserCallback@@QAE@XZ
??0IBrowserPromptHandler@@QAE@$$QAV0@@Z
??0IBrowserPromptHandler@@QAE@ABV0@@Z
??0IBrowserPromptHandler@@QAE@XZ
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CBrowserFactory@@QAEAAV0@ABV0@@Z
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??4IBadX509Certificate@@QAEAAV0@$$QAV0@@Z
??4IBadX509Certificate@@QAEAAV0@ABV0@@Z
??4IBrowserCallback2@@QAEAAV0@$$QAV0@@Z
??4IBrowserCallback2@@QAEAAV0@ABV0@@Z
??4IBrowserCallback3@@QAEAAV0@$$QAV0@@Z
??4IBrowserCallback3@@QAEAAV0@ABV0@@Z
??4IBrowserCallback4@@QAEAAV0@$$QAV0@@Z
??4IBrowserCallback4@@QAEAAV0@ABV0@@Z
??4IBrowserCallback@@QAEAAV0@$$QAV0@@Z
??4IBrowserCallback@@QAEAAV0@ABV0@@Z
??4IBrowserPromptHandler@@QAEAAV0@$$QAV0@@Z
??4IBrowserPromptHandler@@QAEAAV0@ABV0@@Z
??_7CBasicBrowser@@6B@
??_7CBrowserFactory@@6B@
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_7IBadX509Certificate@@6B@
??_7IBrowserCallback2@@6B@
??_7IBrowserCallback3@@6B@
??_7IBrowserCallback4@@6B@
??_7IBrowserCallback@@6B@
??_7IBrowserPromptHandler@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEHXZ
?Flush@CxIOFile@@UAE_NXZ
?GetBrowserWndIcon@CBasicBrowser@@QAEPAUHICON__@@XZ
?GetC@CxIOFile@@UAEHXZ
?GetExifInfo@CxImage@@QAEPAUtag_ExifInfo@@XZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPB_W0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEHPBDPAX@Z
?Seek@CxIOFile@@UAE_NHH@Z
?SetBrowserWndIcon@CBasicBrowser@@QAEXPAUHICON__@@@Z
?SetCallbackClass@CBasicBrowser@@QAEXPAVIBrowserCallback@@@Z
?Size@CxIOFile@@UAEHXZ
?Tell@CxIOFile@@UAEHXZ
?Write@CxIOFile@@UAEIPBXII@Z

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PokerTabConfig.txt
Roboto-Bold.ttf
Roboto.ttf
RobotoCondensed-Bold.ttf
RobotoCondensed-Light.ttf
RobotoCondensed-Regular.ttf
RunApp.exe
.exe windows:4 windows x86

f08ffab66daf48feb82be7beda3399ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
SetErrorMode
GetOEMCP
GetCPInfo
GetProcessVersion
GetLastError
WritePrivateProfileStringA
GlobalFlags
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
MulDiv
SetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetEnvironmentStringsW
GetCurrentThreadId

user32

CopyRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
SetWindowTextA
ShowWindow
LoadStringA
DestroyMenu
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
GetWindowPlacement
GetWindowRect
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
SystemParametersInfoA
UnregisterClassA

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
SetMapMode
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DeleteObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetStockObject
SelectObject
RestoreDC
SaveDC
CreateBitmap

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

comctl32

ord17

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SYS.ini
TabConfig.txt
Theme.xml
ToastersUITemplate.xml
Version.ini
WLConfigData.ini
digital.ttf
dynamic.bin
newtable.bin
newtable_redesign.bin
poker.bin
preloader.html
.html .js
smartable_redesign.bin
table.bin

Sharing

General

Malware Config

Signatures

Files

66a3a1bca6de4137317716abc09b2e8b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

atl

msvcrt

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 40KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

7e30987d0b91ce1ab9cda598a29d458c

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

shlwapi

oleacc

user32

gdi32

winspool.drv

comdlg32

oleaut32

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 28KB - Virtual size: 28KB

962f97bf5baceab3f836127f30f054d1

Code Sign

05:f5:1e:bf:e2:0c:2b:dc:a6:d3:6c:3e:5c:55:6e:b7Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

2b:fd:ed:73:90:0d:f4:57:2f:8d:8d:ae:78:d5:fa:07:66:24:b9:97:d8:f5:37:c8:7b:a2:e2:f0:57:a0:f8:4bSigner

Headers

DLL Characteristics

File Characteristics

Imports

pgbrowser

pgimagedll_19

winmm

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp140

dbghelp

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 40KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 28KB - Virtual size: 28KB

05:f5:1e:bf:e2:0c:2b:dc:a6:d3:6c:3e:5c:55:6e:b7
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

2b:fd:ed:73:90:0d:f4:57:2f:8d:8d:ae:78:d5:fa:07:66:24:b9:97:d8:f5:37:c8:7b:a2:e2:f0:57:a0:f8:4b
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 584KB - Virtual size: 584KB

.data
Size: 59KB - Virtual size: 63KB

.rsrc
Size: 245KB - Virtual size: 245KB

.reloc
Size: 183KB - Virtual size: 182KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 16KB - Virtual size: 12KB