1[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.zip
Size

5.3MB
MD5

74e99858bbae987874f6bf3b8711eca7
SHA1

8935d6d3fcbeec096fdc97f95caeefebaa147a6f
SHA256

a4c27b7ee28ed6ac6fd1d32632b300090e4fcc87f90f9b893da272a5807eceab
SHA512

8eecb1f345ac0d050dd242ce894377a71a83f0422b8199c7fb6e21aa2c2204e0a7a950b505ae909c9a10f68acca9a6d62d4fe33f69918c4ef02d7b49fb3df0b5
SSDEEP

98304:gqI6jIG5ggVtWjdFeUdPi0h2M1CTr9CT6rVuFHHB8ibG9TDG6XXVu3HfuwXvommp:g0fxYfNdq0oM0tnVeHvbG9TDru3/e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mfc80u.dll

Files

1.zip
.zip
Microsoft.VC80.CRT.manifest
Microsoft.VC80.MFC.manifest
Microsoft.VC80.MFCLOC.manifest
.xml
http_dll.dll
.dll windows:4 windows x86

e741cd0919fe3a9d075f43a89ce7cb10

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:22:25:2b:47:8a:1a:91:a8:bc:2b:8b:7f:2d:96:ea
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

09/05/2007, 00:00

Not After

08/06/2010, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:ed:6c:01:d7:4a:a8:b8:ed:27:80:ab:fc:80:7d:4f:a1:f6:4f:9c
Signer

Actual PE Digest

f0:ed:6c:01:d7:4a:a8:b8:ed:27:80:ab:fc:80:7d:4f:a1:f6:4f:9c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mpr

WNetGetUserW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertFindCertificateInStore
CertGetNameStringW

mfc80u

ord3221
ord2077
ord656
ord1536
ord4226
ord2651
ord3158
ord2155
ord6161
ord3756
ord591
ord1922
ord1474
ord4092
ord2080
ord1538
ord4228
ord3165
ord977
ord1555
ord3946
ord6751
ord283
ord6749
ord2161
ord2421
ord1921
ord4266
ord2366
ord1512
ord4274
ord4112
ord1573
ord4119
ord1545
ord3547
ord4313
ord6744
ord2310
ord3546
ord516
ord718
ord1388
ord6262
ord1924
ord1475
ord4093
ord2082
ord1561
ord4231
ord3223
ord5207
ord657
ord4714
ord2011
ord4730
ord4207
ord4184
ord4838
ord4861
ord4611
ord4791
ord5064
ord5066
ord5065
ord2012
ord1883
ord3082
ord6232
ord2461
ord385
ord630
ord563
ord753
ord359
ord607
ord3998
ord2648
ord1005
ord2942
ord356
ord354
ord5832
ord3828
ord721
ord524
ord526
ord3064
ord3126
ord2027
ord1318
ord3288
ord1958
ord4577
ord1006
ord5208
ord2422
ord3399
ord4948
ord3662
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord6272
ord4008
ord4032
ord566
ord757
ord3824
ord3677
ord314
ord6061
ord4109
ord2521
ord2426
ord5884
ord5723
ord6058
ord2468
ord5398
ord280
ord4755
ord330
ord589
ord6140
ord5829
ord4094
ord2085
ord3238
ord1946
ord1274
ord1053
ord3869
ord3395
ord1058
ord2365
ord4882
ord1220
ord3990
ord4100
ord6160
ord3983
ord5524
ord2261
ord2340
ord5484
ord1571
ord1416
ord2151
ord5711
ord6033
ord2260
ord3396
ord2121
ord2579
ord3674
ord261
ord3322
ord2981
ord3793
ord2870
ord754
ord1578
ord3301
ord1589
ord6115
ord6053
ord731
ord3342
ord2878
ord2861
ord5864
ord5981
ord4558
ord3985
ord2872
ord2490
ord5747
ord3877
ord1021
ord1784
ord6700
ord282
ord1479
ord2460
ord1906
ord5558
ord384
ord629
ord2740
ord1236
ord2713
ord4101
ord2282
ord3400
ord5414
ord860
ord1781
ord2860
ord5742
ord2489
ord5862
ord1864
ord1866
ord1637
ord1579
ord3306
ord736
ord5803
ord5965
ord5982
ord5851
ord530
ord4098
ord6001
ord5710
ord3435
ord3287
ord3661
ord4074
ord5983
ord1368
ord6251
ord5699
ord3752
ord5698
ord4743
ord765
ord315
ord1033
ord1087
ord1197
ord1199
ord1093
ord371
ord1908
ord1162
ord1115
ord1192
ord1168
ord1170
ord1200
ord581
ord1559
ord1630
ord741
ord3311
ord4234
ord1582
ord2086
ord587
ord2255
ord5633
ord3155
ord709
ord501
ord416
ord2297
ord642
ord1957
ord5519
ord3995
ord4117
ord5637
ord2081
ord3873
ord774
ord3281
ord502
ord6116
ord326
ord5635
ord1628
ord1549
ord2876
ord4230
ord3208
ord5584
ord1270
ord3483
ord602
ord347
ord2364
ord1556
ord2250
ord1476
ord651
ord3296
ord5727
ord3331
ord3157
ord3678
ord745
ord557
ord5867
ord2361
ord2083
ord4232
ord3224
ord3645
ord658
ord2952
ord1472
ord5178
ord5171
ord4206
ord1647
ord1894
ord4026
ord4729
ord1646
ord4884
ord1590
ord4255
ord5196
ord1079
ord2985
ord1662
ord2531
ord4347
ord5210
ord1661
ord2725
ord1925
ord1393
ord1542
ord2829
ord5911
ord4301
ord6721
ord2708
ord1271
ord6720
ord2856
ord5908
ord2534
ord1611
ord2640
ord1608
ord2527
ord3940
ord3712
ord1392
ord3713
ord6063
ord4238
ord3703
ord5148
ord2638
ord1899
ord3943
ord5067
ord4480
ord2788
ord6271
ord4256
ord2362
ord4179
ord5199
ord3176
ord1562
ord5609
ord3397
ord4716
ord4276
ord2311
ord3198
ord1591
ord777
ord5956
ord6086
ord5231
ord4574
ord5229
ord920
ord925
ord929
ord5869
ord927
ord3635
ord931
ord776
ord1785
ord2384
ord3204
ord2404
ord2388
ord605
ord2394
ord577
ord2392
ord896
ord2390
ord620
ord2407
ord293
ord2402
ord899
ord2386
ord572
ord2409
ord760
ord2397
ord900
ord2379
ord2381
ord2399
ord2169
ord1118
ord2163
ord1513
ord6273
ord4314
ord3796
ord1955
ord6275
ord3339
ord4961
ord1353
ord3189
ord3249
ord5327
ord6293
ord1178
ord265
ord266
ord5316
ord1172
ord6282
ord1176
ord762
ord764
ord5638
ord722

msvcr80

memset
memcpy
wcschr
free
malloc
_wcsicmp
realloc
_stricmp
_wcsnicmp
towupper
memmove
_snwprintf_s
swscanf_s
wcscpy_s
wcsncpy_s
strcat_s
wcscspn
wcscat_s
_vsnprintf_s
strchr
memmove_s
memcpy_s
strncmp
wcsstr
wcsncmp
strcpy_s
strncpy_s
_wtol
wcstoul
calloc
strtoul
wcsrchr
sprintf_s
_purecall
wcspbrk
qsort
bsearch
vswprintf_s
swprintf_s
_wcsupr_s
_wcsdup
_wtoi
_wcslwr_s
_time32
_itow_s
__CxxFrameHandler3
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ

kernel32

Sleep
LockResource
LoadResource
SizeofResource
FindResourceW
GetDateFormatW
GlobalHandle
SetEvent
ResetEvent
CreateEventW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
WriteFile
CreateFileW
GetCurrentProcessId
CloseHandle
GetCurrentProcess
GetCurrentThread
GetVersionExW
lstrcpynA
lstrlenA
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
GetModuleHandleW
GetProcAddress
LoadLibraryW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
FileTimeToSystemTime
ReadFile
SetEndOfFile
SetFilePointer
GetFileSize
GetShortPathNameW
GetFileInformationByHandle
GetSystemTimeAsFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsW
GetDriveTypeW
QueryDosDeviceW
LocalFree
LocalAlloc
OpenProcess
LoadLibraryExW
GetEnvironmentVariableW
GetSystemDirectoryA
LoadLibraryA
GlobalAlloc
GlobalFree
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetTickCount
GetCurrentThreadId
QueryPerformanceCounter

user32

LoadAcceleratorsW
LoadIconW
CheckMenuItem
DeleteMenu
MessageBoxW
MsgWaitForMultipleObjects
LoadImageW
PeekMessageW
GetScrollPos
ClientToScreen
GetKeyState
DrawFrameControl
DispatchMessageW
TranslateMessage
SetCursor
GetCursorPos
GetFocus
DestroyAcceleratorTable
RemoveMenu
IsWindowVisible
ReleaseCapture
DestroyCursor
SetCapture
SetRectEmpty
LoadCursorW
GetWindowLongW
DrawFocusRect
SetMenuDefaultItem
GetSubMenu
LoadMenuW
GetSystemMetrics
AppendMenuW
CreatePopupMenu
EnableMenuItem
PtInRect
InflateRect
SetRect
PostMessageW
IsWindow
TranslateAcceleratorW
BeginDeferWindowPos
DeferWindowPos
GetAsyncKeyState
EndDeferWindowPos
GetSysColorBrush
GetWindowRect
EnableWindow
SystemParametersInfoW
AdjustWindowRect
LockWindowUpdate
ScreenToClient
wsprintfW
SendMessageW
UpdateWindow
GetDC
FillRect
ReleaseDC
InvalidateRect
CopyRect
DrawTextW
GetClientRect
GetParent
DestroyIcon
GetNextDlgTabItem
SetForegroundWindow
GetSysColor

gdi32

DeleteDC
CreateDIBitmap
GetTextColor
GetTextExtentPoint32W
SelectObject
SetTextColor
DeleteObject
SetPixel
DPtoLP
GetBkColor
GetMapMode
LPtoDP
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextMetricsW
CreateSolidBrush
CreateRectRgnIndirect
GetCurrentObject
CreateFontIndirectW
GetObjectW

advapi32

RegDeleteKeyW
OpenThreadToken
OpenProcessToken
LookupAccountSidW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegDeleteKeyA

shell32

ExtractIconW
SHGetMalloc
SHGetDesktopFolder
ExtractIconExW

oleaut32

SysAllocString
VariantCopy
VariantChangeType
VariantInit

ws2_32

WSACleanup
gethostbyaddr
getservbyport
ntohs
inet_ntoa
WSAStartup
getservbyname
htons
WSAGetLastError
gethostbyname
inet_addr
WSASetLastError
socket
closesocket
htonl

Exports

Exports

RAEditExtProc
SetIOCtlExtProc

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
keepass-run.exe
.exe windows:4 windows x86

013b5b8276709c2ecd2887fac380e33f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:22:25:2b:47:8a:1a:91:a8:bc:2b:8b:7f:2d:96:ea
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

09/05/2007, 00:00

Not After

08/06/2010, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:c5:f1:2a:bd:88:01:24:6a:d9:4c:c0:d1:2c:ea:eb:8f:20:1a:14
Signer

Actual PE Digest

bd:c5:f1:2a:bd:88:01:24:6a:d9:4c:c0:d1:2c:ea:eb:8f:20:1a:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
Sleep
FreeLibrary
GetProcAddress
LoadLibraryW
GetCommandLineW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime

user32

CreateWindowExW
RegisterClassExW
DefWindowProcW
DestroyWindow

advapi32

OpenSCManagerW
RegQueryValueExW
DeleteService
OpenServiceW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
CreateServiceW
CloseServiceHandle
RegOpenKeyExW

msvcr80

wcscpy_s
wcsncpy_s
wcscat_s
wcsrchr
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
vswprintf_s
??3@YAXPAX@Z
wcsstr

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mfc80u.dll
.dll windows:4 windows x86

4ca444b09cab86ae48fe835cb05c6e94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
strcpy_s
_itow_s
_ultow_s
_ltow_s
iswdigit
ceil
wcsncmp
_wcsnicmp
_wfullpath
_wtol
__wargv
__argc
swscanf_s
_beginthreadex
_endthreadex
_wcsdup
_expand
_wtoi
_recalloc
wcstod
wcstoul
_mbspbrk
wcstol
_resetstkoflw
_wmakepath_s
_wsplitpath_s
_vsnwprintf_s
_snwscanf_s
labs
abs
calloc
_msize
wcscat_s
_snwprintf_s
_errno
_purecall
_localtime64_s
_mktime64
realloc
fclose
fflush
ftell
fseek
fgetws
fputws
fwrite
clearerr_s
ferror
feof
fread
__doserrno
_fdopen
_open_osfhandle
_fileno
_get_osfhandle
wcscpy_s
abort
memcmp
swprintf_s
wcsncpy_s
_mbscspn
_mbscmp
_vscprintf
wcscmp
wcscspn
wcsspn
iswspace
_mbsinc
_mbsupr_s
_wcsrev
memcpy_s
_mbsspn
_mbscoll
wcspbrk
memset
_wcsicoll
wcsstr
wcsrchr
_mbsrchr
_mbschr
vsprintf_s
_wcsupr_s
wcslen
_wcslwr_s
_ismbcspace
vswprintf_s
_mbsstr
_mbsicoll
_mbsrev
strlen
malloc
free
wcscoll
memmove
_vscwprintf
_mbsicmp
_wcsicmp
memmove_s
_mbslwr_s
wcschr
_CxxThrowException
memcpy
__clean_type_info_names_internal
__CxxFrameHandler3

kernel32

GetLocaleInfoA
GetSystemTimeAsFileTime
GetEnvironmentVariableW
FindResourceExW
FindResourceW
LoadResource
FormatMessageA
WideCharToMultiByte
SizeofResource
FormatMessageW
GetEnvironmentVariableA
MultiByteToWideChar
GetLastError
LockResource
LocalFree
SetLastError
GetAtomNameW
GlobalGetAtomNameW
lstrlenW
lstrcmpA
lstrlenA
DuplicateHandle
GetCurrentProcess
CreateFileW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
CloseHandle
LockFile
UnlockFile
SetEndOfFile
GetFileSize
MoveFileW
DeleteFileW
LoadLibraryW
GetProcAddress
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetModuleFileNameW
GetShortPathNameW
GlobalLock
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalReAlloc
GlobalFree
GetFileTime
GetFileAttributesW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SetFileTime
FreeLibrary
GetModuleHandleW
InterlockedDecrement
LocalAlloc
TlsAlloc
InitializeCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
LocalReAlloc
TlsSetValue
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
CreateEventW
WaitForMultipleObjects
lstrcmpW
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
CompareStringW
GlobalAddAtomW
GetCurrentThreadId
GetVersion
GetCurrentProcessId
GetVersionExW
MulDiv
GetProfileIntW
LoadLibraryA
VirtualProtect
GetModuleHandleA
RaiseException
GlobalFlags
GetDiskFreeSpaceW
GetTempFileNameW
LocalLock
LocalUnlock
GetTempPathW
SearchPathW
SetEvent
SetThreadPriority
ResumeThread
SuspendThread
GetLocaleInfoW
ConvertDefaultLocale
EnumResourceLanguagesW
GetCurrentThread
InterlockedExchange
CompareStringA
SetErrorMode
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentDirectoryW
InterlockedIncrement
FindNextFileW
GetTickCount
CopyFileW
GetUserDefaultLCID
IsDBCSLeadByte
lstrcpyW
lstrcpyA
GetSystemTime
LoadLibraryExW
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetACP

gdi32

GetCurrentPositionEx
OffsetRgn
SetBrushOrgEx
GetRgnBox
CreateMetaFileW
CopyMetaFileW
LPtoDP
Ellipse
CreateEllipticRgn
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
DPtoLP
SetRectRgn
CombineRgn
GetMapMode
GetPixel
CreateDIBPatternBrushPt
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
EnumMetaFile
PlayMetaFile
PlayMetaFileRecord
GetObjectType
ExtSelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocW
EnumFontFamiliesExW
CreateDCW
BitBlt
CreateRectRgnIndirect
PatBlt
UnrealizeObject
Rectangle
CreatePen
CreatePatternBrush
CreateBitmap
TextOutW
DeleteMetaFile
CloseMetaFile
RectVisible
PtVisible
IntersectClipRect
SetWindowOrgEx
GetWindowOrgEx
GetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutW
MoveToEx
GetTextAlign
GetTextExtentPoint32A
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetNearestColor
GetViewportExtEx
GetWindowExtEx
CreateFontIndirectW
GetTextFaceW
GetTextColor
GetStretchBltMode
GetPolyFillMode
GetBkMode
GetROP2
RestoreDC
SaveDC
GetStockObject
GetTextMetricsW
GetTextExtentPoint32W
DeleteObject
GetCharWidthW
CreateFontW
DeleteDC
StretchDIBits
SelectObject
GetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkColor
GetObjectW
GetClipBox

user32

IntersectRect
RegisterWindowMessageW
GetWindowLongW
SetWindowLongW
SetWindowPos
IsWindow
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetMessageTime
GetMessagePos
DefWindowProcW
GetPropW
CallWindowProcW
RemovePropW
CallNextHookEx
GetClassLongW
GetClassInfoExW
GetClassNameW
SetPropW
SetWindowsHookExW
CreateWindowExW
DestroyWindow
GetKeyState
GetDlgCtrlID
SendMessageW
GetWindowTextLengthW
GetWindowTextW
GetDlgItem
SetWindowPlacement
TrackPopupMenu
TrackPopupMenuEx
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetMenu
GetClassInfoW
RegisterClassW
WinHelpW
GetCapture
GetParent
GetWindow
IsChild
MessageBoxW
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
IsWindowVisible
ScrollWindow
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScreenToClient
EqualRect
DeferWindowPos
AdjustWindowRectEx
GetFocus
SetActiveWindow
SetFocus
PtInRect
PeekMessageW
DispatchMessageW
GetSysColor
GetClientRect
MapWindowPoints
SendDlgItemMessageW
SendDlgItemMessageA
UpdateWindow
PostMessageW
LoadIconW
EnableWindow
SetRectEmpty
LoadAcceleratorsW
TranslateAcceleratorW
ReleaseCapture
SetCursor
GetDesktopWindow
IsWindowEnabled
ShowWindow
GetWindowThreadProcessId
GetActiveWindow
LoadMenuW
DestroyMenu
SetMenu
UnpackDDElParam
ReuseDDElParam
InvalidateRect
CreatePopupMenu
InsertMenuItemW
BringWindowToTop
LoadCursorW
OffsetRect
WaitMessage
WindowFromPoint
SetCapture
ClientToScreen
GetMessageW
TranslateMessage
DefFrameProcW
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
RedrawWindow
InflateRect
KillTimer
SetTimer
SetRect
GetDC
ReleaseDC
IsZoomed
SetParent
IsRectEmpty
GetSystemMenu
DeleteMenu
AppendMenuW
GetDCEx
LockWindowUpdate
GetTabbedTextExtentA
DrawTextW
DrawTextExW
GrayStringW
UnionRect
MapVirtualKeyW
GetKeyNameTextW
LoadBitmapW
DrawFocusRect
FillRect
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutW
GetMenuStringW
SystemParametersInfoW
GetMenuItemInfoW
GetSysColorBrush
SetWindowTextW
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageW
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
ModifyMenuW
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
FindWindowW
SetWindowRgn
DrawIcon
GetTabbedTextExtentW
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassW
ShowOwnedPopups
InsertMenuW
RegisterClipboardFormatW
SendNotifyMessageW
CopyAcceleratorTableW
InSendMessage
PostThreadMessageW
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextW
InvalidateRgn
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
SystemParametersInfoA
GetWindowRect
GetWindowPlacement
IsIconic
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetCursorPos
CharUpperW
CharToOemBuffA
UnregisterClassA
OemToCharBuffA
GetSystemMetrics

shlwapi

UrlUnescapeW
PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

Sections

.text
Size: 924KB - Virtual size: 923KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcr80.dll
.dll windows:4 windows x86

7fecbc4a16a5dc85a5394a1df6217680

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

33:c3:5f:8b:90:a4:1a:da:8a:31:e2:15:e8:8b:ff:62:ff:95:6b:8d
Signer

Actual PE Digest

33:c3:5f:8b:90:a4:1a:da:8a:31:e2:15:e8:8b:ff:62:ff:95:6b:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_getdrives

kernel32

GetStringTypeA
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
TlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
Sleep
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
VirtualAlloc
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetLocalTime
GetStringTypeW
LoadLibraryW
GetLocaleInfoA
GetLocaleInfoW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
Beep
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
GetSystemInfo
VirtualQuery
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetEndOfFile
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1exception@std@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@std@@UBEPBDXZ
@_calloc_crt@8
@_malloc_crt@4
@_realloc_crt@8
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osplatform
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_crt_debugger_hook
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_osplatform
_get_osver
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_winmajor
_get_winminor
_get_winver
_get_wpgmptr
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp

Sections

.text
Size: 396KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
townspeople.7z
.png

Sharing

General

Malware Config

Signatures

Files

e741cd0919fe3a9d075f43a89ce7cb10

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2b:22:25:2b:47:8a:1a:91:a8:bc:2b:8b:7f:2d:96:eaCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

f0:ed:6c:01:d7:4a:a8:b8:ed:27:80:ab:fc:80:7d:4f:a1:f6:4f:9cSigner

Headers

File Characteristics

Imports

mpr

version

crypt32

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 520KB - Virtual size: 519KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 144KB - Virtual size: 143KB

.reloc Size: 64KB - Virtual size: 60KB

013b5b8276709c2ecd2887fac380e33f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2b:22:25:2b:47:8a:1a:91:a8:bc:2b:8b:7f:2d:96:eaCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

bd:c5:f1:2a:bd:88:01:24:6a:d9:4c:c0:d1:2c:ea:eb:8f:20:1a:14Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcr80

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

4ca444b09cab86ae48fe835cb05c6e94

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2b:22:25:2b:47:8a:1a:91:a8:bc:2b:8b:7f:2d:96:ea
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

f0:ed:6c:01:d7:4a:a8:b8:ed:27:80:ab:fc:80:7d:4f:a1:f6:4f:9c
Signer

.text
Size: 520KB - Virtual size: 519KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 144KB - Virtual size: 143KB

.reloc
Size: 64KB - Virtual size: 60KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2b:22:25:2b:47:8a:1a:91:a8:bc:2b:8b:7f:2d:96:ea
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

bd:c5:f1:2a:bd:88:01:24:6a:d9:4c:c0:d1:2c:ea:eb:8f:20:1a:14
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 924KB - Virtual size: 923KB

.data
Size: 18KB - Virtual size: 26KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 78KB - Virtual size: 77KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

33:c3:5f:8b:90:a4:1a:da:8a:31:e2:15:e8:8b:ff:62:ff:95:6b:8d
Signer

.text
Size: 396KB - Virtual size: 393KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 16KB - Virtual size: 13KB