New Compressed (zipped) Folder[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

New Compressed (zipped) Folder.zip
Size

2.3MB
MD5

74ee11211b4979c83fc6c1dfcc93b76a
SHA1

4eddc488c0adcea3b75dfa73a62d38b4fa0d7516
SHA256

4b2e8e119eb5f02a1ccd6134cab60a42c1b7409e80f272e0737afd4d03bd1791
SHA512

9e34792e5476b2205ea09eb2d704423cc25715facf5238fc5c6826f4228d0b19c89a7a11fdb5ab18bf95f77c8ab13cf4292273792343ae948baf1544790838fc
SSDEEP

49152:jRyBfPIVZhr5JkXHDPt0tSDrkAkxuoSpt2rpERZMZnqu9:jRUfP2DHkXrpHkVS9RZMMu9

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/3f122bee753762566fd28608a1b861dd3e7b1945e923382d0a47d13aac3bc1e6.dll	acprotect
static1/unpack001/5145a51514f62d49ea0124a2e659ba9708bd67db840fff193fa00268c32edb45.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/3f122bee753762566fd28608a1b861dd3e7b1945e923382d0a47d13aac3bc1e6.dll	upx
static1/unpack001/5145a51514f62d49ea0124a2e659ba9708bd67db840fff193fa00268c32edb45.dll	upx
static1/unpack001/fbc7cfe8a0e5524cda68dc93c9ff0003bdfa0ca55207504e6493d4657a925d02.exe	upx

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0e215db250b307a7eb0217189c1de5d55495d4f7fc6f607501a7a0c7f6cc123b.exe
unpack001/2749bdc11bc0496f613cfd5f22440ca51841f39144b86ebe85e755f87d36fc91.exe
unpack001/3da3613cd6ff26b95905b5510c5201ddfa8efc74041e19a365326b52c5be3999.exe
unpack001/3f122bee753762566fd28608a1b861dd3e7b1945e923382d0a47d13aac3bc1e6.dll
unpack001/5145a51514f62d49ea0124a2e659ba9708bd67db840fff193fa00268c32edb45.dll
unpack001/9661ed586dbe16987ab1823f92cd854ea32b1817f04a95656917bf3977c1de79.exe
unpack001/b4bf3e5d5e85ff314abf8acc1f3150bed6e9d9da7814a1166a9ecfd858e8fd99.exe
unpack001/ca7beb1d3a300f65850f9db7b19d6b75718fdbd99d1588f678603143519a9a8c.exe
unpack001/cd5bc51508f01f816121b5f67fa53f2f7aa2d55b182850709bbfb82370ea9e54.exe
unpack001/e3de56743984f479773ffddf63214d7e202421ee8f23f05e9bb76aad2c77e20a.exe
unpack001/e638aa804875b3c94602ae32a44f0ccd679c2d533410d09451ae85c636c01dc7.exe
unpack001/fbc7cfe8a0e5524cda68dc93c9ff0003bdfa0ca55207504e6493d4657a925d02.exe
unpack004/out.upx

Files

New Compressed (zipped) Folder.zip
.zip
0e215db250b307a7eb0217189c1de5d55495d4f7fc6f607501a7a0c7f6cc123b.exe
.exe windows:10 windows x86

392b4d61b1d1dadc1f06444df258188a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__dllonexit
_unlock
_lock
_initterm
wcsspn
_tell
_except_handler4_common
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
calloc
free
_purecall
__CxxFrameHandler3
?terminate@@YAXXZ
_wcslwr
_controlfp
_dup2
memcmp
_local_unwind4
_dup
??1type_info@@UAE@XZ
_close
_open_osfhandle
swscanf
_ultoa
_pipe
memmove
wcsncmp
_setmode
exit
_getch
iswspace
wcschr
iswxdigit
_setjmp3
time
srand
_wtol
fflush
wcsstr
iswalpha
wcstoul
??3@YAXPAX@Z
_errno
??_V@YAXPAX@Z
printf
memcpy_s
_onexit
fgets
qsort
rand
_pclose
fprintf
wcsrchr
ferror
realloc
towlower
setlocale
towupper
_wcsupr
feof
_wpopen
_wcsnicmp
_get_osfhandle
longjmp
iswdigit
wcstol
_vsnwprintf
_wcsicmp
__iob_func
malloc
_callnewh
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
memset

ntdll

NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken
NtFsControlFile
RtlDosPathNameToNtPathName_U
RtlFindLeastSignificantBit
RtlFreeHeap
RtlReleaseRelativeName
NtOpenFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetInformationFile
NtQueryVolumeInformationFile
NtSetInformationProcess
NtQueryInformationProcess
RtlNtStatusToDosError
NtCancelSynchronousIoFile
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString

api-ms-win-core-kernel32-legacy-l1-1-0

GetConsoleWindow
CopyFileW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
TryAcquireSRWLockExclusive
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSection
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockExclusive
LeaveCriticalSection
ReleaseMutex
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
HeapReAlloc
GetProcessHeap
HeapSize
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
CreateProcessW
CreateProcessAsUserW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
DeleteProcThreadAttributeList
OpenThread
ResumeThread

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW
SetThreadLocale
GetACP
GetThreadLocale
GetUserDefaultLCID
GetCPInfo

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
VirtualQuery
ReadProcessMemory

api-ms-win-core-console-l1-1-0

ReadConsoleW
WriteConsoleW
GetConsoleMode
SetConsoleMode
SetConsoleCtrlHandler
GetConsoleOutputCP

api-ms-win-core-file-l1-1-0

ReadFile
GetFileAttributesW
GetFileSize
SetFilePointer
GetFullPathNameW
GetVolumePathNameW
CreateFileW
WriteFile
SetFilePointerEx
FindFirstFileExW
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
CompareFileTime
RemoveDirectoryW
FindFirstFileW
GetFileType
FindNextFileW
FindClose
GetVolumeInformationW
SetFileTime
DeleteFileW
SetEndOfFile
SetFileAttributesW
CreateDirectoryW
GetDriveTypeW
FlushFileBuffers
GetFileAttributesExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentStringsW
GetStdHandle
SetEnvironmentVariableW
GetCurrentDirectoryW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetEnvironmentStringsW
SetCurrentDirectoryW
SearchPathW
GetCommandLineW

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
FlushConsoleInputBuffer
FillConsoleOutputCharacterW
SetConsoleCursorPosition
ScrollConsoleScreenBufferW

api-ms-win-security-base-l1-1-0

RevertToSelf
GetSecurityDescriptorOwner
GetFileSecurityW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount
SetLocalTime
GetLocalTime
GetVersion
GetWindowsDirectoryW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx

api-ms-win-core-console-l2-2-0

SetConsoleTitleW
GetConsoleTitleW

api-ms-win-core-processenvironment-l1-2-0

NeedCurrentDirectoryForExePathW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyExW
RegEnumKeyExW

api-ms-win-core-file-l2-1-0

CreateSymbolicLinkW
GetFileInformationByHandleEx
MoveFileExW
MoveFileWithProgressW
CreateHardLinkW

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

api-ms-win-core-processtopology-l1-1-0

GetThreadGroupAffinity

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-processtopology-obsolete-l1-1-0

SetProcessAffinityMask

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7.sys
.sys windows:6 windows x64

a998fe47a44bfbf2399968e21cfdf7ca

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:c5:bc:ad:73:31:9e:e0:13:1e:32:8a:2b:81:4e:16:4a
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

02-01-2014 07:01

Not After

04-02-2015 15:04

Subject

CN=GMEREK Systemy Komputerowe Przemyslaw Gmerek,O=GMEREK Systemy Komputerowe Przemyslaw Gmerek,L=Katowice,ST=Katowice,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7b
Signer

Actual PE Digest

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

PsProcessType
IoDeleteSymbolicLink
ExFreePoolWithTag
strncmp
_snwprintf
PsLookupProcessByProcessId
RtlInitUnicodeString
IoDeleteDevice
KeUnstackDetachProcess
KeDetachProcess
IoDriverObjectType
wcsrchr
ExAllocatePool
ZwClose
KeBugCheck
IofCompleteRequest
ObReferenceObjectByHandle
KeAttachProcess
PsGetVersion
PsThreadType
IoCreateSymbolicLink
MmIsAddressValid
ObfDereferenceObject
ObReferenceObjectByName
IoCreateDevice
ObOpenObjectByPointer
KeStackAttachProcess
PsLookupThreadByThreadId
KeClearEvent
IoGetBaseFileSystemDeviceObject
IoBuildSynchronousFsdRequest
_wcsnicmp
ZwReadFile
wcsncpy
KeInitializeEvent
ZwSetInformationFile
strncpy
IoGetDeviceObjectPointer
NtClose
KeWaitForSingleObject
ZwDeleteFile
RtlCompareUnicodeString
ObfReferenceObject
ZwOpenFile
ZwQueryInformationFile
ZwWriteFile
IofCallDriver
wcschr
MmUnmapLockedPages
_stricmp
_strnicmp
RtlVolumeDeviceToDosName
ZwMapViewOfSection
MmGetSystemRoutineAddress
ZwQuerySystemInformation
KeReleaseSpinLock
ZwOpenThread
IoFreeMdl
KeDelayExecutionThread
MmMapLockedPagesSpecifyCache
ZwUnmapViewOfSection
IoGetCurrentProcess
MmProbeAndLockPages
ZwOpenProcess
MmUnlockPages
ZwQueryInformationProcess
ZwCreateSection
wcsncmp
ZwTerminateProcess
ZwQueryInformationThread
IoAllocateMdl
KeAcquireSpinLockRaiseToDpc
ZwQuerySymbolicLinkObject
KeSetEvent
RtlEqualUnicodeString
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwQueryDirectoryObject
IoFreeIrp
IoAllocateIrp
IoGetDeviceInterfaces
IoCreateNotificationEvent
ObQueryNameString
ZwWaitForSingleObject
ZwQueryDirectoryFile
KeResetEvent
KdDebuggerNotPresent
PsCreateSystemThread
PsTerminateSystemThread
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2749bdc11bc0496f613cfd5f22440ca51841f39144b86ebe85e755f87d36fc91.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

20/20tm
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_data
Size: 1KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3da3613cd6ff26b95905b5510c5201ddfa8efc74041e19a365326b52c5be3999.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3f122bee753762566fd28608a1b861dd3e7b1945e923382d0a47d13aac3bc1e6.dll
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
442fce0d1a2dd3f042d6c64b6965f55590ad7774ccfe8d8a4893f4e444bea8b4.xlsx
.xlam .xlsx office2007
5145a51514f62d49ea0124a2e659ba9708bd67db840fff193fa00268c32edb45.dll
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5db6f88d34a97dcbeb1ef4807be9342534fbb9e19cbcc797a7b8aea44af1217c.dll
.dll windows:4 windows x86

6d653b32e0efb1ff87f3cfe21a9d8db2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:9e:74:6c:15:a8:5e:54:7a:fa:f6:a4:c3:27:7c:81
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12-04-2011 00:00

Not After

11-04-2013 23:59

Subject

CN=fuzhou tian xia chuang shi digital Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=fuzhou tian xia chuang shi digital Co.\,Ltd,L=fuzhou,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:5e:e0:38:ea:b7:8f:76:02:e5:96:54:74:39:d1:eb:c9:50:9f:fb
Signer

Actual PE Digest

f4:5e:e0:38:ea:b7:8f:76:02:e5:96:54:74:39:d1:eb:c9:50:9f:fb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetSystemDirectoryA
OutputDebugStringA
FreeLibrary
VirtualAlloc
VirtualFree
WriteProcessMemory
GetCurrentProcess
Sleep
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

ClipCursor
SetCursorPos
RegisterClassA
GetWindowLongA
SetWindowLongA
ChangeDisplaySettingsA

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5.sys
.dll windows:5 windows x64

1fb8e85267a70537d661f9df2fc215ac

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:c9:af:8c:4b:e8:f6:2d:25:b9:55:f9:2d:2a:4e:9e:bd:34:f7:fa:78:75:80:45:4e:f5:42:41:10:2e:7b:30
Signer

Actual PE Digest

b3:c9:af:8c:4b:e8:f6:2d:25:b9:55:f9:2d:2a:4e:9e:bd:34:f7:fa:78:75:80:45:4e:f5:42:41:10:2e:7b:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

RtlInitUnicodeString
KeSetEvent
KeInitializeEvent
ZwCreateFile
ExAllocatePool
ZwClose
ObReferenceObjectByHandle
KeWaitForSingleObject
ObfDereferenceObject
ZwWriteFile
DbgPrint
InitializeSListHead
ExpInterlockedPushEntrySList
KeInitializeDpc
KeReleaseSpinLock
ExpInterlockedPopEntrySList
ZwWaitForSingleObject
KeFlushQueuedDpcs
PsCreateSystemThread
ExSystemTimeToLocalTime
_vsnprintf
KeInsertQueueDpc
RtlTimeToTimeFields
PsThreadType
PsGetCurrentThreadId
KeAcquireSpinLockRaiseToDpc
PsProcessType
PsLookupProcessByProcessId
_wcsnicmp
ExFreePoolWithTag
ZwOpenProcess
ZwQueryInformationProcess
RtlCopyUnicodeString
MmIsAddressValid
ZwTerminateProcess
ObOpenObjectByPointer
PsGetProcessId
RtlAppendUnicodeToString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeDelayExecutionThread
ZwQuerySystemInformation
KeBugCheckEx
KeClearEvent
IoDeleteSymbolicLink
KeResetEvent
IoCreateNotificationEvent
KeSetPriorityThread
IoDeleteDevice
KeSetTimerEx
PsTerminateSystemThread
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeInitializeTimerEx
KeCancelTimer
PsGetProcessInheritedFromUniqueProcessId
ExAllocatePoolWithTag
__C_specific_handler

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9661ed586dbe16987ab1823f92cd854ea32b1817f04a95656917bf3977c1de79.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
abfde7c29a4a703daa2b8ad2637819147de3a890fdd12da8279de51a3cc0d96d.aspx
.js
b4bf3e5d5e85ff314abf8acc1f3150bed6e9d9da7814a1166a9ecfd858e8fd99.exe
.exe windows:5 windows x86

43fb8184229f053b2b9a573a33981d5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_except_handler4_common
_decode_pointer
_controlfp_s
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_strdup
realloc
bsearch
qsort
memset
memcpy
_stricmp
setbuf
getenv
atoi
malloc
free
_snprintf
strncmp
strrchr
fprintf
__iob_func
_invoke_watson
strncpy

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapAlloc
IsBadReadPtr
SetLastError
GetProcessHeap
HeapFree
VirtualFree
VirtualProtect
VirtualAlloc
FreeLibrary
GetModuleHandleA
OutputDebugStringA
GetFullPathNameA
LoadLibraryA
GetProcAddress
UnmapViewOfFile
CreateFileA
GetFileSize
CreateFileMappingA
CloseHandle
MapViewOfFile
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetLastError
FormatMessageA
LocalFree
IsDebuggerPresent

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ca7beb1d3a300f65850f9db7b19d6b75718fdbd99d1588f678603143519a9a8c.exe
.exe windows:5 windows x86

8779b776c1a864692d232a3b415d98b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netservice

?GetLastTcpError@@YAHXZ
?DisConnectTCP@@YA_NXZ
?ConnectTCP@@YA_NXZ
?CreateTCP@@YA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@F@Z
?SetNewHttpContacterServer@@YA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?HttpLogin@@YA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAULoginResult@@@Z
?SetNewHttpLoginServer@@YA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetCurlCode@@YAHXZ
?GetHttpCode@@YAHXZ
?GetLocalIP@@YA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV12@@Z
?HttpLogout@@YA_NXZ

mfc90u

ord1727
ord5650
ord3140
ord3286
ord4910
ord3562
ord595
ord1108
ord1137
ord1938
ord5008
ord2596
ord4442
ord2069
ord524
ord967
ord5182
ord2909
ord4516
ord2904
ord2360
ord6275
ord3515
ord4682
ord5653
ord4664
ord1492
ord6408
ord3353
ord1675
ord1809
ord1810
ord5324
ord5167
ord4631
ord5632
ord1254
ord1250
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5664
ord4603
ord6800
ord5512
ord2074
ord5602
ord4657
ord1493
ord4345
ord1751
ord1754
ord6411
ord3355
ord1695
ord2279
ord4511
ord1602
ord2105
ord6791
ord1488
ord4000
ord374
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord1791
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord2447
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3670
ord692
ord639
ord2208
ord6482
ord1098
ord4211
ord794
ord1792
ord2139
ord5625
ord1442
ord3226
ord6376
ord5404
ord3682
ord6804
ord4174
ord6802
ord589
ord4043
ord4967
ord1641
ord2368
ord2375
ord801
ord799
ord1272
ord2630
ord2612
ord2478
ord5979
ord6013
ord4405
ord899
ord280
ord811
ord813
ord1552
ord2525
ord6813
ord5535
ord663
ord404
ord3729
ord1211
ord286
ord2537
ord296
ord600
ord266
ord265
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord2251
ord971
ord744

msvcr90

memset
_CxxThrowException
malloc
_wtol
wcsftime
_localtime64
_time64
_beginthreadex
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memcpy
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__CxxFrameHandler3
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
calloc
_recalloc
free
??0exception@std@@QAE@ABV01@@Z

kernel32

InitializeCriticalSection
EnterCriticalSection
DeleteFileW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
CreateDirectoryW
GetFileAttributesW
MultiByteToWideChar
GetLastError
WideCharToMultiByte
LoadLibraryW
GetProcAddress
FreeLibrary
LeaveCriticalSection
SetLastError
QueryPerformanceCounter
lstrlenW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetTickCount
CloseHandle
TerminateThread
WaitForSingleObject
WaitForMultipleObjects

user32

AppendMenuW
IsIconic
GetSystemMetrics
GetSystemMenu
DrawIcon
LoadIconW
EnableWindow
wvsprintfW
SendMessageW
GetClientRect

comctl32

InitCommonControlsEx

msvcp90

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

ws2_32

WSAStartup
WSACleanup
gethostbyname
inet_ntoa
htons
inet_addr
bind

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cd5bc51508f01f816121b5f67fa53f2f7aa2d55b182850709bbfb82370ea9e54.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e3de56743984f479773ffddf63214d7e202421ee8f23f05e9bb76aad2c77e20a.exe
.exe windows:4 windows x86

5946fd983925428aae7317d5d4322237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaLineInputStr
__vbaLenBstr
ord588
__vbaStrVarMove
ord589
ord697
__vbaFreeVarList
_adj_fdiv_m64
ord513
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaResume
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaLateMemSt
ord669
__vbaForEachCollObj
__vbaBoolStr
__vbaExitProc
__vbaFileCloseAll
ord595
__vbaCyAdd
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVar
__vbaForEachCollVar
ord523
__vbaBoolVarNull
_CIsin
ord709
ord631
__vbaErase
__vbaLateMemStAd
__vbaNextEachCollObj
ord525
__vbaVarZero
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord529
__vbaCyI2
__vbaStrCmp
__vbaVarTstEq
__vbaCyI4
__vbaNextEachCollVar
__vbaPrintObj
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaFpCmpCy
__vbaVarMul
__vbaExceptHandler
ord712
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaVarDiv
ord531
__vbaFPException
__vbaInStrVar
ord532
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord534
__vbaDateVar
ord536
__vbaI2Var
ord644
ord537
ord645
_CIlog
ord646
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaInStr
__vbaNew2
ord571
__vbaCyMulI2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
__vbaDerefAry1
_adj_fdivr_m32
__vbaPowerR8
ord577
_adj_fdiv_r
ord578
ord685
ord100
ord579
__vbaI4Var
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
ord616
__vbaFpI4
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaR8IntI2
__vbaLateMemCallLd
_CIatan
ord618
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord650
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
ord546
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
ord580
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e638aa804875b3c94602ae32a44f0ccd679c2d533410d09451ae85c636c01dc7.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fbc7cfe8a0e5524cda68dc93c9ff0003bdfa0ca55207504e6493d4657a925d02.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 852KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 916KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

392b4d61b1d1dadc1f06444df258188a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-systemtopology-l1-1-0

api-ms-win-core-console-l2-2-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-processtopology-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 176KB - Virtual size: 176KB

.data Size: 512B - Virtual size: 109KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 72B

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 9KB - Virtual size: 9KB

a998fe47a44bfbf2399968e21cfdf7ca

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:c5:bc:ad:73:31:9e:e0:13:1e:32:8a:2b:81:4e:16:4aCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7bSigner

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 872B

Headers

File Characteristics

Sections

.text Size: 112KB - Virtual size: 112KB

.text
Size: 176KB - Virtual size: 176KB

.data
Size: 512B - Virtual size: 109KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 72B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 9KB - Virtual size: 9KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:c5:bc:ad:73:31:9e:e0:13:1e:32:8a:2b:81:4e:16:4a
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

0b:ca:6c:35:15:92:82:fd:64:61:5a:bc:4d:39:83:99:b0:61:84:7b
Signer

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 872B

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 70KB - Virtual size: 307KB

.idata
Size: 4KB - Virtual size: 4KB

Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 111KB - Virtual size: 111KB

20/20tm
Size: 32KB - Virtual size: 31KB

_data
Size: 1KB - Virtual size: 15KB

_idata
Size: 3KB - Virtual size: 3KB

_rsrc
Size: 13KB - Virtual size: 13KB

_reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 552KB - Virtual size: 552KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 312KB - Virtual size: 312KB

.rsrc
Size: 32KB - Virtual size: 32KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 83KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 83KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

20:9e:74:6c:15:a8:5e:54:7a:fa:f6:a4:c3:27:7c:81
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f4:5e:e0:38:ea:b7:8f:76:02:e5:96:54:74:39:d1:eb:c9:50:9f:fb
Signer

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate