5952ac4a612df2ffcdf4577fad9fe8de356e692207e10b8fcd1f9d57097bff39

Sharing

Copy URL Twitter E-mail

General

Target

5952ac4a612df2ffcdf4577fad9fe8de356e692207e10b8fcd1f9d57097bff39
Size

5.0MB
MD5

5da2bcc9a7a7430fc98afaca9cc92e87
SHA1

cb6ae7ac369b2c81765be184b7a9805bcf000aa2
SHA256

5952ac4a612df2ffcdf4577fad9fe8de356e692207e10b8fcd1f9d57097bff39
SHA512

a7ae7c912a10de9dcd46285f547b23a625cdf96286c93cf9abf90fb5efa96a4419d7939e04e61985a005677969e2fda2327b717062ec16fc942ee3580dd7dbfa
SSDEEP

98304:Ofz441GFl2VzA6bVJgPPHDzKslXxSTe2pwoUallR3yAIXNA:yz4iy8z0PvD2gXT6Us3yAGNA

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/is-65RPV.tmp/SplitLib.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/is-65RPV.tmp/SplitLib.dll	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/is-65RPV.tmp/CLS-DISKSPAN.dll
unpack001/is-65RPV.tmp/CLS-SREP_NEW.dll
unpack001/is-65RPV.tmp/CLS-SREP_NEW_x64.exe
unpack001/is-65RPV.tmp/CLS-SREP_NEW_x86.exe
unpack001/is-65RPV.tmp/Facompress.dll
unpack001/is-65RPV.tmp/Facompress_MT.dll
unpack001/is-65RPV.tmp/ISDone.dll
unpack001/is-65RPV.tmp/SplitLib.dll
unpack002/out.upx
unpack001/is-65RPV.tmp/UnArc.dll
unpack001/is-65RPV.tmp/XTool_2020/XTool.exe
unpack001/is-65RPV.tmp/XTool_2020/oo2core_8_win64.dll
unpack001/is-65RPV.tmp/XTool_2020/unreal.dll
unpack001/is-65RPV.tmp/_isetup/_setup64.tmp
unpack001/is-65RPV.tmp/style.cjstyles

Files

5952ac4a612df2ffcdf4577fad9fe8de356e692207e10b8fcd1f9d57097bff39
.zip
is-65RPV.tmp/Arc.ini
is-65RPV.tmp/CLS-DISKSPAN.dll
.dll windows:6 windows x86

5893b600409e7e1c087ca8b9f840eb08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GetExitCodeProcess
CloseHandle
LocalFree
TlsAlloc
QueryPerformanceFrequency
IsDebuggerPresent
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
CreateThread
CompareStringW
CopyFileW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
MoveFileW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetPrivateProfileStringW
CreateEventW
SetThreadLocale
GetThreadLocale

comdlg32

GetSaveFileNameW
GetOpenFileNameW

shell32

SHFileOperationW

user32

TranslateMessage
CharLowerBuffW
PeekMessageW
CharUpperW
CallMsgFilterW
GetSystemMetrics
MessageBoxW
CharUpperBuffW
CharNextW
PostQuitMessage
MsgWaitForMultipleObjects
LoadStringW
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Exports

Exports

ClsGetSourcePath
ClsGetWaitDiskTime
ClsInit
ClsMain
ClsSetDiskList
ClsSetDiskRequest
ClsSetMessageText
ClsSetSourcePath
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 879KB - Virtual size: 879KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
is-65RPV.tmp/CLS-SREP_NEW.dll
.dll windows:6 windows x86

c849cad45b0737bcd37d03ce800a6527

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
VirtualFree
WaitForSingleObject
SetEvent
UnmapViewOfFile
TerminateThread
GetExitCodeProcess
Sleep
GetModuleFileNameA
GetModuleHandleExA
VirtualAlloc
CreateThread
OpenFileMappingA
CreateProcessA
IsWow64Process
GetCurrentProcess
MapViewOfFile
CreateFileMappingA
CreateEventA
OpenEventA

user32

MessageBoxA

Exports

Exports

ClsMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
is-65RPV.tmp/CLS-SREP_NEW_x64.exe
.exe windows:6 windows x64

9ed53b37eabf83103a8e58caec4de5a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetConsoleWindow
WaitForSingleObject
SetEvent
ReadFile
GlobalMemoryStatus
GetProcAddress
GetModuleHandleW
WriteFile
CloseHandle
UnmapViewOfFile
CreateFileA
GetModuleFileNameA
GetPrivateProfileStringA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
LoadLibraryA
GlobalMemoryStatusEx
CreateFileMappingA
MapViewOfFile
OpenFileMappingA
OpenEventA
SetEndOfFile
HeapReAlloc
HeapSize
CreateFileW
FlushFileBuffers
GetStringTypeW
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageA
GetThreadLocale
InitializeCriticalSection
LoadLibraryExA
LeaveCriticalSection
GetModuleHandleExA
GetEnvironmentVariableA
EnterCriticalSection
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
SetLastError
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetFileType
SetStdHandle
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
DeleteFileW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW

user32

MessageBoxA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_o
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
is-65RPV.tmp/CLS-SREP_NEW_x86.exe
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
is-65RPV.tmp/CLS.ini
is-65RPV.tmp/Facompress.dll
.dll windows:5 windows x86

d1a2a2225239488d032c2863d715c8ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharToOemW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

kernel32

GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
FlushFileBuffers
WriteConsoleW
GetStringTypeW
GetConsoleWindow
LoadLibraryA
GetProcAddress
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
GetCurrentThread
SetThreadPriority
WaitForSingleObject
CloseHandle
CreateFileW
GetModuleHandleW
VirtualFree
VirtualAlloc
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
CreateSemaphoreW
DeleteCriticalSection
CreateEventW
ResetEvent
SetEvent
GetModuleFileNameW
LoadLibraryW
GetLastError
InitializeCriticalSection
FormatMessageA
GetThreadLocale
DecodePointer
EncodePointer
HeapAlloc
ExitProcess
RtlUnwind
HeapFree
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
Sleep
WriteFile
GetStdHandle
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
SetHandleCount
GetStartupInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
RaiseException
HeapSize
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId

Exports

Exports

CrcUpdate
Fast_AesCtr_Code
GRZip_CompressBlock
GRZip_DecompressBlock
GRZip_GetAdaptiveBlockSize
SetCompressionThreads
Set_compress_all_at_once
dict_compress
dict_decompress
lzma_compress2
lzma_decompress2
lzp_compress
lzp_decompress
ppmd_compress2
ppmd_decompress2

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
is-65RPV.tmp/Facompress_MT.dll
.dll windows:5 windows x86

cfd48690cc7d83dcacd98e6d3f4ffb2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharToOemW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

kernel32

GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
FlushFileBuffers
WriteConsoleW
GetStringTypeW
GetConsoleWindow
LoadLibraryA
GetProcAddress
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
CloseHandle
CreateFileW
GetModuleHandleW
VirtualFree
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameW
LoadLibraryW
GetLastError
InitializeCriticalSection
FormatMessageA
GetThreadLocale
DecodePointer
EncodePointer
HeapAlloc
ExitProcess
RtlUnwind
HeapFree
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
Sleep
WriteFile
GetStdHandle
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
SetHandleCount
GetStartupInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
RaiseException
HeapSize
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId

Exports

Exports

SetCompressionThreads
Set_compress_all_at_once
ppmd_de_compress

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
is-65RPV.tmp/ISDone.dll
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ChangeLanguage
Exec2
FileSearchInit
IS7zipExtract
ISArcExtract
ISDoneInit
ISDoneStop
ISExec
ISFindFiles
ISFindFree
ISGetName
ISPackZIP
ISPickFilename
ISPrecompExtract
ISRarExtract
ISSrepExtract
ISxDeltaExtract
PrecompInit
ResumeProc
ShowChangeDiskWindow
SrepInit
SuspendProc
wrapcallback

Sections

CODE
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 569B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
is-65RPV.tmp/ISSKin.dll
.dll windows:4 windows x86

4883c868831e8386824f7588b8ea92c2

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/10/2008, 00:00

Not After

20/10/2010, 23:59

Subject

CN=Codejock Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Codejock Software,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

81:77:00:dd:33:8d:5d:9a:81:ad:f7:eb:3a:54:75:3c:0b:dd:0c:74
Signer

Actual PE Digest

81:77:00:dd:33:8d:5d:9a:81:ad:f7:eb:3a:54:75:3c:0b:dd:0c:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

mfc42u

ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord824
ord826
ord2099
ord2836
ord5446
ord5436
ord6379
ord6390
ord1560
ord1255
ord268
ord665
ord5180
ord354
ord703
ord404
ord1173
ord6193
ord6051
ord1768
ord5286
ord3737
ord567
ord818
ord4294
ord4270
ord755
ord470
ord613
ord289
ord2371
ord2444
ord6153
ord1258
ord2755
ord2225
ord5674
ord922
ord925
ord4197
ord397
ord699
ord5589
ord3433
ord912
ord4183
ord805
ord3025
ord4199
ord2373
ord1150
ord539
ord6867
ord533
ord924
ord4272
ord4273
ord6865
ord6279
ord3792
ord2559
ord5781
ord1263
ord2442
ord3397
ord2862
ord6654
ord4279
ord4118
ord4282
ord2706
ord1941
ord4221
ord3879
ord3915
ord1226
ord2372
ord3084
ord860
ord2857
ord3747
ord3749
ord2235
ord536
ord6238
ord1115
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord269
ord4073
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord3566
ord2855
ord2859
ord5977
ord290
ord614
ord3574
ord3348
ord2793
ord2732
ord6466
ord823
ord815
ord825
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord1172
ord764
ord4016
ord5871
ord3614
ord6278
ord2756
ord4124
ord3871
ord2606
ord858
ord540
ord1791
ord2910
ord5568
ord1165
ord1229
ord3133
ord861
ord535
ord538
ord800
ord562
ord816
ord6640
ord2746
ord2745
ord6871
ord2397
ord3568
ord3688
ord2854
ord3658
ord5777
ord2406
ord3621
ord3701
ord323
ord1633
ord1634
ord640
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord3948
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord1179
ord1570
ord1568

msvcrt

fprintf
malloc
wcscmp
swprintf
fread
free
_snprintf
longjmp
_iob
abort
_setjmp3
_ftol
_CIpow
strtod
__CxxFrameHandler
wcsstr
_wcslwr
_wcsicmp
_wtoi
_purecall
memmove
swscanf
wcslen
strrchr
wcscpy
wcschr
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv

kernel32

SetEvent
GetExitCodeThread
TerminateThread
SetThreadPriority
ResumeThread
WaitForSingleObject
ResetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
LocalSize
OpenProcess
GetModuleFileNameA
LoadLibraryExW
LoadLibraryExA
CreateThread
VirtualQuery
VirtualProtect
GetSystemInfo
LoadLibraryA
GetCurrentProcessId
FreeLibrary
GetFileAttributesW
LocalFree
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
ReadFile
CloseHandle
InterlockedIncrement
SizeofResource
LoadResource
LockResource
GetModuleHandleA
MulDiv
LoadLibraryW
GetProcAddress
GetCurrentThreadId
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LocalAlloc

user32

DrawEdge
DrawFrameControl
DrawMenuBar
TrackPopupMenu
TrackPopupMenuEx
InflateRect
LoadIconW
SendMessageTimeoutW
BeginPaint
EndPaint
PostMessageW
GetWindowThreadProcessId
EnumWindows
SetTimer
DrawFocusRect
GetFocus
GetKeyState
SetClassLongW
KillTimer
GetMenuState
GetSystemMenu
TranslateMessage
GetMenu
MoveWindow
GetMenuItemCount
SetMenuDefaultItem
GetMenuItemInfoW
GetWindowDC
SetWindowPos
UpdateWindow
GetMenuItemID
GetMenuDefaultItem
MessageBeep
WaitMessage
CreateWindowExW
GetDoubleClickTime
DefDlgProcW
IsWindowEnabled
DefWindowProcW
LoadCursorW
GetWindowLongW
IntersectRect
SetCapture
IsRectEmpty
GetCapture
GetMessageW
ClientToScreen
OffsetRect
DispatchMessageW
AdjustWindowRectEx
CopyRect
GetClientRect
IsWindow
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CallNextHookEx
GetParent
SetWindowsHookExW
UnhookWindowsHookEx
GetDesktopWindow
GetDC
ReleaseDC
GetSysColor
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcA
CallWindowProcA
GetScrollInfo
EnableScrollBar
SetScrollInfo
SetScrollPos
InvalidateRect
GetSysColorBrush
GetWindow
GetClassNameW
GetSystemMetrics
EqualRect
GetClassLongW
FillRect
GetMenuStringW
DestroyIcon
GetIconInfo
DrawIconEx
DrawStateW
LoadImageW
RegisterClipboardFormatW
SetWindowRgn
CallWindowProcW
RegisterWindowMessageW
IsWindowUnicode
SetWindowLongW
GetWindowLongA
RegisterClassW
RegisterClassA
DefMDIChildProcW
ReleaseCapture
DefMDIChildProcA
SetWindowLongA
SendMessageW
EnableWindow
GrayStringW
DrawTextW
TabbedTextOutW
GetSubMenu
PeekMessageW
SetRect
IsWindowVisible
SystemParametersInfoW

gdi32

CreateRectRgn
CombineRgn
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
CreatePalette
CreateDIBitmap
CreateDIBSection
GetObjectType
GetTextColor
ExtSelectClipRgn
IntersectClipRect
GetClipRgn
GetTextCharsetInfo
OffsetRgn
SetBrushOrgEx
GetTextMetricsW
SetBkMode
CreatePatternBrush
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontIndirectW
GetTextExtentPoint32W
Polygon
PatBlt
CreateSolidBrush
CreatePen
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectW
SelectPalette
GetDeviceCaps
GetPixel

comctl32

ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Destroy
_TrackMouseEvent
FlatSB_GetScrollProp
ImageList_Draw
ImageList_GetBkColor
ImageList_GetIconSize
ImageList_DrawIndirect

oleaut32

OleLoadPicturePath

imagehlp

ImageDirectoryEntryToData

winmm

waveOutGetNumDevs
PlaySoundW

Exports

Exports

LoadSkin
UnloadSkin

Sections

.text
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
is-65RPV.tmp/Records.ini
is-65RPV.tmp/Setup.dll
is-65RPV.tmp/SplitLib.dll
.dll windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AnsiToUtf8
ConvertDisk
DetectUTF8Encoding
FloatToString
IsUtf8String
JoinDataFiles
MergeDataFile
ProgressCalcule
SplitBuffer
SplitDataFile
SplitState
StrAsAnsi
Utf8ToAnsi
ValueToBytes

Sections

UPX0
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 106KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 377B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
is-65RPV.tmp/UnArc.dll
.dll windows:4 windows x86

c2e7d670726c015614314aec430d4dd7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW

kernel32

AddAtomA
CloseHandle
CreateEventW
CreateFileW
CreateMutexA
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
FindAtomA
FindFirstFileW
FindNextFileW
FreeLibrary
GetAtomNameA
GetConsoleTitleA
GetConsoleTitleW
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetFileAttributesW
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoW
GetSystemInfo
GetTempPathW
GetThreadPriority
GetThreadTimes
GetTickCount
GetVersionExW
GlobalMemoryStatus
GlobalMemoryStatusEx
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
ReleaseSemaphore
ResetEvent
SetConsoleTitleA
SetConsoleTitleW
SetEvent
SetFileAttributesW
SetFileTime
SetLastError
SetThreadPriority
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
lstrlenW

msvcrt

_close
_dup
_dup2
_read
_stricmp
_write
__dllonexit
__mb_cur_max
_assert
_beginthreadex
_errno
_filelengthi64
_flsbuf
_get_osfhandle
_iob
_isctype
_lrotr
_lseeki64
_pctype
_pipe
_waccess
_wcslwr
_wmkdir
_wopen
_wremove
_wrename
_wrmdir
abort
atof
atoi
calloc
exit
fflush
fprintf
free
gmtime
localtime
longjmp
malloc
memchr
memcpy
memmove
memset
printf
qsort
raise
realloc
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strftime
strlen
strncmp
strstr
tolower
wcschr
wcscmp
wcscpy
wcslen
wcsrchr

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize

shell32

SHGetFolderPathW
ShellExecuteExW

user32

CharToOemW
ExitWindowsEx
FindWindowA
GetActiveWindow
GetCapture
GetCaretPos
GetClipboardOwner
GetClipboardViewer
GetCursorPos
GetDesktopWindow
GetFocus
GetInputState
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
GetSystemMetrics
OemToCharW

Exports

Exports

FreeArcExtract
UnloadDLL

Sections

.text
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 258KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
is-65RPV.tmp/UninstallList.ini
is-65RPV.tmp/XTool_2020/XTool.exe
.exe windows:6 windows x64

e5a69361caddcbe723d371f971376903

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFileAttributesW
GetFileType
FlushViewOfFile
RtlUnwindEx
QueryDosDeviceW
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
SizeofResource
VirtualProtect
CreateSemaphoreW
OpenFileMappingW
UpdateResourceW
TerminateThread
QueryPerformanceFrequency
GetHandleInformation
SetHandleInformation
IsDebuggerPresent
FindNextFileW
FlushInstructionCache
GetFullPathNameW
VirtualFree
GetProcessHeap
HeapAlloc
ExitProcess
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
LoadLibraryA
GetVolumeInformationW
ResetEvent
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GetSystemTimeAsFileTime
FormatMessageW
SwitchToThread
GetExitCodeThread
WriteConsoleW
GetCurrentThread
GetFileAttributesExW
IsBadReadPtr
GlobalMemoryStatusEx
LoadLibraryExW
TerminateProcess
LockResource
CancelIo
BeginUpdateResourceW
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetFileSize
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
SetConsoleCursorPosition
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
FindResourceExW
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetProcessTimes
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
GetComputerNameW
IsValidLocale
TlsSetValue
EndUpdateResourceW
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
GetConsoleScreenBufferInfo
LocalAlloc
RemoveDirectoryW
CreateEventW
GetPrivateProfileStringW
GetThreadLocale
SetThreadLocale

dbghelp

ImageRvaToVa
ImageNtHeader

version

GetFileVersionInfoSizeW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW

user32

CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
CharLowerBuffW
LoadStringW
CharUpperW
PeekMessageW
GetSystemMetrics
MessageBoxW

oleaut32

SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType
VariantCopyInd

msvcrt

memcpy

advapi32

RegQueryValueExW
GetUserNameW
RegCloseKey
RegOpenKeyExW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 88KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 600B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
is-65RPV.tmp/XTool_2020/oo2core_8_win64.dll
.dll windows:6 windows x64

b1ec606189d70ca0a229302518826b7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
HeapAlloc
HeapFree
GetProcessHeap
EncodePointer
DecodePointer
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
GetLastError
SetLastError
RtlPcToFileHeader
RaiseException
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetModuleFileNameW
LoadLibraryExW
HeapReAlloc
GetStringTypeW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW

Exports

Exports

OodleCore_Plugin_DisplayAssertion_Default
OodleCore_Plugin_Free_Default
OodleCore_Plugin_MallocAligned_Default
OodleCore_Plugin_Printf_Default
OodleCore_Plugin_Printf_Verbose
OodleCore_Plugin_RunJob_Default
OodleCore_Plugin_WaitJob_Default
OodleCore_Plugins_SetAllocators
OodleCore_Plugins_SetAssertion
OodleCore_Plugins_SetJobSystem
OodleCore_Plugins_SetPrintf
OodleKraken_Decode_Headerless
OodleLZDecoder_Create
OodleLZDecoder_DecodeSome
OodleLZDecoder_Destroy
OodleLZDecoder_MakeValidCircularWindowSize
OodleLZDecoder_MemorySizeNeeded
OodleLZDecoder_Reset
OodleLZ_CheckSeekTableCRCs
OodleLZ_Compress
OodleLZ_CompressContext_Alloc
OodleLZ_CompressContext_Free
OodleLZ_CompressContext_Reset
OodleLZ_CompressOptions_GetDefault
OodleLZ_CompressOptions_Validate
OodleLZ_CompressWithContext
OodleLZ_CompressionLevel_GetName
OodleLZ_Compressor_GetName
OodleLZ_CreateSeekTable
OodleLZ_Decompress
OodleLZ_FillSeekTable
OodleLZ_FindSeekEntry
OodleLZ_FreeSeekTable
OodleLZ_GetAllChunksCompressor
OodleLZ_GetChunkCompressor
OodleLZ_GetCompressScratchMemBound
OodleLZ_GetCompressedBufferSizeNeeded
OodleLZ_GetCompressedStepForRawStep
OodleLZ_GetDecodeBufferSize
OodleLZ_GetFirstChunkCompressor
OodleLZ_GetInPlaceDecodeBufferSize
OodleLZ_GetNumSeekChunks
OodleLZ_GetSeekEntryPackedPos
OodleLZ_GetSeekTableMemorySizeNeeded
OodleLZ_GetZipLikeCompressionSettings
OodleLZ_Jobify_GetName
OodleLZ_MakeSeekChunkLen
OodleLZ_ThreadPhased_BlockDecoderMemorySizeNeeded
Oodle_CheckVersion
Oodle_GetConfigValues
Oodle_LogHeader
Oodle_SetConfigValues
Oodle_SetUsageWarnings

Sections

.text
Size: 805KB - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
is-65RPV.tmp/XTool_2020/unreal.dll
.dll windows:6 windows x64

e56c4774a70e172eb191cf1eed4fd159

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
RtlUnwindEx
GetACP
LocalFree
CloseHandle
SuspendThread
TlsAlloc
GetTickCount
QueryPerformanceFrequency
VirtualFree
HeapAlloc
GetStartupInfoW
ExitProcess
InitializeCriticalSection
GetCPInfoExW
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
RtlUnwind
GetCPInfo
GetCommandLineW
GetSystemInfo
ResumeThread
GetProcAddress
LeaveCriticalSection
GetStdHandle
GetVersionExW
VerifyVersionInfoW
GetModuleHandleW
FreeLibrary
HeapCreate
HeapDestroy
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
GetUserDefaultUILanguage
FindFirstFileW
TlsFree
SetLastError
GetModuleFileNameW
GetLastError
lstrlenW
QueryPerformanceCounter
CompareStringW
CreateThread
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryW
LoadLibraryA
ResetEvent
SetEvent
GetLocaleInfoW
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetLocalTime
WaitForSingleObject
GetCurrentThread
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
IsValidLocale
TlsSetValue
LoadLibraryExW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
CreateEventW
VirtualQueryEx
GetThreadLocale
Sleep
SetThreadLocale

user32

CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
CharLowerBuffW
LoadStringW
CharUpperW
PeekMessageW
GetSystemMetrics
MessageBoxW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Exports

Exports

PrecompCodec
PrecompFree
PrecompInit
PrecompProcess
PrecompRestore
PrecompScan1
PrecompScan2
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 940KB - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 49KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 315B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
is-65RPV.tmp/_isetup/_setup64.tmp
.exe windows:4 windows x64

35a25297eaad71a907abf55111fc7e24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

shlwapi

StrToIntW
StrToInt64ExW

kernel32

ReadFile
WriteFile
CloseHandle
SetConsoleCtrlHandler
SetProcessShutdownParameters
SetCurrentDirectoryW
GetSystemDirectoryW
SetErrorMode
ExitProcess
LocalFree
GetLastError
GetCommandLineW

advapi32

FreeSid
GetNamedSecurityInfoW
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW

shell32

CommandLineToArgvW

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
is-65RPV.tmp/blogo.bmp
is-65RPV.tmp/english.ini
is-65RPV.tmp/style.cjstyles
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 720KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5893b600409e7e1c087ca8b9f840eb08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comdlg32

shell32

user32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 879KB - Virtual size: 879KB

.itext Size: 7KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 15KB

.bss Size: - Virtual size: 26KB

.idata Size: 3KB - Virtual size: 3KB

.didata Size: 1024B - Virtual size: 524B

.edata Size: 512B - Virtual size: 358B

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 82KB - Virtual size: 82KB

.rsrc Size: 13KB - Virtual size: 13KB

c849cad45b0737bcd37d03ce800a6527

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.idata Size: 1024B - Virtual size: 632B

.reloc Size: 512B - Virtual size: 408B

.rsrc Size: 1024B - Virtual size: 800B

9ed53b37eabf83103a8e58caec4de5a3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Sections

.text Size: 197KB - Virtual size: 197KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 6KB - Virtual size: 19KB

.pdata Size: 9KB - Virtual size: 8KB

.data1 Size: 1KB - Virtual size: 1KB

_RDATA Size: 4KB - Virtual size: 4KB

.debug_o Size: 12KB - Virtual size: 11KB

.rsrc Size: 16KB - Virtual size: 15KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 123KB - Virtual size: 122KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 5KB - Virtual size: 146KB

.data1 Size: 1KB - Virtual size: 1KB

_RDATA Size: 1KB - Virtual size: 1KB

.rsrc Size: 6KB - Virtual size: 6KB

d1a2a2225239488d032c2863d715c8ca

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

advapi32

kernel32

Exports

.text
Size: 879KB - Virtual size: 879KB

.itext
Size: 7KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 15KB

.bss
Size: - Virtual size: 26KB

.idata
Size: 3KB - Virtual size: 3KB

.didata
Size: 1024B - Virtual size: 524B

.edata
Size: 512B - Virtual size: 358B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 82KB - Virtual size: 82KB

.rsrc
Size: 13KB - Virtual size: 13KB

.text
Size: 13KB - Virtual size: 13KB

.idata
Size: 1024B - Virtual size: 632B

.reloc
Size: 512B - Virtual size: 408B

.rsrc
Size: 1024B - Virtual size: 800B

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 6KB - Virtual size: 19KB

.pdata
Size: 9KB - Virtual size: 8KB

.data1
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 4KB - Virtual size: 4KB

.debug_o
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 5KB - Virtual size: 146KB

.data1
Size: 1KB - Virtual size: 1KB

_RDATA
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 272KB - Virtual size: 271KB

.text1
Size: 1KB - Virtual size: 1KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 10KB - Virtual size: 183KB

.data1
Size: 4KB - Virtual size: 4KB

.trace
Size: 6KB - Virtual size: 6KB

.reloc
Size: 20KB - Virtual size: 20KB

.text
Size: 136KB - Virtual size: 135KB

.text1
Size: 512B - Virtual size: 480B

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 7KB - Virtual size: 177KB

.data1
Size: 1KB - Virtual size: 1KB

.tls
Size: 7KB - Virtual size: 6KB

.trace
Size: 5KB - Virtual size: 5KB

.reloc
Size: 16KB - Virtual size: 15KB

CODE
Size: 123KB - Virtual size: 123KB

DATA
Size: 311KB - Virtual size: 311KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 5KB - Virtual size: 4KB

.edata
Size: 1024B - Virtual size: 569B

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 2KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

05:e6:68:a2:4e:36:9e:cc:bc:a9:53:1d:11:83:64:bf
Certificate

81:77:00:dd:33:8d:5d:9a:81:ad:f7:eb:3a:54:75:3c:0b:dd:0c:74
Signer