0da59c6cad3dc76c1fdad012825408034b900a830bd45c885378b8c77db5680c

Sharing

Copy URL

Twitter E-mail

General

Target

0da59c6cad3dc76c1fdad012825408034b900a830bd45c885378b8c77db5680c
Size

11.9MB
MD5

854699cb44ca895e3782cbba1da36998
SHA1

ef2f223771bf1a33385d89fbe705c8b5add3c879
SHA256

0da59c6cad3dc76c1fdad012825408034b900a830bd45c885378b8c77db5680c
SHA512

b13b69e92faf38bcaf25b41fe25687d853b0ffcb80328bde10630f0916d26569cb079cd4bf97016777562ff6b43487987a856518ea0b4253d88fdfe589995a25
SSDEEP

196608:KoCI6k9M6VIsPWWwOE7af500z6sXSzrq7KZMRaZAJr6L0H/lW+ZgVVolIAd:rCRT5OUO536s2q7sMRHJ+YESgVKlpd

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/360hbtheme.dll	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/360hbtheme.dll

Files

0da59c6cad3dc76c1fdad012825408034b900a830bd45c885378b8c77db5680c
.zip
360hbtheme.dll
.dll windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

?CloseManagers@@YAX_N@Z
?DllExecuteNamedCommand@@YA_NPEB_W@Z
?DllExportSettingsXml@@YA_NPEB_W@Z
?DllGetSettingBool@@YA_NPEB_W@Z
?DllGetSettingInt@@YAHPEB_W@Z
?DllImportSettingsXml@@YA_NPEB_W@Z
?DllLoadStringEx@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@H@Z
?DllLogToFile@@YAXPEB_W0ZZ
?DllUpdateSettings@@YAXXZ
?EditSettings@@YAX_NH@Z
?FindTaskBar@@YAPEAUHWND__@@K@Z
?HookInject@@YA_JH_K_J@Z
?InitManagers@@YAX_N@Z
?MiniDumpType@@3W4_MINIDUMP_TYPE@@A
?ToggleStartMenu@@YAPEAUHWND__@@H_N@Z
?TopLevelFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
?WaitDllInitThread@@YAXXZ
?g_OwnerWindow@@3PEAUHWND__@@EA
?g_TaskBar@@3PEAUHWND__@@EA

Sections

Size: 87KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 34KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 18.0MB - Virtual size: 18.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
360hbtheme.exe
.exe windows:6 windows x64

61fbf438d521e1d78aadba43af5233ec

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

26/04/2023, 03:04

Not After

26/04/2026, 03:04

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:c0:ff:81:1b:87:ba:d2:32:ab:76:7c:06:39:53:d3:1f:36:3b:51:c3:dc:56:77:38:ec:f6:84:f8:a9:9a:5c
Signer

Actual PE Digest

9b:c0:ff:81:1b:87:ba:d2:32:ab:76:7c:06:39:53:d3:1f:36:3b:51:c3:dc:56:77:38:ec:f6:84:f8:a9:9a:5c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DecodePointer
HeapAlloc
HeapReAlloc
GetProcessHeap
WriteConsoleW
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
FormatMessageW
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
HeapFree
SetLastError
RaiseException
ReleaseMutex
CreateMutexW
SetUnhandledExceptionFilter
FlushFileBuffers
SetCurrentDirectoryW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSectionEx
DeleteCriticalSection
GetLastError
CloseHandle
K32GetModuleFileNameExW
OpenProcess
Sleep
GetModuleHandleW
GetCommandLineA
GetProcAddress
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FindResourceW
LoadResource
LockResource
LoadLibraryExW
FreeLibrary
GetVersion
FindFirstFileW
FindClose
GetCPInfo
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
FindNextFileW
WriteFile
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
FindFirstFileExW

user32

PostMessageW
CallWindowProcW
DefWindowProcW
SetWindowsHookExW
GetWindowThreadProcessId
GetWindowLongPtrW
FindWindowExW
FindWindowW
UnhookWindowsHookEx
SetWindowLongPtrW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyWindow
GetMessageW
IsWindow
ChangeWindowMessageFilter
AllowSetForegroundWindow
GetUserObjectInformationW
GetThreadDesktop
GetKeyState
DispatchMessageW
TranslateMessage
PeekMessageW
MessageBoxW
KillTimer
SetTimer
PostQuitMessage
RegisterWindowMessageW
UnregisterClassW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW

shell32

ShellExecuteW
SHEvaluateSystemCommandTemplate
ShellExecuteExW
DoEnvironmentSubstW

ole32

OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
CoTaskMemFree

360hbtheme

?DllUpdateSettings@@YAXXZ
?CloseManagers@@YAX_N@Z
?EditSettings@@YAX_NH@Z
?InitManagers@@YAX_N@Z
?TopLevelFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
?MiniDumpType@@3W4_MINIDUMP_TYPE@@A
?DllExportSettingsXml@@YA_NPEB_W@Z
?DllImportSettingsXml@@YA_NPEB_W@Z
?DllExecuteNamedCommand@@YA_NPEB_W@Z
?DllGetSettingInt@@YAHPEB_W@Z
?DllGetSettingBool@@YA_NPEB_W@Z
?WaitDllInitThread@@YAXXZ
?DllLoadStringEx@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@H@Z
?HookInject@@YA_JH_K_J@Z
?g_TaskBar@@3PEAUHWND__@@EA
?ToggleStartMenu@@YAPEAUHWND__@@H_N@Z
?FindTaskBar@@YAPEAUHWND__@@K@Z
?DllLogToFile@@YAXPEB_W0ZZ

shlwapi

PathFileExistsW
PathFindFileNameW

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360hbthemeOrg.dll
.dll windows:6 windows x64

254ea8b20e60777010a5e9db19b67265

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

26/04/2023, 03:04

Not After

26/04/2026, 03:04

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:55:ec:22:7f:c3:23:57:1c:e1:99:01:67:c4:77:19:e3:59:72:d7:4d:b0:30:f9:85:cf:c3:bb:4a:82:da:33
Signer

Actual PE Digest

e9:55:ec:22:7f:c3:23:57:1c:e1:99:01:67:c4:77:19:e3:59:72:d7:4d:b0:30:f9:85:cf:c3:bb:4a:82:da:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_Add
ImageList_SetOverlayImage
ImageList_AddMasked
ImageList_Remove
ImageList_Replace
ImageList_DrawEx
ImageList_ReplaceIcon
ord345
ImageList_Destroy
HIMAGELIST_QueryInterface
ImageList_SetImageCount
ImageList_Create
ord412
ord410
ImageList_GetIconSize
ord413

uxtheme

SetWindowTheme
EnableThemeDialogTexture
DrawThemeParentBackground
IsAppThemed
OpenThemeData
GetThemeColor
DrawThemeBackground
CloseThemeData
GetThemePartSize
GetWindowTheme
DrawThemeTextEx
DrawThemeText
BeginBufferedPaint
BufferedPaintSetAlpha
EndBufferedPaint
BeginPanningFeedback
EndPanningFeedback
UpdatePanningFeedback
BufferedPaintUnInit
BufferedPaintInit

wtsapi32

WTSDisconnectSession

secur32

GetUserNameExW

msimg32

AlphaBlend

netapi32

DsGetDcNameW
NetApiBufferFree

dwmapi

DwmSetWindowAttribute
DwmEnableBlurBehindWindow
DwmExtendFrameIntoClientArea
DwmIsCompositionEnabled

powrprof

SetSuspendState
GetPwrCapabilities

oleacc

LresultFromObject
CreateStdAccessibleObject

winmm

PlaySoundW

propsys

PSGetPropertyKeyFromName

kernel32

GetCurrentProcess
CloseHandle
TerminateProcess
CreateThread
WaitForSingleObject
GlobalAddAtomW
GetTickCount
SetEvent
FindResourceW
LoadResource
LockResource
VirtualProtect
SetUnhandledExceptionFilter
OpenThread
QueueUserAPC
Sleep
FreeLibraryAndExitThread
ExpandEnvironmentStringsW
CreateEventW
GetModuleFileNameW
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
GetFileSize
GlobalAlloc
GlobalLock
GlobalUnlock
ReadFile
GlobalFree
GlobalSize
SizeofResource
FindResourceExW
MultiByteToWideChar
CompareFileTime
GetFileAttributesW
InitializeSRWLock
InitializeCriticalSection
GetSystemTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetFileInformationByHandleEx
GetFileAttributesExW
FindFirstChangeNotificationW
WaitForMultipleObjects
FindNextChangeNotification
ResetEvent
FindCloseChangeNotification
SetThreadPriority
GetCurrentThread
WriteFile
SetFilePointer
GetUserPreferredUILanguages
MoveFileExW
WideCharToMultiByte
FormatMessageW
LocalFree
CreateProcessW
SetFileTime
GetTempPathW
CreateDirectoryW
CompareStringW
CopyFileW
QueryPerformanceCounter
QueryPerformanceFrequency
FindNLSStringEx
GetEnvironmentVariableW
LoadLibraryExW
DecodePointer
ExpandEnvironmentStringsA
SetEndOfFile
SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
LCMapStringW
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetFileType
GetModuleHandleExW
ExitProcess
VirtualQuery
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
EnumResourceNamesW
SetFileAttributesW
VirtualFree
VirtualAlloc
GetVersion
GetLocalTime
WriteConsoleW
GetStdHandle
AttachConsole
GetLocaleInfoW
GetLocaleInfoEx
GetUserDefaultUILanguage
OutputDebugStringW
GetCPInfo
GetCurrentProcessId
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
RaiseException
SetLastError
FreeLibrary
MulDiv
RemoveDirectoryW
FindFirstFileW
FindClose
DeleteFileW
FindNextFileW
GetProcAddress
GetModuleHandleW
LoadLibraryW
CreateFileW

user32

SetGestureConfig
SetActiveWindow
GetCapture
CloseGestureInfoHandle
MapVirtualKeyW
GetKeyNameTextW
DestroyCursor
GetGestureInfo
wsprintfW
ExitWindowsEx
GetWindowPlacement
IsZoomed
GetSystemMenu
IsChild
LoadIconW
UnregisterClassW
GetFocus
GetWindowRect
DialogBoxParamW
LockWorkStation
SetScrollPos
GetWindowTextW
GetWindowTextLengthW
LockSetForegroundWindow
PeekMessageW
TranslateMessage
DispatchMessageW
InsertMenuW
GetMenuItemCount
MapWindowPoints
PtInRect
ScreenToClient
PostMessageW
SetWindowLongPtrW
GetWindowLongPtrW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
GetSystemMetrics
LoadImageW
SetWindowPos
GetWindowLongW
GetMenu
AdjustWindowRectEx
GetClientRect
GetMenuItemID
DeleteMenu
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenuEx
ClientToScreen
GetActiveWindow
GetMessageW
SetLayeredWindowAttributes
SetCursor
SetScrollInfo
DestroyIcon
CreateDialogIndirectParamW
TrackPopupMenu
AppendMenuW
IsDialogMessageW
IsDlgButtonChecked
GetWindow
CheckDlgButton
MessageBoxW
CreateIconIndirect
SetWindowLongW
DrawFocusRect
DrawEdge
SwitchToThisWindow
GetForegroundWindow
GetShellWindow
ReleaseCapture
SetCapture
GetScrollPos
UpdateWindow
DestroyWindow
KillTimer
FillRect
InflateRect
DrawFrameControl
DrawIconEx
GetSysColor
DrawTextW
UpdateLayeredWindow
SetTimer
GetMessagePos
WindowFromPoint
SystemParametersInfoW
SendMessageW
GetParent
MonitorFromPoint
GetClassNameW
GetWindowThreadProcessId
EnumWindows
FindWindowExW
GetDesktopWindow
EnumThreadWindows
RegisterClipboardFormatW
RegisterWindowMessageW
IsWindow
MonitorFromRect
GetMonitorInfoW
GetWindowRgnBox
OffsetRect
UnionRect
ShowWindow
InvalidateRect
MonitorFromWindow
FindWindowW
EnumDisplayMonitors
GetGUIThreadInfo
NotifyWinEvent
GetClassLongPtrW
SetClassLongPtrW
AdjustWindowRect
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
SetWindowTextW
PostQuitMessage
GetMenuDefaultItem
DestroyMenu
CreatePopupMenu
ReleaseDC
GetDC
GetIconInfo
EnableWindow
CopyImage
GetClipboardFormatNameW
CharUpperW
TrackMouseEvent
UnhookWindowsHookEx
SetWindowsHookExW
GetAncestor
RedrawWindow
GetPropW
SendInput
SetForegroundWindow
EndPaint
BeginPaint
GetMessageTime
PostThreadMessageW
GetDlgItem
GetKeyState
SetFocus
SetWindowRgn
IntersectRect
IsWindowVisible
UnregisterHotKey
RegisterHotKey
CallNextHookEx

gdi32

GetTextMetricsW
CreateFontIndirectW
GetTextExtentPointW
CreateBitmap
CreateCompatibleBitmap
OffsetViewportOrgEx
GetTextExtentPoint32W
Rectangle
SetDCPenColor
SelectClipRgn
IntersectClipRect
ExtCreateRegion
GetRegionData
OffsetRgn
SetBkColor
GetCurrentObject
CombineRgn
SetViewportOrgEx
GetDIBits
GetDeviceCaps
SetDCBrushColor
StretchBlt
SetStretchBltMode
StretchDIBits
BitBlt
CreateRectRgn
CreateDIBSection
GetObjectW
DeleteDC
SetBkMode
SetTextColor
GetStockObject
SelectObject
SetLayout
CreateCompatibleDC
DeleteObject
CreateFontW

comdlg32

GetOpenFileNameW
ChooseFontW
GetSaveFileNameW
ChooseColorW

advapi32

RegSetValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
InitiateShutdownW
GetUserNameW
RegEnumValueW
RegDeleteValueW
GetCurrentHwProfileW
OpenSCManagerW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
OpenServiceW
OpenProcessToken
QueryServiceStatus
CloseServiceHandle

shell32

SHCreateItemInKnownFolder
SHGetIDListFromObject
ord18
ord75
SHGetPathFromIDListW
DoEnvironmentSubstW
SHAppBarMessage
ShellExecuteW
ord155
ord17
SHGetNameFromIDList
ord152
SHGetKnownFolderPath
SHGetDesktopFolder
SHBindToObject
SHOpenFolderAndSelectItems
ord47
SHCreateItemWithParent
ord100
SHFileOperationW
SHEvaluateSystemCommandTemplate
ShellExecuteExW
ord16
ord21
SHGetFileInfoW
ord74
ord25
SHGetKnownFolderItem
SHCreateDataObject
ord88
SHBindToParent
ord727
SHSetLocalizedName
SHCreateShellItemArrayFromIDLists
SHCreateItemFromParsingName
SHGetKnownFolderIDList
ord162
ord165
SHParseDisplayName
ord23
SHCreateItemFromIDList
ExtractIconExW
ExtractIconExA
SHGetLocalizedName
ord190
SHCreateShellItemArrayFromDataObject

ole32

RevokeDragDrop
RegisterDragDrop
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc
StringFromCLSID
PropVariantClear
CLSIDFromProgID
CLSIDFromString
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoDisconnectContext
OleInitialize
OleUninitialize
CoCreateInstance
CreateBindCtx

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
VariantClear
VariantCopy
VarCmp
VariantInit
SafeArrayDestroy
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysFreeString

shlwapi

PathCombineW
PathRemoveFileSpecW
PathFileExistsW
ord176
PathFindFileNameW
PathIsDirectoryW
PathAppendW
PathFindExtensionW
PathIsNetworkPathW
ord487
PathIsDirectoryEmptyW
StrCmpLogicalW
AssocQueryStringW
PathRemoveBackslashW
PathMatchSpecW
SHAutoComplete
StrCmpW
ord12
PathUnExpandEnvStringsW
PathRemoveExtensionW
PathIsRootW
StrStrIW
StrRetToStrW

wininet

HttpOpenRequestW
HttpSendRequestW
InternetCrackUrlW
InternetQueryOptionW
InternetReadFile
InternetCloseHandle
HttpQueryInfoW
InternetConnectW
InternetOpenW

Exports

Exports

?CloseManagers@@YAX_N@Z
?DllExecuteNamedCommand@@YA_NPEB_W@Z
?DllExportSettingsXml@@YA_NPEB_W@Z
?DllGetSettingBool@@YA_NPEB_W@Z
?DllGetSettingInt@@YAHPEB_W@Z
?DllImportSettingsXml@@YA_NPEB_W@Z
?DllLoadStringEx@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@H@Z
?DllLogToFile@@YAXPEB_W0ZZ
?DllUpdateSettings@@YAXXZ
?EditSettings@@YAX_NH@Z
?FindTaskBar@@YAPEAUHWND__@@K@Z
?HookInject@@YA_JH_K_J@Z
?InitManagers@@YAX_N@Z
?MiniDumpType@@3W4_MINIDUMP_TYPE@@A
?ToggleStartMenu@@YAPEAUHWND__@@H_N@Z
?TopLevelFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
?WaitDllInitThread@@YAXXZ
?g_OwnerWindow@@3PEAUHWND__@@EA
?g_TaskBar@@3PEAUHWND__@@EA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 775KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLKE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 87KB - Virtual size: 161KB

Size: 34KB - Virtual size: 76KB

Size: 1024B - Virtual size: 10KB

Size: 5KB - Virtual size: 8KB

Size: 512B - Virtual size: 348B

Size: 512B - Virtual size: 248B

Size: 1KB - Virtual size: 2KB

.edata Size: 2KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: 18.0MB - Virtual size: 18.0MB

61fbf438d521e1d78aadba43af5233ec

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

29:5b:f8:6e:85:26:53:40:33:13:83:7bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9b:c0:ff:81:1b:87:ba:d2:32:ab:76:7c:06:39:53:d3:1f:36:3b:51:c3:dc:56:77:38:ec:f6:84:f8:a9:9a:5cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

360hbtheme

shlwapi

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 6KB - Virtual size: 10KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 2KB - Virtual size: 1KB

254ea8b20e60777010a5e9db19b67265

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

29:5b:f8:6e:85:26:53:40:33:13:83:7bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e9:55:ec:22:7f:c3:23:57:1c:e1:99:01:67:c4:77:19:e3:59:72:d7:4d:b0:30:f9:85:cf:c3:bb:4a:82:da:33Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

.edata
Size: 2KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: 18.0MB - Virtual size: 18.0MB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9b:c0:ff:81:1b:87:ba:d2:32:ab:76:7c:06:39:53:d3:1f:36:3b:51:c3:dc:56:77:38:ec:f6:84:f8:a9:9a:5c
Signer

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 6KB - Virtual size: 10KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 2KB - Virtual size: 1KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e9:55:ec:22:7f:c3:23:57:1c:e1:99:01:67:c4:77:19:e3:59:72:d7:4d:b0:30:f9:85:cf:c3:bb:4a:82:da:33
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 274KB - Virtual size: 274KB

.data
Size: 83KB - Virtual size: 153KB

.pdata
Size: 33KB - Virtual size: 33KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 775KB - Virtual size: 774KB

.reloc
Size: 4KB - Virtual size: 3KB