aec6d9c413923cfd52d9774820e75df12a4f3f589826105608865e0d191ac6a4

Sharing

Copy URL Twitter E-mail

General

Target

aec6d9c413923cfd52d9774820e75df12a4f3f589826105608865e0d191ac6a4
Size

2.6MB
MD5

2cf80406b1c2b7a67f1bd8a5dcfd59a5
SHA1

462dbeb2bd28050ed109eb5b9c00e761aaa717d7
SHA256

aec6d9c413923cfd52d9774820e75df12a4f3f589826105608865e0d191ac6a4
SHA512

a96facaefa923ce58ba09d10e6a9ef95b05322fef570a7ae4f2a9b2ec1f2e5e673ee5383fada7d98532ad006df78be58e768cbdbe63faa9beb9ce374c3439827
SSDEEP

49152:XLu8MybHbvPXzKxR0gVq/91jrMH/rXHd/i43J4cDX8nUPHvjtO:XcybLPXER02q//8H/rd/HDsUPH7tO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/记事本替换工具_v1.23.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Notepad3_x64.exe
unpack001/记事本替换工具_v1.23.exe
unpack002/out.upx

Files

aec6d9c413923cfd52d9774820e75df12a4f3f589826105608865e0d191ac6a4
.zip
Notepad3_x64.exe
.exe windows:6 windows x64 arch:x64

b6ace1b7a694534980b54d771594995a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetNtVersionNumbers
RtlPcToFileHeader
VerSetConditionMask
RtlUnwindEx

comctl32

ord413
ord410
ImageList_AddMasked
ord8
ImageList_Create
ImageList_Destroy
ord412
InitMUILanguage
InitCommonControlsEx
ImageList_ReplaceIcon
ord381
ImageList_GetIcon

shlwapi

ord157
StrRChrW
StrChrIW
StrCmpNIW
StrFormatByteSizeEx
StrSpnW
PathFindFileNameW
PathRemoveExtensionW
StrCmpNA
StrCmpNIA
StrTrimA
PathCreateFromUrlW
StrStrA
StrChrA
StrCSpnA
StrStrIA
StrCmpLogicalW
UrlCreateFromPathW
StrChrIA
StrRetToBufW
PathMatchSpecW
StrToIntExW
SHAutoComplete
StrStrIW
StrStrW
StrTrimW
StrDupW
StrCmpW
StrCmpIW
PathIsUNCW
PathIsRelativeW
UrlIsW
PathStripToRootW
StrChrW

user32

MonitorFromPoint
IsIconic
LoadMenuW
GetMenuItemCount
LoadStringA
LoadStringW
GetMenuState
DispatchMessageW
PeekMessageW
TranslateMessage
SystemParametersInfoA
IsCharAlphaNumericA
CharLowerA
GetKeyState
CharUpperW
CharLowerW
GetMenu
DestroyWindow
GetActiveWindow
IsWindow
OpenClipboard
GetCapture
SetTimer
CloseClipboard
IsCharLowerA
EmptyClipboard
IsCharUpperA
SetFocus
CharNextW
GetClipboardData
SetClipboardData
GetComboBoxInfo
CheckMenuItem
IsClipboardFormatAvailable
KillTimer
GetSysColorBrush
EnableMenuItem
ReleaseCapture
ChildWindowFromPoint
IsCharUpperW
GetWindowLongW
GetWindowTextLengthW
DrawAnimatedRects
DeferWindowPos
GetSystemMenu
FindWindowExW
GetWindowRect
GetFocus
GetDC
SetWindowPos
CheckRadioButton
GetPropW
CopyImage
MonitorFromRect
MonitorFromWindow
SetActiveWindow
MessageBoxExW
SetWindowLongPtrW
GetIconInfo
CallNextHookEx
RemovePropW
SetWindowTextW
MessageBeep
CreatePopupMenu
InflateRect
GetWindowPlacement
TrackPopupMenu
BeginDeferWindowPos
OffsetRect
GetDlgItemTextA
GetMonitorInfoW
GetDlgCtrlID
ClientToScreen
SetMenuItemInfoW
CharPrevW
MapWindowPoints
AdjustWindowRectEx
DrawTextW
DrawTextA
CallWindowProcW
GetAncestor
NotifyWinEvent
GetScrollInfo
SetScrollInfo
PtInRect
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
ValidateRect
GetUpdateRgn
MsgWaitForMultipleObjects
RegisterClipboardFormatW
GetMessageTime
SetWindowPlacement
GetSysColor
DialogBoxIndirectParamW
IsWindowEnabled
SetMenu
UnhookWindowsHookEx
DestroyMenu
SetLayeredWindowAttributes
GetMenuStringW
IsCharAlphaNumericW
LoadCursorW
DrawMenuBar
EndDeferWindowPos
SetWindowsHookExW
InsertMenuW
TrackMouseEvent
GetKeyboardLayout
DestroyCursor
SetCursor
GetDlgItemInt
SetWindowLongW
GetClientRect
IsZoomed
AppendMenuW
SetRect
DrawIconEx
GetDesktopWindow
CreateDialogIndirectParamW
SetDlgItemInt
SetForegroundWindow
LoadImageW
ReleaseDC
BeginPaint
EndPaint
EnableWindow
GetWindowTextW
SetPropW
SystemParametersInfoW
GetSystemMetrics
SetCursorPos
GetCursorPos
CharUpperBuffW
PostMessageW
SendMessageW
EndDialog
ShowWindow
RedrawWindow
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
IsDlgButtonChecked
GetDlgItem
CheckDlgButton
GetParent
InvalidateRect
SetCapture
SetWindowCompositionAttribute
CreateIconIndirect
GetCaretBlinkTime
GetMessageW
GetMenuItemInfoW
DefWindowProcW
ModifyMenuW
ShowWindowAsync
CheckMenuRadioItem
IsWindowVisible
SetClipboardViewer
FillRect
CreateWindowExW
ShowOwnedPopups
ScreenToClient
UnregisterClassW
RegisterClassExW
GetMenuBarInfo
LoadAcceleratorsW
GetSubMenu
IsDialogMessageW
DestroyIcon
ChangeClipboardChain
IsChild
CountClipboardFormats
FrameRect
SetMenuDefaultItem
GetForegroundWindow
EnumWindows
TranslateAcceleratorW
GetClassNameW
GetWindowDC
TrackPopupMenuEx
PostQuitMessage
RegisterWindowMessageW
GetWindowLongPtrW
UpdateWindow
GetDoubleClickTime
IsCharLowerW

kernel32

SizeofResource
WaitForSingleObject
GetCurrentThreadId
FreeResource
Sleep
FormatMessageW
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GetFileSizeEx
GetTimeFormatEx
SetFileTime
GetDateFormatEx
lstrcmpA
GetTickCount64
QueryPerformanceFrequency
GetLocalTime
LCMapStringW
lstrcmpiA
QueryPerformanceCounter
GetFileTime
GetOEMCP
GetCPInfo
IsValidCodePage
GetCPInfoExW
GetACP
CreateEventW
SetEvent
ResetEvent
SetThreadUILanguage
GetUserPreferredUILanguages
ResolveLocaleName
SetProcessPreferredUILanguages
IsValidLocaleName
GetStartupInfoW
GlobalHandle
GetCommandLineW
lstrlenW
HeapLock
SetErrorMode
GetTempPathW
HeapWalk
FindFirstChangeNotificationW
GetFileAttributesExW
FindCloseChangeNotification
DeleteFileW
VerifyVersionInfoW
FindResourceExW
FindNextChangeNotification
SetCurrentDirectoryW
CreateProcessW
UnlockFileEx
HeapUnlock
GetTimeFormatW
GetDateFormatW
SetLastError
FindFirstFileW
FindNextFileW
FindClose
LCIDToLocaleName
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
MapViewOfFile
CreateFileMappingW
LocaleNameToLCID
UnmapViewOfFile
GetVersionExW
GetLocaleInfoW
GetTickCount
GlobalSize
GetLocaleInfoA
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
TryAcquireSRWLockExclusive
InitOnceComplete
InitOnceBeginInitialize
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualQuery
RaiseException
LoadLibraryExW
GetModuleHandleW
CompareStringOrdinal
VirtualProtect
FlushFileBuffers
MulDiv
GetFileSize
LockFileEx
LocalFree
GetSystemInfo
ExitProcess
GetStdHandle
FlsAlloc
FlsGetValue
FlsSetValue
EnumSystemLocalesW
SetStdHandle
GetFileType
GetConsoleOutputCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeW
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
SetEndOfFile
GetLocaleInfoEx
SetEnvironmentVariableW
GetCurrentProcess
ReadFile
CreateDirectoryW
FreeLibrary
GetProcAddress
GetCurrentDirectoryW
LoadLibraryW
CloseHandle
SetFileAttributesW
GetFileAttributesW
CreateFileW
GetEnvironmentVariableW
GetModuleFileNameW
GetFinalPathNameByHandleW
ExpandEnvironmentStringsW
GetLongPathNameW
SearchPathW
WideCharToMultiByte
GetLastError
HeapReAlloc
MultiByteToWideChar
HeapSize
GlobalUnlock
GetProcessHeap
GlobalLock
HeapAlloc
SetFilePointer
WriteFile
HeapFree
CompareStringW
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetNativeSystemInfo
InitializeCriticalSectionEx
FreeLibraryAndExitThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
FlsFree
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
WriteConsoleW
IsValidLocale
GetTempFileNameW
GetUserDefaultLCID

gdi32

LineTo
GetTextMetricsW
CreateFontW
EndDoc
StartPage
SetDIBits
GetDIBits
ExtTextOutW
CreateBitmap
CreateRectRgn
CreateRectRgnIndirect
BitBlt
CreatePatternBrush
EnumFontFamiliesExW
CreatePen
GetTextExtentPoint32A
GetTextExtentExPointA
GetTextExtentExPointW
IntersectClipRect
RestoreDC
RoundRect
SaveDC
StretchBlt
GdiAlphaBlend
CreateDIBSection
ExtCreatePen
ExtTextOutA
Polygon
Polyline
MoveToEx
SetTextAlign
StartDocW
DPtoLP
EndPage
GetStockObject
GetTextExtentPoint32W
SetBkMode
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetObjectW
SetMapMode
CreateFontIndirectW
Ellipse
DeleteObject
CreateSolidBrush
CombineRgn
SetBkColor
SetTextColor

comdlg32

PageSetupDlgW
PrintDlgW
ChooseColorW
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AllocateAndInitializeSid
CreateWellKnownSid
FreeSid
CheckTokenMembership
GetTokenInformation
IsTextUnicode
AccessCheck
OpenProcessToken
GetFileSecurityW
DuplicateToken
MapGenericMask

shell32

ShellExecuteW
SHAppBarMessage
SHGetFileInfoW
ShellExecuteExW
SHGetDataFromIDListW
SHGetDesktopFolder
SHAddToRecentDocs
DragQueryFileW
Shell_NotifyIconW
DragAcceptFiles
DragFinish
SHOpenFolderAndSelectItems
ord155
SHParseDisplayName
SHGetPathFromIDListW
SHGetKnownFolderPath
SetCurrentProcessExplicitAppUserModelID
ord180
SHBrowseForFolderW

ole32

ReleaseStgMedium
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleInitialize
StringFromGUID2
CLSIDFromProgID
OleUninitialize
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocStringLen
SysFreeString

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmSetCompositionFontW
ImmEscapeW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

Exports

Exports

CreateLexer
GetLexerCount
GetLexerFactory
GetLexerName
GetLibraryPropertyNames
GetNameSpace
LexerNameFromID
Scintilla_AdjustWindowRectForDpi
Scintilla_GetSystemMetricsForDpi
Scintilla_GetWindowDPI
Scintilla_InputCodePage
Scintilla_RegisterClasses
Scintilla_ReleaseResources
SetLibraryProperty

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 588KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 794KB - Virtual size: 794KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Notepad3_x64.ini
Themes/Dark.ini
Themes/Obsidian.ini
Themes/Sombra.ini
grepWinNP3.exe
.exe windows:6 windows x64 arch:x64

633d694670af789c57bb8f9406b07ad8

Code Sign

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:8a:6a:91:ba:30:15:fa:95:c8:3e:6c:37:f2:7b:ab
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

16/06/2023, 12:52

Not After

15/06/2024, 12:52

Subject

CN=Open Source Developer\, Derick Payne,O=Open Source Developer,L=George,C=ZA,1.2.840.113549.1.9.1=#0c13696e666f4072697a6f6e65736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:ef:49:5a:3a:84:00:39:d3:7a:a0:38:82:7e:59:ad:5e:c7:28:1a:57:4c:56:00:70:fc:d3:f9:55:9b:45:96
Signer

Actual PE Digest

e6:ef:49:5a:3a:84:00:39:d3:7a:a0:38:82:7e:59:ad:5e:c7:28:1a:57:4c:56:00:70:fc:d3:f9:55:9b:45:96

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathIsDirectoryW
PathFileExistsW
SHSetValueW
PathIsURLW
PathIsRelativeW
PathCanonicalizeW
SHDeleteKeyW
PathAppendW
PathRemoveFileSpecW
SHAutoComplete
PathCompactPathExW
StrFormatByteSizeW
AssocQueryStringW
StrCmpLogicalW
PathRelativePathToW
SHGetValueW
PathIsRootW

uxtheme

OpenThemeData
GetThemeColor
BeginBufferedPaint
SetWindowTheme
CloseThemeData
GetThemeInt
GetThemeBackgroundContentRect
DrawThemeBackground
EndBufferedPaint
BufferedPaintSetAlpha

kernel32

lstrlenW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
GetFullPathNameW
GetLongPathNameW
GetShortPathNameW
GetModuleFileNameW
CreateFileW
CloseHandle
CreateDirectoryW
GetCurrentDirectoryW
Sleep
SetCurrentDirectoryW
FormatMessageW
GetTickCount64
GetWindowsDirectoryW
GetCurrentProcess
GetFileTime
WriteFile
SetFileTime
GetFileSizeEx
GlobalMemoryStatusEx
ReadFile
WideCharToMultiByte
GetFileSize
FlushFileBuffers
SetFilePointer
SetEndOfFile
GetCommandLineW
SetDllDirectoryW
CreateMutexW
GetSystemDirectoryW
SystemTimeToFileTime
SetErrorMode
GetUserDefaultLCID
GetStringTypeExW
LoadLibraryA
LCMapStringW
ExpandEnvironmentStringsW
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeExA
LCMapStringA
GetSystemTime
FileTimeToSystemTime
CreateThread
CreateProcessW
GetFileInformationByHandle
CompareFileTime
CopyFileW
GetFileAttributesW
SetFileAttributesW
MoveFileExA
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetTimeFormatW
CreateFileA
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAddAtomW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GlobalUnlock
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
CompareStringW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
GetStdHandle
ExitProcess
SetEnvironmentVariableW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
CreateFileMappingA
GetModuleHandleA
MapViewOfFileEx
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
GetSystemTimeAsFileTime
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoEx
RaiseException
RtlPcToFileHeader
IsProcessorFeaturePresent
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceBeginInitialize
InitOnceComplete
GetNativeSystemInfo
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStringTypeW
FormatMessageA
lstrcpyW
GlobalFree
GlobalLock
GlobalAlloc
FindNextFileW
FindClose
FindFirstFileW
FindFirstFileExW
lstrcpynW
GetModuleHandleW
MulDiv
GetLastError
GetProcAddress
FreeLibrary
LoadLibraryW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
LocalFree
LocalAlloc
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
DeleteAtom
HeapReAlloc
RtlUnwind

user32

SetCapture
GetClassNameW
InvalidateRgn
BeginPaint
GetClientRect
GetWindowLongPtrW
SendMessageW
GetWindowTextLengthW
GetWindowTextW
EndPaint
DrawTextW
InflateRect
GetWindowRect
GetCursorPos
GetSysColor
PostMessageW
PtInRect
GetFocus
GetSystemMetrics
IntersectRect
MapWindowPoints
GetParent
GetDC
ReleaseDC
ScreenToClient
SystemParametersInfoW
DialogBoxParamW
CreateDialogParamW
EnableWindow
ShowWindow
BringWindowToTop
SetForegroundWindow
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DestroyWindow
EndDialog
SetFocus
CheckDlgButton
GetKeyState
RedrawWindow
CheckMenuItem
CheckRadioButton
SendDlgItemMessageW
AppendMenuW
InsertMenuW
CreateDialogIndirectParamW
GetWindowPlacement
GetDesktopWindow
CopyRect
DestroyMenu
GetDCEx
LoadStringA
SetTimer
KillTimer
IsDlgButtonChecked
EnumWindows
RegisterWindowMessageW
TrackPopupMenu
GetSubMenu
LoadMenuW
ClientToScreen
LoadStringW
SetDlgItemTextW
DrawIconEx
GetSysColorBrush
SetClipboardData
EmptyClipboard
OpenClipboard
CloseClipboard
EnumDisplayMonitors
GetMonitorInfoW
SetWindowTextW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
GetSystemMenu
EnumThreadWindows
EnumChildWindows
CloseWindow
LoadCursorW
SetCursor
CreatePopupMenu
ReleaseCapture
DrawFocusRect
RemovePropW
GetPropW
SetPropW
RegisterClipboardFormatW
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
InvalidateRect
SetWindowRgn
CallWindowProcW
SetWindowPlacement
MoveWindow
GetWindowDC
SetLayeredWindowAttributes
MessageBoxW
SetCursorPos
GetDlgItemTextW
DefDlgProcW
CreateWindowExW
SetWindowLongPtrW
GetDlgItem
LoadImageW
SetWindowPos
OffsetRect

gdi32

SetRectRgn
CreateRectRgnIndirect
CreateRectRgn
CombineRgn
PatBlt
SelectObject
GetDeviceCaps
ExtTextOutW
SetTextColor
EnumFontsW
CreateSolidBrush
GetObjectW
SetBkColor
SetBkMode
CreateFontIndirectW
DeleteObject

comdlg32

GetOpenFileNameW

advapi32

CryptAcquireContextW
CryptReleaseContext
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash

shell32

SHGetDesktopFolder
ord701
DragQueryFileW
CommandLineToArgvW
SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
SHGetKnownFolderPath
SHCreateItemFromParsingName

ole32

CoTaskMemAlloc
OleDuplicateData
DoDragDrop
CoUninitialize
OleInitialize
CoInitializeEx
OleUninitialize
RegisterDragDrop
CoCreateInstance
ReleaseStgMedium
CoTaskMemFree

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathArcI
GdipClosePathFigure
GdipStartPathFigure
GdipResetPath
GdipDrawRectangleI
GdipCreatePath
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipAlloc
GdipFree
GdipDrawPath
GdiplusStartup
GdiplusShutdown
GdipDeletePath

comctl32

ord412
ord410
ord413
InitCommonControlsEx
ord381
ImageList_GetImageCount
ImageList_GetImageInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
grepwinNP3.ini
断剑留痕版特点.txt
记事本替换工具_v1.23.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 137KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6ace1b7a694534980b54d771594995a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

comctl32

shlwapi

user32

kernel32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

imm32

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.data Size: 588KB - Virtual size: 677KB

.pdata Size: 74KB - Virtual size: 73KB

.idata Size: 18KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 794KB - Virtual size: 794KB

.reloc Size: 18KB - Virtual size: 17KB

633d694670af789c57bb8f9406b07ad8

Code Sign

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

76:8a:6a:91:ba:30:15:fa:95:c8:3e:6c:37:f2:7b:abCertificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

e6:ef:49:5a:3a:84:00:39:d3:7a:a0:38:82:7e:59:ad:5e:c7:28:1a:57:4c:56:00:70:fc:d3:f9:55:9b:45:96Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

gdiplus

comctl32

version

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 189KB - Virtual size: 189KB

.data Size: 21KB - Virtual size: 34KB

.pdata Size: 40KB - Virtual size: 40KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 170KB - Virtual size: 170KB

.reloc Size: 6KB - Virtual size: 5KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 572KB

UPX1 Size: 263KB - Virtual size: 264KB

.rsrc Size: 137KB - Virtual size: 140KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 588KB - Virtual size: 677KB

.pdata
Size: 74KB - Virtual size: 73KB

.idata
Size: 18KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 794KB - Virtual size: 794KB

.reloc
Size: 18KB - Virtual size: 17KB

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

76:8a:6a:91:ba:30:15:fa:95:c8:3e:6c:37:f2:7b:ab
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

e6:ef:49:5a:3a:84:00:39:d3:7a:a0:38:82:7e:59:ad:5e:c7:28:1a:57:4c:56:00:70:fc:d3:f9:55:9b:45:96
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 189KB - Virtual size: 189KB

.data
Size: 21KB - Virtual size: 34KB

.pdata
Size: 40KB - Virtual size: 40KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 170KB - Virtual size: 170KB

.reloc
Size: 6KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 572KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 137KB - Virtual size: 140KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 140KB - Virtual size: 139KB