017fcebbb0a3c9a5a0f1e1b07e959965

Sharing

Copy URL

Twitter E-mail

General

Target

017fcebbb0a3c9a5a0f1e1b07e959965
Size

2.6MB
MD5

017fcebbb0a3c9a5a0f1e1b07e959965
SHA1

e4f792aa3b888d43e4ee63dc123c28e7e3b8a492
SHA256

36d294f116539fff1f6186b1ea74a4b9dc89b7c4ceb2874482b110d46db63984
SHA512

d615abb81964f014db0d092a201512d029e35811e3ba79b6253ec06c2c9a3d6fbf258b7b096829b7a545b7adae0bfe83d65511c81b05582a3d380e197696eabe
SSDEEP

49152:9hWEiIkJMvjSxOVAAFNobHldmqJT4ypgbGX7FfARsd44HHBEReX5bncput48zR:bW/tJny7obHl7JPjX1RHHBf5bcpuu8F

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ha_PowerDataRecovery/BugReport.exe
unpack001/ha_PowerDataRecovery/GdiPlus.dll

Files

017fcebbb0a3c9a5a0f1e1b07e959965
.rar
ha_PowerDataRecovery/BugReport.exe
.exe windows:4 windows x86 arch:x86

79d6a946af3148466a41a1450e19c72e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
VirtualAlloc
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
VirtualProtect
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
GetTickCount
GetFileTime
GetFileAttributesA
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
InterlockedIncrement
GetCurrentDirectoryA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
InterlockedDecrement
SetLastError
MulDiv
FormatMessageA
LocalFree
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
lstrcpynA
WritePrivateProfileStringA
GlobalUnlock
GlobalFree
FreeResource
CloseHandle
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
MultiByteToWideChar
GetModuleFileNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetEnvironmentStringsW
InterlockedExchange

user32

MessageBeep
GetNextDlgGroupItem
CharNextA
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
GetSysColorBrush
ReleaseCapture
LoadCursorA
SetCapture
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
MoveWindow
IsDialogMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
PostThreadMessageA
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
AppendMenuA
SendMessageA
GetSystemMenu
IsIconic
GetWindowRect
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
SetWindowTextA
CharUpperA
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
PtInRect
GetWindow
SetWindowContextHelpId
RegisterClipboardFormatA
MapDialogRect
SetWindowPos
wsprintfA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
UnregisterClassA
PostMessageA
PostQuitMessage
SetCursor
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
MessageBoxA
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetFocus
SetMenuItemBitmaps

gdi32

CreateRectRgnIndirect
GetRgnBox
GetBkColor
GetTextColor
GetMapMode
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
Escape

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SysAllocStringLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
DispCallFunc
SysAllocString
LoadRegTypeLi
SysStringLen
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_PowerDataRecovery/GdiPlus.dll
.dll windows:5 windows x86 arch:x86

2a1ab6b72adad6b03d0746b0a5fa55d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SearchPathA
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedExchange
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
RaiseException
Sleep
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
SetEvent
lstrcmpiA
CreateThread
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleW
GetACP
GetVersionExA
LoadLibraryA
VirtualQuery
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
GetSystemInfo
HeapReAlloc
HeapFree
VirtualAlloc
IsValidLocale
ConvertDefaultLocale
GetLocaleInfoW
GetModuleFileNameW
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
GetProfileIntA
GetProfileStringA
lstrcmpiW
IsDBCSLeadByteEx
LocalReAlloc
MulDiv
SetLastError
LocalAlloc
LocalFree
GetFileTime
SearchPathW
InterlockedIncrement
GetOEMCP
CreateSemaphoreA
lstrcpyW
lstrcatW
LoadLibraryW
lstrcpyA
lstrcatA
GetSystemDirectoryA
CreateFileMappingW
ReleaseSemaphore
GetProfileSectionA
CreateFileW
SetEndOfFile
SetFilePointer
ReadFile
UnlockFile
GetFileInformationByHandle
LockFile
FlushFileBuffers
GetLastError
VirtualFree
GlobalAlloc
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
HeapCreate
GetModuleHandleA
GetSystemDirectoryW
GetWindowsDirectoryA
FreeLibrary
HeapDestroy

user32

ReleaseDC
GetDC
LoadBitmapW
LoadBitmapA
wsprintfW
SystemParametersInfoA
wsprintfA
GetSysColor
UnregisterClassA
DestroyWindow
GetSystemMetrics
DefWindowProcA
CreateWindowExA
RegisterWindowMessageA
RegisterClassA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageA
GetClientRect
GetDesktopWindow
GetWindowRect
WindowFromDC
CreateIconIndirect
GetIconInfo
ClientToScreen
wvsprintfA
GetDCEx
GetWindowLongA
GetClassLongA

gdi32

GetNearestPaletteIndex
GetDIBColorTable
FillRgn
SetMiterLimit
CreateSolidBrush
StrokePath
GetGraphicsMode
SetPolyFillMode
FillPath
StrokeAndFillPath
GetWindowExtEx
ExtTextOutA
GetTextCharsetInfo
TranslateCharsetInfo
PolylineTo
Polyline
LineTo
GetCurrentPositionEx
ArcTo
SetArcDirection
SelectClipPath
GetPath
CloseFigure
AbortPath
FlattenPath
WidenPath
BeginPath
Ellipse
AngleArc
PolyBezierTo
PolyBezier
RoundRect
PolyDraw
Pie
Chord
Arc
EndPath
OffsetClipRgn
GetRgnBox
CombineRgn
SetPaletteEntries
ResizePalette
ExcludeClipRect
MoveToEx
PlayEnhMetaFile
GetWinMetaFileBits
PlgBlt
BitBlt
OffsetViewportOrgEx
StretchBlt
ScaleViewportExtEx
ScaleWindowExtEx
CombineTransform
SetMapperFlags
CreatePen
CreateDIBitmap
CreatePatternBrush
ExtSelectClipRgn
GetBkMode
GetTextAlign
ModifyWorldTransform
ExtCreateRegion
CreateCompatibleBitmap
GetNearestColor
SetStretchBltMode
StretchDIBits
SetTextAlign
SetTextJustification
PolyPolygon
PlayMetaFileRecord
ExtCreatePen
GetWorldTransform
GetROP2
SetROP2
Rectangle
Polygon
IntersectClipRect
SetBrushOrgEx
GetClipRgn
SelectClipRgn
GetBkColor
GetTextColor
CreatePenIndirect
GetObjectW
DPtoLP
CreateDIBPatternBrushPt
ExtTextOutW
SetBitmapBits
CreateEnhMetaFileW
GdiComment
GetMetaFileW
GetMetaFileA
SaveDC
SetWindowOrgEx
SetViewportOrgEx
SetGraphicsMode
SetWorldTransform
GetEnhMetaFileW
GetEnhMetaFileA
GetEnhMetaFileBits
CopyEnhMetaFileA
CopyMetaFileA
DeleteMetaFile
GetEnhMetaFileHeader
SetMetaFileBitsEx
SetEnhMetaFileBits
CreateEnhMetaFileA
SetMapMode
SetViewportExtEx
SetWindowExtEx
PlayMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
SetMetaRgn
GetMetaFileBitsEx
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
GetStockObject
CreateBitmap
SetTextColor
SetBkColor
SetBkMode
SetDIBits
CreateBrushIndirect
CreatePalette
GetSystemPaletteEntries
GetSystemPaletteUse
GetDeviceCaps
ExtEscape
GetObjectType
GetPixel
SetDIBColorTable
DeleteObject
SelectPalette
GetTextFaceA
GetTextMetricsA
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExA
EnumFontFamiliesExW
SelectObject
CreateFontIndirectW
CreateFontIndirectA
GetRegionData
DeleteDC
CreateDCA
CreateICA
CreateRectRgn
GetRandomRgn
LPtoDP
PolyPolyline
GetViewportExtEx
GetWindowOrgEx
GetViewportOrgEx
GetMapMode
SetICMMode
Escape
GetDCOrgEx
GetObjectA
GetCurrentObject
GetDIBits
CreateCompatibleDC
CreateDIBSection
RealizePalette
GetPaletteEntries
GdiFlush
PatBlt

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

advapi32

RegSetValueExA
RegCloseKey
RegEnumValueW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExA
RegEnumKeyExW
RegCreateKeyExA
RegQueryValueExW
RegSetValueExW
RegEnumValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix
GdipScalePathGradientTransform
GdipScalePenTransform
GdipScaleTextureTransform
GdipScaleWorldTransform
GdipSetAdjustableArrowCapFillState
GdipSetAdjustableArrowCapHeight
GdipSetAdjustableArrowCapMiddleInset
GdipSetAdjustableArrowCapWidth
GdipSetClipGraphics
GdipSetClipHrgn
GdipSetClipPath
GdipSetClipRect
GdipSetClipRectI
GdipSetClipRegion
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetCustomLineCapBaseCap
GdipSetCustomLineCapBaseInset
GdipSetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeJoin

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ha_PowerDataRecovery/Help/English/index.html
.html
ha_PowerDataRecovery/硬盘数据恢复软件 V6.5 .exe
.exe windows:4 windows x86 arch:x86

a215b529a6426ad298ca393c7a359bd2

Code Sign

45:97:e4:d9:d4:e9:53:63:bb:7b:c9:d5:2b:78:75:95
Certificate

Issuer

CN=ghfggggggggggg

Not Before

31-12-2010 16:00

Not After

31-12-2016 16:00

Subject

CN=ghfggggggggggg

Extended Key Usages

ExtKeyUsageCodeSigning

11:ca:20:02:22:83:85:05:7c:87:7e:45:3f:c7:7e:e7:a6:02:5a:c0
Signer

Actual PE Digest

11:ca:20:02:22:83:85:05:7c:87:7e:45:3f:c7:7e:e7:a6:02:5a:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
CreateMutexA
ContinueDebugEvent
ResumeThread
OutputDebugStringA
OutputDebugStringW
SetThreadContext
GetThreadContext
WaitForDebugEvent
WriteProcessMemory
UnmapViewOfFile
InitializeCriticalSection
FreeConsole
CreateThread
SuspendThread
DebugActiveProcess
SetEnvironmentVariableA
GetCurrentProcessId
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
GetVersionExA
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
SetLastError
ReleaseMutex
WaitForSingleObject
OpenMutexA
SetErrorMode
GetShortPathNameA
GetModuleFileNameA
GetShortPathNameW
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
ExitProcess
GetLocalTime
MultiByteToWideChar
SearchPathA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryA
CreateFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
VirtualProtectEx
CreateProcessA
GetStartupInfoA
GetCommandLineA
SetEvent
CreateEventA
GetSystemTimeAsFileTime
GetCurrentThreadId
ReadFile
GetFileSize
CompareStringA
SetEndOfFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
HeapSize
FreeLibrary
SetConsoleCtrlHandler
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringW
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetCPInfo
GetDateFormatA
GetTimeFormatA
GetProcessHeap
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
EnterCriticalSection
ReadProcessMemory
LeaveCriticalSection
GetExitCodeProcess
GetCurrentThread
SetThreadPriority
Sleep
GetTickCount
VirtualQueryEx
MoveFileA
GetModuleHandleA
UnhandledExceptionFilter
TerminateProcess
RaiseException
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
DeleteCriticalSection
InterlockedCompareExchange
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindClose
GetFileTime
SetFileTime
GetDiskFreeSpaceExW
GetFullPathNameW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
CreateHardLinkW
GetDiskFreeSpaceExA
GetFullPathNameA
RemoveDirectoryA
CreateDirectoryA
CreateHardLinkA
MoveFileW
CopyFileW
CopyFileA
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
LocalFree
FormatMessageA
RtlUnwind

user32

CreateWindowExA
MessageBoxA
DispatchMessageA
BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
DefDlgProcA
DrawTextA
CreateDialogParamA
RegisterClassExA
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcW
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
GetDlgItem
GetWindowThreadProcessId
SendMessageW
PeekMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
LoadStringA
LoadStringW
FindWindowA
DestroyWindow
GetDesktopWindow
GetSystemMetrics
MoveWindow
SendMessageA
SetPropA
EnumThreadWindows
GetPropA
WaitForInputIdle
SetTimer
GetMessageA
TranslateMessage

gdi32

SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreateCompatibleDC

comdlg32

GetSaveFileNameA
GetOpenFileNameA

Sections

.text
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 656KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 116KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.4MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79d6a946af3148466a41a1450e19c72e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 20KB - Virtual size: 17KB

2a1ab6b72adad6b03d0746b0a5fa55d6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

advapi32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 40KB - Virtual size: 40KB

Shared Size: 4KB - Virtual size: 3KB

.rsrc Size: 72KB - Virtual size: 70KB

.reloc Size: 32KB - Virtual size: 29KB

a215b529a6426ad298ca393c7a359bd2

Code Sign

45:97:e4:d9:d4:e9:53:63:bb:7b:c9:d5:2b:78:75:95Certificate

Extended Key Usages

11:ca:20:02:22:83:85:05:7c:87:7e:45:3f:c7:7e:e7:a6:02:5a:c0Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

Sections

.text Size: - Virtual size: 37KB

.rdata Size: - Virtual size: 3KB

.data Size: - Virtual size: 1.4MB

.text1 Size: 656KB - Virtual size: 704KB

.adata Size: 52KB - Virtual size: 64KB

.data1 Size: 116KB - Virtual size: 192KB

.pdata Size: 1.4MB - Virtual size: 1.5MB

.rsrc Size: 60KB - Virtual size: 60KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 20KB - Virtual size: 17KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 40KB - Virtual size: 40KB

Shared
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 72KB - Virtual size: 70KB

.reloc
Size: 32KB - Virtual size: 29KB

45:97:e4:d9:d4:e9:53:63:bb:7b:c9:d5:2b:78:75:95
Certificate

11:ca:20:02:22:83:85:05:7c:87:7e:45:3f:c7:7e:e7:a6:02:5a:c0
Signer

.text
Size: - Virtual size: 37KB

.rdata
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 1.4MB

.text1
Size: 656KB - Virtual size: 704KB

.adata
Size: 52KB - Virtual size: 64KB

.data1
Size: 116KB - Virtual size: 192KB

.pdata
Size: 1.4MB - Virtual size: 1.5MB

.rsrc
Size: 60KB - Virtual size: 60KB