Compare It![.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Compare It!.rar
Size

1.7MB
MD5

6f4ea6b9a32921dada7ad5aa6b9ce123
SHA1

2a2cb67f4bcefc18c9c68a13f7327392e0bde702
SHA256

ccdd740cc34e0ddfaa7233bd2b485b559a459597fb965fd24f9fd709238a808d
SHA512

5b0860a66cef723b06e3521c13d08a7efa7d656b5982d30c42487f46b248e0fecf8e18586b2d98783a1aaccf87b2be380e706914692ec4328c211d11d4deb47f
SSDEEP

49152:J3AOsiDFSwmWLfjOSXDECzF+fVbTTHIhUXopGY3tb:J3AOvSwX7CSzE8F+fVbTuT3tb

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Compare It!/pdftotext.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Compare It!/pdftotext.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Compare It!/pdftotext.dll
unpack001/Compare It!/wincmpExt.dll
unpack001/Compare It!/wincmpExt64.dll

Files

Compare It!.rar
.rar
Compare It!/Arabic.dic
Compare It!/Brazilian.dic
Compare It!/Bulgarian.dic
Compare It!/Chinese_cn.dic
Compare It!/Chinese_tw.dic
Compare It!/Finnish.dic
Compare It!/Turkish.dic
Compare It!/belarus.dic
Compare It!/czech.dic
Compare It!/deutsch.dic
Compare It!/dutch.dic
Compare It!/french.dic
Compare It!/hebrew.dic
Compare It!/hungarian.dic
Compare It!/japanese.dic
Compare It!/korean.dic
Compare It!/pdftotext.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetDocInfo
GetDocInfoU
GetTextContent
GetTextContentFormatted
GetUnicodeTextContent
GetUnicodeTextContentFormatted

Sections

UPX0
Size: - Virtual size: 376KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Compare It!/polish.dic
Compare It!/register.url
Compare It!/russian.dic
Compare It!/syntax/dirinfo.txt
Compare It!/ukrainian.dic
Compare It!/unins000.dat
Compare It!/unins000.exe
.exe windows:1 windows x86 arch:x86

Code Sign

71:6d:fc:64:21:08:b7:cc:d3:e8:35:3f:69:fc:86:08
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

08/12/2007, 00:00

Not After

07/12/2008, 23:59

Subject

CN=Igor Green,O=Igor Green,POSTALCODE=220125,STREET=Nezavisimosti 185-149,L=Minsk,ST=BY,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fb:48:95:ed:a2:a7:5b:9e:d0:59:18:9e:96:2c:f3:ef:59:0c:10:85
Signer

Actual PE Digest

fb:48:95:ed:a2:a7:5b:9e:d0:59:18:9e:96:2c:f3:ef:59:0c:10:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 575KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Compare It!/unins000.msg
Compare It!/wincmp3.chm
.chm
Compare It!/wincmp3.exe
.exe windows:4 windows x86 arch:x86

5314f3f670d67e1168d18f314838270f

Code Sign

92:6f:17:d5:df:73:e4:6e:ef:03:7b:10:db:f0:0c:9d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

03/03/2009, 00:00

Not After

03/03/2010, 23:59

Subject

CN=Igor Green,O=Igor Green,POSTALCODE=220125,STREET=pr. Nezavisimosti 185-149,L=Minsk,ST=BY,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c6:a8:02:ce:1f:55:15:19:54:64:72:1e:f0:e6:0f:f7:06:9c:46:3a
Signer

Actual PE Digest

c6:a8:02:ce:1f:55:15:19:54:64:72:1e:f0:e6:0f:f7:06:9c:46:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

StrStrIA

kernel32

SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetDriveTypeA
GetACP
GetOEMCP
SetEnvironmentVariableA
FindResourceA
GlobalAddAtomA
GetProfileStringA
FreeLibrary
VirtualFree
WideCharToMultiByte
GetProcAddress
LoadLibraryW
CloseHandle
WriteFile
CreateFileW
GetModuleFileNameW
MulDiv
GetPrivateProfileStringW
WritePrivateProfileStringW
LockResource
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetTickCount
ReadFile
GetFileAttributesW
GetTimeFormatW
GetDateFormatW
GetFileSize
DeleteFileW
lstrlenW
WaitForSingleObject
TerminateThread
MultiByteToWideChar
lstrcpynW
Sleep
SetEvent
ResetEvent
SetFileAttributesW
GetDriveTypeW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
CompareFileTime
GetTempFileNameW
GetTempPathW
CopyFileW
SetCurrentDirectoryW
SystemTimeToFileTime
GetLocalTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcpyW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
FindClose
FindNextFileW
FindFirstFileW
SearchPathW
lstrcatW
CreateDirectoryW
GetCurrentDirectoryW
CreateProcessW
GetFileTime
SetFileTime
DeviceIoControl
GetLastError
SetFilePointer
SetEndOfFile
GetVolumeInformationW
GetVersion
GetVersionExW
InterlockedIncrement
InterlockedDecrement
LocalFree
LocalAlloc
LoadLibraryA
CreateFileA
CreateFileMappingA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetProcessHeap
GetSystemTime
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
VirtualAlloc
GetDiskFreeSpaceW
SetVolumeLabelW
MoveFileW
FormatMessageW
GetFileInformationByHandle
lstrcmpiW
GetFullPathNameW
lstrlenA
GlobalSize
SetLastError
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
lstrcmpA
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
GetStringTypeExW
GetThreadLocale
GetShortPathNameW
ResumeThread
CreateEventW
FileTimeToSystemTime
LocalFileTimeToFileTime
GlobalGetAtomNameW
GetCurrentThread
lstrcmpiA
lstrcmpW
GetCommandLineA
GetPrivateProfileIntW
GetProfileIntW
GetProcessVersion
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GetStartupInfoW
ExitProcess
RtlUnwind
RaiseException
CreateThread
ExitThread
TerminateProcess
HeapReAlloc
GetTimeZoneInformation
SetEnvironmentVariableW
SetStdHandle
GetFileType
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW

user32

SetDlgItemTextW
IsDialogMessageW
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
wvsprintfW
LoadStringW
ValidateRect
GetMessageW
GetDesktopWindow
ReuseDDElParam
UnpackDDElParam
SetCursorPos
WaitMessage
GetWindowThreadProcessId
IsZoomed
ShowOwnedPopups
GetDCEx
GetTabbedTextExtentA
SetParent
GetMessageTime
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageW
GetWindowPlacement
EndDialog
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
GetWindowDC
SetWindowPos
ShowWindow
RegisterClipboardFormatW
DestroyCaret
MessageBoxW
SetScrollPos
GetScrollInfo
ScrollWindowEx
SetScrollInfo
BeginPaint
EndPaint
CreateWindowExW
DefWindowProcW
CharToOemBuffA
OemToCharBuffA
wsprintfW
wsprintfA
CreateAcceleratorTableW
DestroyAcceleratorTable
WindowFromDC
SetClassLongW
TrackPopupMenuEx
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetTopWindow
CreateMenu
MapVirtualKeyW
GetKeyNameTextW
SetMenuItemInfoW
IsMenu
CopyAcceleratorTableW
GetMenuItemInfoW
CallWindowProcW
GetMessagePos
DrawEdge
DrawStateW
FrameRect
DrawFocusRect
GetActiveWindow
GetNextDlgTabItem
GetWindowLongW
DestroyCursor
GrayStringW
TabbedTextOutW
EqualRect
GetSysColorBrush
RegisterClassExW
SetWindowRgn
SetRectEmpty
DestroyIcon
GetIconInfo
LoadImageW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
TranslateAcceleratorW
LoadAcceleratorsW
EnableScrollBar
RegisterClassW
SetCaretPos
ShowCaret
HideCaret
GetAsyncKeyState
SetCursor
DrawTextExW
DispatchMessageW
TranslateMessage
DrawTextW
DrawFrameControl
PeekMessageW
PostQuitMessage
IsIconic
IsWindowEnabled
FindWindowW
ClientToScreen
ScreenToClient
SetWindowLongW
DestroyMenu
SetMenu
BringWindowToTop
SetActiveWindow
IsRectEmpty
GetWindow
IsWindow
GetClassNameW
GetClassInfoExW
DeleteMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetFocus
GetDlgCtrlID
GetMenu
FillRect
InflateRect
GetCapture
ReleaseCapture
SetCapture
KillTimer
SetTimer
LockWindowUpdate
UnregisterClassW
GetWindowTextLengthA
ExcludeUpdateRgn
GetWindowTextA
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
IsWindowVisible
GetSystemMenu
RemoveMenu
IntersectRect
UpdateWindow
IsClipboardFormatAvailable
SetFocus
MoveWindow
SetRect
CharUpperW
OffsetRect
GetCursorPos
GetSysColor
ModifyMenuW
RedrawWindow
CopyRect
GetWindowTextW
SetWindowTextW
GetMenuStringW
SystemParametersInfoW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
ScrollWindow
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
WinHelpW
LoadBitmapW
LoadCursorW
InvalidateRect
GetDlgItem
GetDC
ReleaseDC
PtInRect
WindowFromPoint
IsChild
CreatePopupMenu
AppendMenuW
GetKeyState
GetClientRect
PostMessageW
LoadMenuW
GetSubMenu
EnableMenuItem
GetWindowRect
SetClipboardData
GetClassInfoW
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
LoadStringA
CharLowerW
SendMessageW
GetParent
EnableWindow
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthW
SetPropW
GetPropW
CreateCaret
RemovePropW
MessageBeep

gdi32

GetTextExtentPointA
GetDeviceCaps
CreateSolidBrush
CreateRectRgnIndirect
PatBlt
CreateDIBitmap
ExtTextOutA
CopyMetaFileW
GetTextExtentPoint32A
GetTextFaceW
GetROP2
GetBkMode
GetTextAlign
GetPolyFillMode
GetStretchBltMode
GetViewportOrgEx
SetAbortProc
StartPage
EndPage
EndDoc
AbortDoc
CreateFontW
StretchDIBits
DPtoLP
SetRectRgn
CreatePatternBrush
LineTo
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
StartDocW
SetTextAlign
MoveToEx
GetCurrentPositionEx
TextOutA
CreateDCW
SetBitmapDimensionEx
SetMapMode
SelectPalette
GetDIBits
SetDIBits
RealizePalette
CreatePen
CreatePalette
GetNearestColor
CreateBitmap
SetBkColor
SetTextColor
DeleteDC
Pie
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
LPtoDP
GetMapMode
GetWindowExtEx
GetViewportExtEx
GetWindowOrgEx
CreateRectRgn
CombineRgn
CreateRoundRectRgn
CreatePolygonRgn
EqualRgn
OffsetRgn
FrameRgn
CreateCompatibleBitmap
Ellipse
CreateHatchBrush
RoundRect
GetCurrentObject
GetTextColor
GetBkColor
GetCharWidthW
GetBitmapDimensionEx
CreateCompatibleDC
BitBlt
StretchBlt
DeleteObject
GetTextMetricsW
GetStockObject
GetObjectW
SelectObject
GetTextExtentPoint32W
Rectangle
CreateFontIndirectW

comdlg32

PageSetupDlgW
CommDlgExtendedError
ChooseFontW
GetFileTitleW
ChooseColorW
PrintDlgW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

EnumPrintersW
OpenPrinterW
GetPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

GetUserNameW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyW
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegCreateKeyW
RegSetValueW

shell32

SHGetPathFromIDListW
ExtractIconW
SHGetFileInfoW
DragAcceptFiles
SHBrowseForFolderW
ShellExecuteW
SHGetMalloc
ShellExecuteExW
DragFinish
DragQueryFileW

comctl32

ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Draw
ImageList_GetIcon
ImageList_AddMasked
ord13
ord14
ImageList_GetIconSize
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_LoadImageW
ImageList_Add

ole32

OleIsCurrentClipboard
OleGetClipboard
OleSetClipboard
CoCreateInstance
OleDuplicateData
DoDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
RevokeDragDrop
CoFileTimeNow
ReleaseStgMedium
CreateStreamOnHGlobal
CoUninitialize
CoLockObjectExternal
CoInitialize
RegisterDragDrop

oleaut32

SysStringLen
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
VariantTimeToSystemTime
SysAllocString

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ddata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Compare It!/wincmpExt.dll
.dll regsvr32 windows:5 windows x86 arch:x86

23930b4db1111f5a2fa8fbb52dbbbc41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
SizeofResource
LeaveCriticalSection
FindResourceW
LoadLibraryExW
GetVersion
CloseHandle
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
FlushFileBuffers
EnterCriticalSection
RaiseException
GlobalLock
GlobalUnlock
GetFileAttributesW
GetModuleFileNameW
lstrlenW
LoadResource
WideCharToMultiByte
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount

user32

CharNextW
InsertMenuW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

shell32

DragQueryFileW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
ReleaseStgMedium
CoTaskMemFree

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Compare It!/wincmpExt64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

9e876fe4952a614c25d38658cc7d6467

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
LeaveCriticalSection
LoadLibraryExW
GetVersion
CloseHandle
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
FlushFileBuffers
EnterCriticalSection
RaiseException
GlobalLock
GlobalUnlock
GetModuleFileNameW
GetFileAttributesW
lstrlenW
FindResourceW
WideCharToMultiByte
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA

user32

CharNextW
InsertMenuW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

shell32

DragQueryFileW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
ReleaseStgMedium
CoTaskMemFree

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 376KB

UPX1 Size: 184KB - Virtual size: 184KB

.rsrc Size: 1KB - Virtual size: 4KB

Code Sign

71:6d:fc:64:21:08:b7:cc:d3:e8:35:3f:69:fc:86:08Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

fb:48:95:ed:a2:a7:5b:9e:d0:59:18:9e:96:2c:f3:ef:59:0c:10:85Signer

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 575KB - Virtual size: 575KB

DATA Size: 4KB - Virtual size: 3KB

BSS Size: - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 33KB

.rsrc Size: 78KB - Virtual size: 78KB

5314f3f670d67e1168d18f314838270f

Code Sign

92:6f:17:d5:df:73:e4:6e:ef:03:7b:10:db:f0:0c:9dCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

c6:a8:02:ce:1f:55:15:19:54:64:72:1e:f0:e6:0f:f7:06:9c:46:3aSigner

Headers

File Characteristics

Imports

imm32

version

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.ddata Size: 40KB - Virtual size: 38KB

.rdata Size: 176KB - Virtual size: 174KB

.data Size: 260KB - Virtual size: 353KB

.rsrc Size: 408KB - Virtual size: 407KB

23930b4db1111f5a2fa8fbb52dbbbc41

Headers

File Characteristics

Imports

UPX0
Size: - Virtual size: 376KB

UPX1
Size: 184KB - Virtual size: 184KB

.rsrc
Size: 1KB - Virtual size: 4KB

71:6d:fc:64:21:08:b7:cc:d3:e8:35:3f:69:fc:86:08
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

fb:48:95:ed:a2:a7:5b:9e:d0:59:18:9e:96:2c:f3:ef:59:0c:10:85
Signer

CODE
Size: 575KB - Virtual size: 575KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 33KB

.rsrc
Size: 78KB - Virtual size: 78KB

92:6f:17:d5:df:73:e4:6e:ef:03:7b:10:db:f0:0c:9d
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

c6:a8:02:ce:1f:55:15:19:54:64:72:1e:f0:e6:0f:f7:06:9c:46:3a
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.ddata
Size: 40KB - Virtual size: 38KB

.rdata
Size: 176KB - Virtual size: 174KB

.data
Size: 260KB - Virtual size: 353KB

.rsrc
Size: 408KB - Virtual size: 407KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB