24d671fc2c13d4dcec7d8ad39bfdcc61

Sharing

Copy URL Twitter E-mail

General

Target

24d671fc2c13d4dcec7d8ad39bfdcc61
Size

951KB
MD5

24d671fc2c13d4dcec7d8ad39bfdcc61
SHA1

6a55d388898285b1141af050ad8eb5ba3395e5bb
SHA256

a5d665941c544a2aede7cd065e25e3dc55838dce29f1007c69d9c1b93500a3ba
SHA512

96e996463e83a83910ec07c4733d3819c9efc18be200728447695c31c78a2ccd8766eceb86ef307399dbee5399180de5834e1f62581a49e8ede373c7c65d4de2
SSDEEP

24576:WhdEBO+x16yWAomwNFHoIycCXu2Ndqeefs:WTEBO+xQyWRmKFHoAr2N7Es

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinSplit Revolution/WinSplit.exe
unpack001/WinSplit Revolution/winsplithook.dll

Files

24d671fc2c13d4dcec7d8ad39bfdcc61
.rar
WinSplit Revolution/Changelog.url.url
WinSplit Revolution/WinSplit.exe
.exe windows:4 windows x86 arch:x86

d1e2c718fe2631fedb0013102209a5b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
GetUserNameW
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

comctl32

CreateStatusWindowW
CreateUpDownControl
ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_Draw
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
InitCommonControls

comdlg32

ChooseColorW
ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
PageSetupDlgW
PrintDlgW

gdi32

Arc
BitBlt
CloseEnhMetaFile
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBitmapIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateEnhMetaFileW
CreateFontIndirectW
CreateHatchBrush
CreateICW
CreatePalette
CreatePatternBrush
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EqualRgn
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtSelectClipRgn
GdiFlush
GetBkColor
GetCharABCWidthsW
GetClipBox
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileHeader
GetEnhMetaFileW
GetMetaFileBitsEx
GetNearestPaletteIndex
GetObjectW
GetPaletteEntries
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextColor
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextMetricsW
GetWinMetaFileBits
LineTo
MaskBlt
MoveToEx
OffsetRgn
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyPolygon
Polygon
Polyline
PtInRegion
RealizePalette
RectInRegion
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetMapMode
SetMetaFileBitsEx
SetPixel
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWinMetaFileBits
SetWindowExtEx
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
TextOutW

kernel32

AddAtomA
CloseHandle
CopyFileW
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindAtomA
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageW
FreeLibrary
GetACP
GetAtomNameA
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProfileStringW
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetUserDefaultLCID
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapSize
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsValidCodePage
IsValidLocale
LeaveCriticalSection
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringW
PeekNamedPipe
ReadFile
ReleaseMutex
ReleaseSemaphore
ResumeThread
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFilePointer
SetFileTime
SetLastError
SetNamedPipeHandleState
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenA

msvcrt

_ftime
_strdup
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_beginthreadex
_cexit
_close
_commit
_endthreadex
_errno
_fdopen
_get_osfhandle
_getcwd
_iob
_lseeki64
_onexit
_open_osfhandle
_read
_setjmp
_setmode
_telli64
_timezone
_waccess
_wcsdup
_wcsicmp
_wcsnicmp
_wfopen
_wgetenv
_wmkdir
_wopen
_wremove
_wrename
_write
_wrmdir
_wsetlocale
_wtoi
_wtol
abort
atan2
atexit
atof
atoi
bsearch
calloc
ceil
clearerr
cos
ctime
difftime
exit
exp
fclose
fflush
floor
fprintf
fputwc
fputws
fread
free
fseek
ftell
fwrite
getenv
gmtime
isalnum
isalpha
isdigit
isspace
iswalnum
iswalpha
iswdigit
iswspace
localtime
log
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
mktime
pow
printf
qsort
rand
realloc
setlocale
signal
sin
sprintf
sqrt
sscanf
strchr
strcmp
strcpy
strlen
strncmp
strncpy
strstr
strtod
swprintf
swscanf
time
tolower
toupper
towlower
towupper
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsncpy
wcspbrk
wcsspn
wcsstr
wcstod
wcstol
wcstombs
wcstoul

ole32

CoCreateInstance
CoLockObjectExternal
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

oleaut32

SysAllocString

psapi

GetModuleFileNameExW

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
ExtractIconExW
ExtractIconW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
Shell_NotifyIconW

user32

AdjustWindowRectEx
AppendMenuW
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
ChangeDisplaySettingsW
CheckMenuItem
CheckMenuRadioItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyRect
CreateAcceleratorTableW
CreateDialogIndirectParamW
CreateDialogParamW
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DdeClientTransaction
DdeConnect
DdeCreateDataHandle
DdeCreateStringHandleW
DdeDisconnect
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeInitializeW
DdeNameService
DdePostAdvise
DdeQueryStringW
DdeUninitialize
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawStateW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDeferWindowPos
EndPaint
EnumClipboardFormats
EnumDisplayMonitors
EnumDisplaySettingsW
EnumWindows
ExitWindowsEx
FillRect
FindWindowW
FlashWindow
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassInfoW
GetClassNameW
GetClientRect
GetClipboardData
GetClipboardFormatNameW
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetMenuItemCount
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoW
GetParent
GetScrollInfo
GetSubMenu
GetSysColor
GetSystemMenu
GetSystemMetrics
GetUpdateRect
GetUpdateRgn
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuItemW
InsertMenuW
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsW
LoadBitmapW
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
ModifyMenuW
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterHotKey
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
ScrollWindow
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetScrollInfo
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowCursor
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassW
UnregisterHotKey
UpdateWindow
ValidateRect
WaitForInputIdle
WindowFromPoint
keybd_event
wsprintfA
wvsprintfA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getservbyname
getsockname
getsockopt
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

winsplithook

InstallAllHook
StopAllHook

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 525KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WinSplit Revolution/images/about.png
.png
WinSplit Revolution/images/auto_start_false.png
.png
WinSplit Revolution/images/auto_start_true.png
.png
WinSplit Revolution/images/ecran_winsplit.png
.png
WinSplit Revolution/images/exit.png
.png
WinSplit Revolution/images/help.png
.png
WinSplit Revolution/images/hotkeys.png
.png
WinSplit Revolution/images/layout.png
.png
WinSplit Revolution/images/options.png
.png
WinSplit Revolution/languages/ca/winsplit.mo
WinSplit Revolution/languages/de/winsplit.mo
WinSplit Revolution/languages/es/winsplit.mo
WinSplit Revolution/languages/fr/winsplit.mo
WinSplit Revolution/languages/it/winsplit.mo
WinSplit Revolution/languages/nl/winsplit.mo
WinSplit Revolution/languages/pt/winsplit.mo
WinSplit Revolution/languages/zh_CN/winsplit.mo
WinSplit Revolution/winsplithook.dll
.dll windows:4 windows x86 arch:x86

e4a8676ac545d38ab66a38e195ba725a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetLastError

msvcrt

__dllonexit
_assert
_errno
abort
fflush
free
malloc
memset

user32

CallNextHookEx
MessageBoxW
PostMessageW
RegisterWindowMessageW
SetWindowsHookExW
UnhookWindowsHookEx
wsprintfW

Exports

Exports

InstallAllHook
StopAllHook

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/18
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/38
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hhookCBT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/59
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/70
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 224B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinSplit Revolution/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

d1e2c718fe2631fedb0013102209a5b1

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msvcrt

ole32

oleaut32

psapi

shell32

user32

version

wsock32

winsplithook

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.data Size: 81KB - Virtual size: 80KB

.rdata Size: 525KB - Virtual size: 524KB

.bss Size: - Virtual size: 184KB

.idata Size: 19KB - Virtual size: 18KB

.rsrc Size: 50KB - Virtual size: 50KB

e4a8676ac545d38ab66a38e195ba725a

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 48B

/4 Size: 512B - Virtual size: 4B

/18 Size: 512B - Virtual size: 4B

/38 Size: 512B - Virtual size: 4B

hhookCBT Size: 512B - Virtual size: 4B

/59 Size: 512B - Virtual size: 4B

/70 Size: 512B - Virtual size: 4B

.rdata Size: 1024B - Virtual size: 608B

.bss Size: - Virtual size: 224B

.edata Size: 512B - Virtual size: 104B

.idata Size: 1024B - Virtual size: 680B

.reloc Size: 512B - Virtual size: 268B

.text
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 81KB - Virtual size: 80KB

.rdata
Size: 525KB - Virtual size: 524KB

.bss
Size: - Virtual size: 184KB

.idata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 50KB - Virtual size: 50KB

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 48B

/4
Size: 512B - Virtual size: 4B

/18
Size: 512B - Virtual size: 4B

/38
Size: 512B - Virtual size: 4B

hhookCBT
Size: 512B - Virtual size: 4B

/59
Size: 512B - Virtual size: 4B

/70
Size: 512B - Virtual size: 4B

.rdata
Size: 1024B - Virtual size: 608B

.bss
Size: - Virtual size: 224B

.edata
Size: 512B - Virtual size: 104B

.idata
Size: 1024B - Virtual size: 680B

.reloc
Size: 512B - Virtual size: 268B