4eab3e96b0aa61f4ee5509122816a960

Sharing

Copy URL

Twitter E-mail

General

Target

4eab3e96b0aa61f4ee5509122816a960
Size

2.7MB
MD5

4eab3e96b0aa61f4ee5509122816a960
SHA1

bb8685a56b2cf3a7ba929bf687f1f29310c81cfd
SHA256

ef38db73975f2362abd8f63a8fb844b5611ec6bc813d4f785c70bb3a97ee2ebb
SHA512

afbdd984b34b69aa76cafca99e53502f956f28811b5fac6dd3218d46e41340c6547f9ea5af6e2867ee3ba32025729de13c693ac288c438bde3a4b220102f1c2b
SSDEEP

49152:B/1wESgpDybPjQ6rKXtdF53DkfwEfBeP0rnoh40h6cxFCSNO1XumWbgzEVNWqIwI:BRSgUbfy7swmhoh4JcxFVot1W8QVNKwI

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hunspellx86.dll
unpack001/Interop.QuartzTypeLib.dll
unpack001/NHunspell.dll
unpack001/SubtitleEdit.exe
unpack001/Tesseract/leptonlib.dll
unpack001/Tesseract/tesseract.exe

Files

4eab3e96b0aa61f4ee5509122816a960
.rar
Dictionaries/da_DK_names_etc.xml
Dictionaries/da_DK_user.xml
Dictionaries/dan_OCRFixReplaceList.xml
Dictionaries/en_US.aff
Dictionaries/en_US.dic
Dictionaries/en_US_names_etc.xml
Dictionaries/en_US_user.xml
Dictionaries/eng_OCRFixReplaceList.xml
Dictionaries/hyph_en_US.dic
Dictionaries/names_etc.xml
Dictionaries/sv_SE_names_etc.xml
Dictionaries/sv_SE_user.xml
Dictionaries/swe_OCRFixReplaceList.xml
Dictionaries/新云软件.url
.url
Hunspellx86.dll
.dll windows:5 windows x86 arch:x86

dfb25aa90901cbd64e217bbf50f1d1a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetLastError
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetSystemTimeAsFileTime
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetCurrentThreadId
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
RaiseException
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
CloseHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ReadFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetFilePointer
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
GetProcessHeap

Exports

Exports

HunspellAdd
HunspellAddWithAffix
HunspellAnalyze
HunspellFree
HunspellGenerate
HunspellInit
HunspellSpell
HunspellStem
HunspellSuggest
HyphenFree
HyphenHyphenate
HyphenInit

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.QuartzTypeLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NHunspell.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SubtitleEdit.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tesseract/leptonlib.dll
.dll windows:5 windows x86 arch:x86

a1cdd9483ec3f11921cf711bb989c75d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
GetProcessTimes
GetCurrentProcess
FindFirstFileA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
FindNextFileA
FindClose
GetLastError
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

ReleaseDC
GetDC

gdi32

CreateDIBSection
GetObjectA
DeleteObject

msvcr90

fwrite
memmove
fread
_CIsqrt
fseek
fscanf
fclose
fopen
rand
sprintf
sscanf
_snprintf
memset
_CIlog
ceil
_CIpow
_CIatan
malloc
_lseek
rewind
fgets
system
floor
longjmp
_setjmp3
atof
_CIexp
srand
fputc
fgetc
strncat
memcpy
strchr
strstr
ftell
strrchr
_fullpath
abort
memcmp
strlen
strtod
fabs
pow
fflush
exit
ferror
getenv
isprint
fputs
_fstat64i32
realloc
vfprintf
bsearch
qsort
setvbuf
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_CItan
__iob_func
fprintf
strncmp
_CIsin
_CIcos
_CIatan2
calloc
free
_close
_open
_fdopen
strncpy
_fileno
_getpid
_read
_write
_setmode

Exports

Exports

AlphaMaskBorderVals
ConvolveSamplingFactX
ConvolveSamplingFactY
ImageFileFormatExtensions
MORPH_BC
NumImageFileFormatExtensions
absDifferenceLow
accumulateLow
addColorizedGrayToCmap
addConstantGrayLow
addGrayLow
adjacentOnPixelInRaster
affineInvertXform
affineXformPt
affineXformSampledPt
applyCubicFit
applyLinearFit
applyQuadraticFit
applyQuarticFit
arrayCopy
arrayFindSequence
arrayRead
arrayReadStream
arrayWrite
barcodeDispatchDecoder
barcodeFormatIsSupported
bbufferBytesToWrite
bbufferCreate
bbufferDestroy
bbufferDestroyAndSaveData
bbufferExtendArray
bbufferRead
bbufferReadStream
bbufferWrite
bbufferWriteStream
bilinearXformPt
bilinearXformSampledPt
blockconvAccumLow
blockconvLow
blocksumLow
bmfCreate
bmfDestroy
bmfGetBaseline
bmfGetLineStrings
bmfGetPix
bmfGetStringWidth
bmfGetWidth
bmfGetWordWidths
boxAdjustSides
boxBoundingRegion
boxChangeRefcount
boxClipToRectangle
boxClone
boxContains
boxContainsPt
boxCopy
boxCreate
boxCreateValid
boxDestroy
boxEqual
boxGetCenter
boxGetGeometry
boxGetRefcount
boxIntersectByLine
boxIntersects
boxOverlapFraction
boxOverlapRegion
boxPrintStreamInfo
boxRelocateOneSide
boxRotateOrth
boxSetGeometry
boxTransform
boxTransformOrdered
boxaAddBox
boxaAffineTransform
boxaBinSort
boxaClear
boxaClipToBox
boxaCombineOverlaps
boxaContainedInBox
boxaConvertToPta
boxaCopy
boxaCreate
boxaDestroy
boxaEqual
boxaExtendArray
boxaExtendArrayToSize
boxaExtractSortedPattern
boxaGetBox
boxaGetBoxGeometry
boxaGetCount
boxaGetCoverage
boxaGetExtent
boxaGetMedian
boxaGetNearestToPt
boxaGetRankSize
boxaGetValidBox
boxaGetValidCount
boxaGetWhiteblocks
boxaInitFull
boxaInsertBox
boxaIntersectsBox
boxaJoin
boxaLocationRange
boxaMakeSizeIndicator
boxaPermutePseudorandom
boxaPermuteRandom
boxaPruneSortedOnOverlap
boxaRead
boxaReadStream
boxaRemoveBox
boxaReplaceBox
boxaRotate
boxaRotateOrth
boxaScale
boxaSelectBySize
boxaSelectWithIndicator
boxaSizeRange
boxaSort
boxaSort2d
boxaSort2dByIndex
boxaSortByIndex
boxaSwapBoxes
boxaTransform
boxaTransformOrdered
boxaTranslate
boxaWrite
boxaWriteStream
boxaaAddBox
boxaaAddBoxa
boxaaAlignBox
boxaaCopy
boxaaCreate
boxaaDestroy
boxaaDisplay
boxaaExtendArray
boxaaFlattenToBoxa
boxaaGetBoxCount
boxaaGetBoxa
boxaaGetCount
boxaaGetExtent
boxaaInsertBoxa
boxaaRead
boxaaReadStream
boxaaReadStreamVersion2
boxaaReadVersion2
boxaaRemoveBoxa
boxaaReplaceBoxa
boxaaWrite
boxaaWriteStream
ccbCreate
ccbDestroy
ccbaAddCcb
ccbaCreate
ccbaDestroy
ccbaDisplayBorder
ccbaDisplayImage1
ccbaDisplayImage2
ccbaDisplaySPBorder
ccbaExtendArray
ccbaGenerateGlobalLocs
ccbaGenerateSPGlobalLocs
ccbaGenerateSinglePath
ccbaGenerateStepChains
ccbaGetCcb
ccbaGetCount
ccbaRead
ccbaReadStream
ccbaStepChainsToPixCoords
ccbaWrite
ccbaWriteSVG
ccbaWriteSVGString
ccbaWriteStream
chooseDisplayProg
composeRGBPixel
convertByteToHexAscii
convertChunkToAscii85
convertFilesFittedToPS
convertFilesToPS
convertFlateToPS
convertFlateToPSEmbed
convertFlateToPSString
convertHSVToRGB
convertJpegToPS
convertJpegToPSEmbed
convertJpegToPSString
convertOnBigEnd16
convertOnBigEnd32
convertOnLittleEnd16
convertOnLittleEnd32
convertRGBToHSV
convertSegmentedPagesToPS
convertTiffG4ToPS
convertTiffG4ToPSEmbed
convertTiffG4ToPSString
convertTiffMultipageToPS
convertToPSEmbed
create2dFloatArray
create2dIntArray
createMatrix2dRotate
createMatrix2dScale
createMatrix2dTranslate
decodeAscii85
dewarpApplyDisparity
dewarpBuildModel
dewarpCreate
dewarpDestroy
dilateGrayLow
displayHSVColorRange
distanceFunctionLow
ditherTo2bppLineLow
ditherTo2bppLow
ditherToBinaryLUTLow
ditherToBinaryLineLUTLow
ditherToBinaryLineLow
ditherToBinaryLow
dpixChangeRefcount
dpixClone
dpixCopy
dpixCopyResolution
dpixCreate
dpixCreateTemplate
dpixDestroy
dpixGetData
dpixGetDimensions
dpixGetPixel
dpixGetRefcount
dpixGetResolution
dpixGetWpl
dpixResizeImageData
dpixSetData
dpixSetDimensions
dpixSetPixel
dpixSetResolution
dpixSetWpl
encodeAscii85
erodeGrayLow
expandBinaryPower2Low
extractJpegDataFromArray
extractJpegDataFromFile
extractMinMaxComponent
extractNumberFromFilename
extractRGBValues
extractTiffG4DataFromFile
fhmtautogen
fhmtautogen1
fhmtautogen2
fhmtgen_low_1
fileAppendString
fileConcatenate
fileCopy
fileFormatIsTiff
filesAreIdentical
finalAccumulateLow
finalAccumulateThreshLow
findFileFormat
findFileFormatBuffer
findNextBorderPixel
findTiffCompression
flipLRLow
flipTBLow
fmorphautogen
fmorphautogen1
fmorphautogen2
fmorphopgen_low_1
fmorphopgen_low_2
fnbytesInFile
fopenReadStream
fpixAddBorder
fpixAddMirroredBorder
fpixAddMultConstant
fpixBuildHorizontalDisparity
fpixChangeRefcount
fpixClone
fpixConvertToPix
fpixConvolve
fpixConvolveSep
fpixCopy
fpixCopyResolution
fpixCreate
fpixCreateTemplate
fpixDestroy
fpixDisplayMaxDynamicRange
fpixGetData
fpixGetDimensions
fpixGetMax
fpixGetMin
fpixGetPixel
fpixGetRefcount
fpixGetResolution
fpixGetWpl
fpixLinearCombination
fpixPrintStream
fpixRasterop
fpixRemoveBorder
fpixRenderContours
fpixResizeImageData
fpixScaleByInteger
fpixSetData
fpixSetDimensions
fpixSetPixel
fpixSetResolution
fpixSetWpl
fprintTiffInfo
freadHeaderPng
freadHeaderPnm
freadHeaderSpix
freadHeaderTiff
gaussjordan
genPathname
genTempFilename
generateBinaryMaze
generateFlatePS
generateJpegPS
generatePtaBox
generatePtaBoxa
generatePtaFilledCircle
generatePtaHashBox
generatePtaLine
generatePtaLineFromPt
generatePtaPolyline
generatePtaWideLine
generatePtaaBoxa
generatePtaaHashBoxa
generateTiffG4PS
generateUncompressedPS
getAffineXformCoeffs
getBilinearXformCoeffs
getCompositeParameters
getCutPathForHole
getExtendedCompositeParameters
getFilenamesInDirectory
getFormatExtension
getImagelibVersions
getImpliedFileFormat
getLeptonlibVersion
getLogBase2
getMorphBorderPixelColor
getNumberedPathnamesInDirectory
getOctcubeIndexFromRGB
getProjectiveXformCoeffs
getResA4Page
getResLetterPage
getScaledParametersPS
getSortedPathnamesInDirectory
gplotAddPlot
gplotCreate
gplotDestroy
gplotGenCommandFile
gplotGenDataFiles
gplotMakeOutput
gplotRead
gplotSetScaling
gplotSimple1
gplotSimple2
gplotSimpleN
gplotWrite
ioFormatTest
jbAccumulateComposites
jbAddPage
jbAddPageComponents
jbAddPages
jbClasserCreate
jbClasserDestroy
jbClassifyCorrelation
jbClassifyRankHaus
jbCorrelation
jbCorrelationInit
jbCorrelationInitWithoutComponents
jbDataDestroy
jbDataRead
jbDataRender
jbDataSave
jbDataWrite
jbGetComponents
jbGetLLCorners
jbGetULCorners
jbRankHaus
jbRankHausInit
jbTemplatesFromComposites
jbWordsInTextlines
kernelCopy
kernelCreate
kernelCreateFromFile
kernelCreateFromPix
kernelCreateFromString
kernelDestroy
kernelDisplayInPix
kernelGetElement
kernelGetMinMax
kernelGetParameters
kernelGetSum
kernelInvert
kernelNormalize
kernelRead
kernelReadStream
kernelSetElement
kernelSetOrigin
kernelWrite
kernelWriteStream
l_clearDataBit
l_clearDataDibit
l_clearDataQbit
l_error
l_errorFloat
l_errorInt
l_errorString
l_getDataBit
l_getDataByte
l_getDataDibit
l_getDataFourBytes
l_getDataQbit
l_getDataTwoBytes
l_info
l_infoFloat
l_infoFloat2
l_infoInt
l_infoInt2
l_infoString
l_jpegSetNoChromaSampling
l_pngSetStrip16To8
l_pngSetStripAlpha
l_pngSetWriteAlpha
l_pngSetZlibCompression
l_productMat2
l_productMat3
l_productMat4
l_productMatVec
l_psWriteBoundingBox
l_setAlphaMaskBorder
l_setConvolveSampling
l_setDataBit
l_setDataBitVal
l_setDataByte
l_setDataDibit
l_setDataFourBytes
l_setDataQbit
l_setDataTwoBytes
l_warning
l_warningFloat
l_warningFloat2
l_warningInt
l_warningInt2
l_warningString
lheapAdd
lheapCreate
lheapDestroy
lheapExtendArray
lheapGetCount
lheapPrint
lheapRemove
lheapSort
lheapSortStrictOrder
lheapSwapDown
lheapSwapUp
lineEndianByteSwap
linearInterpolatePixelColor
linearInterpolatePixelGray
listAddToHead
listAddToTail
listDestroy
listFindElement
listFindTail
listGetCount
listInsertAfter
listInsertBefore
listJoin
listRemoveElement
listRemoveFromHead
listRemoveFromTail
listReverse
locateOutsideSeedPixel
locatePtRadially
lqueueAdd
lqueueCreate
lqueueDestroy
lqueueExtendArray
lqueueGetCount
lqueuePrint
lqueueRemove
lstackAdd
lstackCreate
lstackDestroy
lstackExtendArray
lstackGetCount
lstackPrint
lstackRemove
make8To1DitherTables
make8To2DitherTables
makeDoGKernel
makeExpandTab2x
makeExpandTab4x
makeExpandTab8x
makeFlatKernel
makeGaussianKernel
makeGaussianKernelSep
makeGrayQuantColormapArb
makeGrayQuantIndexTable
makeGrayQuantTableArb
makeGrayQuantTargetTable

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tesseract/tessdata/configs/ambigs.train
Tesseract/tessdata/configs/api_config
Tesseract/tessdata/configs/box.train
Tesseract/tessdata/configs/box.train.stderr
Tesseract/tessdata/configs/digits
Tesseract/tessdata/configs/inter
Tesseract/tessdata/configs/kannada
Tesseract/tessdata/configs/logfile
Tesseract/tessdata/configs/makebox
Tesseract/tessdata/configs/unlv
Tesseract/tessdata/eng.traineddata
Tesseract/tessdata/tessconfigs/batch
Tesseract/tessdata/tessconfigs/batch.nochop
Tesseract/tessdata/tessconfigs/matdemo
Tesseract/tessdata/tessconfigs/msdemo
Tesseract/tessdata/tessconfigs/nobatch
Tesseract/tessdata/tessconfigs/segdemo
Tesseract/tesseract.exe
.exe windows:5 windows x86 arch:x86

388d0f7696d54b34f8b6843508a3cd20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
SetWindowTextA
MoveWindow
ShowWindow
IsWindow

leptonlib

pixSeedfillBinary
pixDisplayWrite
pixGenHalftoneMask
pixaGetCount
pixDrawBoxa
l_setDataBit
l_setDataByte
pixGetDepth
pixConvertTo8
pixGetColormap
pixClipRectangle
pixReduceRankBinaryCascade
pixGetDimensions
pixaDestroy
pixGetWidth
pixGetXRes
boxaDestroy
boxaGetBoxGeometry
boxDestroy
pixDilateBrick
pixClearInRect
boxaReplaceBox
pixSubtract
l_getDataBit
pixConnComp
pixOr
pixExpandReplicate
pixaReplacePix
pixAnd
pixaGetPix
l_clearDataBit
pixOpenBrick
pixRemoveColormap
fileFormatIsTiff
pixRead
pixDestroy
pixReadTiff
tiffGetCount
pixRasterop
pixClone
pixCreate
boxaAddBox
pixGetHeight
boxCreate
boxaCreate
boxaGetCount
pixRotate
l_getDataByte
pixGetWpl
pixGetData
pixDistanceFunction
pixWrite
pixSetMasked
pixSetAllArbitrary
pixSetAll

msvcr90

printf
sscanf
fgetc
ftell
rand
longjmp
clock
calloc
_vsnprintf
abort
strchr
strtol
rewind
strtok
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
memmove_s
__CxxFrameHandler3
memcpy
getenv
_close
?_open@@YAHPBDHH@Z
_read
_lseek
strstr
realloc
strcmp
atoi
scanf
_errno
strspn
strpbrk
isalnum
tolower
toupper
strtod
strcspn
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_ultoa
qsort
_setjmp3
vsprintf
fscanf
_ltoa
memmove
fread
ceil
strncmp
fflush
fseek
_purecall
exit
strrchr
fgets
_snprintf
__iob_func
malloc
free
??2@YAPAXI@Z
fclose
fwrite
??3@YAXPAX@Z
fprintf
fopen
strncpy
sprintf
_unlink
srand
memset
_CIlog
_CIasin
_CIfmod
_CIatan2
_CIsqrt
_CIsin
_CIcos
_CIpow
_CIexp
_CIatan
_CItan
floor
_write

msvcp90

?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

ws2_32

socket
recv
select
htons
gethostbyname
WSAStartup
connect
send

kernel32

WaitForSingleObject
CreateMutexA
ReleaseMutex
CreateFileMappingA
MapViewOfFile
GetStartupInfoA
CreateProcessA
ResumeThread
Sleep
UnmapViewOfFile
CloseHandle
CreateSemaphoreA
ReleaseSemaphore
CreateThread
GetModuleHandleA
GetModuleFileNameA
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Sections

.text
Size: 885KB - Virtual size: 885KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfb25aa90901cbd64e217bbf50f1d1a9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 246KB - Virtual size: 245KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 248KB - Virtual size: 255KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 16KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 26KB - Virtual size: 26KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 512B - Virtual size: 12B

a1cdd9483ec3f11921cf711bb989c75d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcr90

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 240KB - Virtual size: 240KB

.data Size: 27KB - Virtual size: 29KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 24KB - Virtual size: 23KB

388d0f7696d54b34f8b6843508a3cd20

Headers

DLL Characteristics

File Characteristics

Imports

user32

leptonlib

msvcr90

msvcp90

ws2_32

kernel32

Sections

.text Size: 885KB - Virtual size: 885KB

.rdata Size: 142KB - Virtual size: 141KB

.text
Size: 246KB - Virtual size: 245KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 248KB - Virtual size: 255KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 240KB - Virtual size: 240KB

.data
Size: 27KB - Virtual size: 29KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 24KB - Virtual size: 23KB

.text
Size: 885KB - Virtual size: 885KB

.rdata
Size: 142KB - Virtual size: 141KB

.data
Size: 26KB - Virtual size: 620KB

.rsrc
Size: 1024B - Virtual size: 688B