sus[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

sus.zip
Size

4.0MB
MD5

47181e8a027aeff44b3677c0bf0c2bb2
SHA1

505df8e05b3546b8a5a95d11b324aab9c3ed3d0c
SHA256

ea8cda2ca5cc3c683a553a0e7576f86e9f65f26ea9fa71aeef36c22ec0dacc29
SHA512

1b60e89508fc2f901096bf6ccb8f03df4fdddfc14c8ea1d578a4a2fdefac0f592a0bd829666eb335d537b75d70082fa7e3c8a875408cbb71644a1abd712429fd
SSDEEP

98304:Wy3VNVX5ySzYC3DSWJaLrkxWksNOUCrJkT8y6hc5adwvXrTM+:vfR532YaLrkHsN2Q8ydYdWb

Score

8^/10

macro upx

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
static1/unpack001/026bc6e96af05c03e3ca7ae271b596ae6ce4478019610f9f9ed5fcd67c9bd15f.doc

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/9ef2516cc28d776827774683e5e1cae1e5bf193e773fb51e3fc73010c4e66ed2.dll	upx
static1/unpack001/f58042f2009cd4a7a9d500cdc46008bb98390d67b0fcf480f7330f1faf8d5845.exe	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/04d2d83484595a9be7fe1207f90dda87c5590f808a902a0fbe055e4cb8806d8a.exe
unpack001/2b9cfdd264b3db3a7960ec45a6291270274b16c2d81cafa26e0082a59d50f238.exe
unpack001/3bfc3d4fd688bac955aaa30eaf04161a74fdfe8f8e78232a83d256d85931a42a.exe
unpack001/58bc68dd68ed45c61bef997f07a49f902a5ce257dbf46f9507e51e1d68db015b.exe
unpack001/734fd61103c012c3ce5c46f3b56e01d29b9c089eba0c87f5866e78c556cfe0d4.exe
unpack001/7c401a0b62551d535e16b6437b6520f8c033f83fe74a81675eff857cd50f5163.exe
unpack001/8f8c466f96c9ccb28f6f31d5b482c015d84076f24d93906432f9988a5c8beaff.exe
unpack001/962ec5ee4cd9f1da39b0e727e7008705587862416818c34028d1f82217ce00ab.exe
unpack001/9c0f3a0e2e47dfbe7506823ba38991389cce07afd68dcbb92d2da0f2dd411e9e.exe
unpack001/9ef2516cc28d776827774683e5e1cae1e5bf193e773fb51e3fc73010c4e66ed2.dll
unpack001/a97c94ee538d84474a794fdcf7e2f17735aeb7b62be66e1775ad396a4c5357a2.exe
unpack001/a987e1e27b8430e6b15da027ba32e7365094cbf708798a239c702cc6d0230bac.exe
unpack001/b3f40ebe976c09ad8220f6dfdc0f70a861da8e306edfe3ae596e98d42bf8b03b.exe
unpack001/b70fb29037b7381c8026e91c09b54728fe140aa756c0383061584308845cda2c.exe
unpack001/f58042f2009cd4a7a9d500cdc46008bb98390d67b0fcf480f7330f1faf8d5845.exe

Files

sus.zip
.zip
026bc6e96af05c03e3ca7ae271b596ae6ce4478019610f9f9ed5fcd67c9bd15f.doc
.doc windows office2003

ThisDocument
04d2d83484595a9be7fe1207f90dda87c5590f808a902a0fbe055e4cb8806d8a.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.clam01
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
0953026a91f39a9b3e0780369549b976b2f143d749f4f627791b3bc11478f1fa.cmd
12e3f4ae68ce542c909a7a29316e358371dcb44fd2d3cb2ab9a20868c5eac0a9.xlsx
.xlsx office2007
23049a85a807808c11d805c017ad9d168523d9308353eebd7f2a42b0906b207f.html
.js
24cbd07dac9f307c57de35b83669f9a9c1355c7b84d5d41f1b22d225612744b3.unknown
2b9cfdd264b3db3a7960ec45a6291270274b16c2d81cafa26e0082a59d50f238.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3bfc3d4fd688bac955aaa30eaf04161a74fdfe8f8e78232a83d256d85931a42a.exe
.exe windows:4 windows x86 arch:x86

d5f959ab6b08418cb29e2bc700317fb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalDeleteAtom
lstrcmpiA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
LocalFree
MultiByteToWideChar
SetStdHandle
IsBadCodePtr
IsBadReadPtr
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetFileSize
InterlockedIncrement
InterlockedDecrement
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
lstrlenW
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
TerminateProcess
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RaiseException
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
WideCharToMultiByte

user32

SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
MessageBeep
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
OpenClipboard
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
GetClipboardData
CloseClipboard
wsprintfA
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
WaitForInputIdle
PostMessageA
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSystemMenu
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
UnregisterClassA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
CharNextA
SetWindowContextHelpId
MapDialogRect
LoadStringA
GetSysColorBrush
GetNextDlgGroupItem
PostThreadMessageA
DeleteMenu
GetClassInfoA
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture

gdi32

SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
CreatePen
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
CreateRectRgnIndirect
SetBkColor
GetMapMode
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleRun
StgOpenStorageOnILockBytes
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoGetClassObject
OleInitialize
OleUninitialize
CLSIDFromString
CoCreateInstance

oleaut32

OleCreateFontIndirect
UnRegisterTypeLi
SysFreeString
SysStringLen
SysAllocStringByteLen
SafeArrayCreateVector
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
SafeArrayGetElemsize
SysAllocStringLen
VariantTimeToSystemTime
GetErrorInfo

comctl32

ImageList_Destroy
ord17

oledlg

ord8

ws2_32

getpeername
accept
ioctlsocket
recvfrom
WSAAsyncSelect
closesocket
WSACleanup
recv
inet_ntoa

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
GetFileTitleA

Sections

.text
Size: 648KB - Virtual size: 646KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
58bc68dd68ed45c61bef997f07a49f902a5ce257dbf46f9507e51e1d68db015b.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
734fd61103c012c3ce5c46f3b56e01d29b9c089eba0c87f5866e78c556cfe0d4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7c401a0b62551d535e16b6437b6520f8c033f83fe74a81675eff857cd50f5163.exe
.exe windows:4 windows x86 arch:x86

321e8cb3e6acb5f44272d988bb955d41

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetStdHandle
GetLocalTime
Sleep
WaitForSingleObject
WaitForMultipleObjects
DebugBreak
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTickCount
LeaveCriticalSection
SetEndOfFile
LoadLibraryA
GetProcAddress
IsBadCodePtr
IsBadReadPtr
LCMapStringW
LCMapStringA
SetStdHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
SetFilePointer
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
EnterCriticalSection
UnhandledExceptionFilter
GetOEMCP
DeleteCriticalSection
InitializeCriticalSection
SetEvent
CreateEventA
CreateThread
SetCurrentDirectoryA
WriteFile
GetModuleFileNameA
CreateFileA
ReadFile
CloseHandle
OutputDebugStringA
GetACP
GetCPInfo
TlsGetValue
SetLastError
TlsAlloc
GetCurrentProcess
TerminateProcess
GetFileType
SetHandleCount
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
ExitProcess
GetVersion
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
GetCurrentThreadId
TlsSetValue
ExitThread
RaiseException
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetModuleHandleA
GetStartupInfoA

user32

SetFocus
MoveWindow
GetClientRect
SendMessageA
CreateWindowExA
GetSubMenu
LoadMenuA
RegisterClassExA
LoadImageA
GetMessageA
LoadCursorA
LoadIconA
DialogBoxParamA
DestroyWindow
PostMessageA
TrackPopupMenu
SetForegroundWindow
GetCursorPos
DefWindowProcA
GetSystemMetrics
GetDlgItem
MessageBoxA
DispatchMessageA
GetMenuItemID
CheckMenuItem
ShowWindow
GetDlgItemTextA
EndDialog
SendDlgItemMessageA
KillTimer
EnableWindow
SetDlgItemTextA
SetTimer
UpdateWindow
SetWindowTextA
DestroyMenu
PostQuitMessage
TranslateMessage

gdi32

GetStockObject

comdlg32

GetSaveFileNameA

advapi32

CryptReleaseContext
CryptAcquireContextA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenServiceA
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA
CryptGenRandom

shell32

Shell_NotifyIconA

wsock32

WSAStartup
inet_addr
gethostbyname
ioctlsocket
connect
socket
htons
shutdown
closesocket
WSAGetLastError
recv
__WSAFDIsSet
select
WSACleanup
accept
listen
bind
htonl
inet_ntoa
send

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8f8c466f96c9ccb28f6f31d5b482c015d84076f24d93906432f9988a5c8beaff.exe
.exe windows:4 windows x86 arch:x86

bd0ac796c17184148097f16590b84a08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
ExitProcess
WritePrivateProfileStringA
GetCurrentDirectoryA
lstrcatA
GetPrivateProfileIntA
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GetTickCount
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
GlobalAlloc
GlobalFree
SizeofResource
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

GetWindowLongA
ReleaseCapture
GetCursorPos
CallWindowProcA
BringWindowToTop
SetCapture
GetParent
IsWindow
LoadIconA
RegisterClassExA
CreateWindowExA
GetSystemMetrics
GetWindowRect
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
LoadCursorA
SetCursor
CloseWindow
wsprintfA
PostQuitMessage
PostMessageA
BeginPaint
EndPaint
KillTimer
SetTimer
SendMessageA
SetWindowPos
DestroyWindow
ShowWindow
GetDC
ReleaseDC
SetWindowLongA

shell32

ShellExecuteA

winmm

sndPlaySoundA

gdi32

GetObjectA
GetDeviceCaps
GetBitmapBits
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
SetBitmapBits

ole32

CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
CoInitialize

olepro32

ord251

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
962ec5ee4cd9f1da39b0e727e7008705587862416818c34028d1f82217ce00ab.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.clam01
Size: 520KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clam02
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clam03
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.clam04
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9c0f3a0e2e47dfbe7506823ba38991389cce07afd68dcbb92d2da0f2dd411e9e.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

20/20tm
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_data
Size: 1KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9ef2516cc28d776827774683e5e1cae1e5bf193e773fb51e3fc73010c4e66ed2.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a8099e87a496c3ce87311ec818ecf32198db10e697c09a17dff71e7451455102.unknown
a97c94ee538d84474a794fdcf7e2f17735aeb7b62be66e1775ad396a4c5357a2.exe
.exe windows:6 windows x86 arch:x86

7ad2d3d46c495863ebe67bdc2f3867a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

netapi32

NetLocalGroupAddMembers
NetUserAdd

Sections

.text
Size: 512B - Virtual size: 167B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a987e1e27b8430e6b15da027ba32e7365094cbf708798a239c702cc6d0230bac.exe
.exe windows:4 windows x86 arch:x86

a34979747bb328ea1e72f10957aa0a98

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaR8FixI4
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaLineInputStr
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
ord696
__vbaVarIdiv
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
__vbaPut4
__vbaFreeObjList
__vbaR8Sgn
ord516
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaStrCat
__vbaVarCmpNe
__vbaError
ord553
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
__vbaVarTstLe
__vbaVarCmpGe
__vbaVarXor
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaLateMemSt
__vbaBoolStr
__vbaExitProc
__vbaForEachCollObj
ord593
__vbaVarForInit
ord594
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord520
__vbaRefVarAry
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
ord631
__vbaErase
ord709
__vbaVargVarMove
ord632
__vbaVarCmpGt
__vbaNextEachCollObj
__vbaChkstk
__vbaGosubFree
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarAbs
ord528
__vbaStrCmp
__vbaGet3
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner4
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaStrR4
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
ord569
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
ord601
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStrUI1
ord710
__vbaVarMul
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaGosub
ord607
__vbaI2Str
__vbaVarDiv
ord608
__vbaVarCmpLe
__vbaFPException
ord717
__vbaInStrVar
__vbaStrVarVal
__vbaGetOwner3
__vbaUbound
__vbaVarCat
__vbaI2Var
ord537
ord645
_CIlog
__vbaFileOpen
__vbaVar2Vec
__vbaNew2
__vbaInStr
__vbaR8Str
ord570
ord648
ord571
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaI4Str
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
__vbaStrToAnsi
ord612
__vbaVarDup
__vbaFpI2
__vbaVarMod
__vbaVarTstGe
ord616
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaRecDestructAnsi
ord617
__vbaLateMemCallLd
__vbaR8IntI2
_CIatan
ord618
__vbaAryCopy
__vbaI2ErrVar
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord619
__vbaR8IntI4
_allmul
__vbaLenVarB
__vbaLateIdSt
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
__vbaVarForNext
_CIexp
ord580
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar
ord581

Sections

.text
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ac5c46b97345465a96e9ae1edaff44b191a39bf3d03dc1128090b8ffa92a16f8.vbs
.vbs
b3f40ebe976c09ad8220f6dfdc0f70a861da8e306edfe3ae596e98d42bf8b03b.exe
.exe windows:4 windows x86 arch:x86

0953cf5b6dbf48bcdbba8a1e61a3685b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut
midiOutPrepareHeader
midiStreamProperty
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutClose
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
midiStreamOpen

ws2_32

WSAAsyncSelect
closesocket
WSACleanup
recvfrom
ioctlsocket
recv
inet_ntoa
getpeername
accept

kernel32

MultiByteToWideChar
SetLastError
GetTimeZoneInformation
GetVersion
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
LocalFree
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
InterlockedExchange
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
lstrlenW
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
ExpandEnvironmentStringsA
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
CloseHandle
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetOEMCP

user32

GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DefWindowProcA
GetClassInfoA
DeleteMenu
GetSystemMenu
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
CreateMenu
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
InflateRect
SetRect
IntersectRect
DestroyIcon
PostThreadMessageA
GetNextDlgGroupItem
GetSysColorBrush
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
LoadIconA
TranslateMessage
SystemParametersInfoA
GetDesktopWindow
GetClassNameA
UnregisterClassA
GetDlgItem
FindWindowExA
GetWindowTextA
WinHelpA
GetMessageA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
CharNextA
SetWindowContextHelpId
MapDialogRect
LoadStringA

gdi32

GetMapMode
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn
GetStockObject
GetObjectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
CreateFontIndirectA
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
CreateRectRgnIndirect
SetBkColor
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
CreateSolidBrush
CombineRgn
CreateRectRgn
FillRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
DPtoLP
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
StgOpenStorageOnILockBytes
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
CoGetClassObject

oleaut32

VariantChangeType
VariantClear
VariantCopy
SafeArrayGetUBound
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
SafeArrayGetLBound
SysFreeString
UnRegisterTypeLi
OleCreateFontIndirect
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetDim

comctl32

ord17
ImageList_Destroy

oledlg

ord8

comdlg32

ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

Sections

.text
Size: 624KB - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b70fb29037b7381c8026e91c09b54728fe140aa756c0383061584308845cda2c.exe
.dll windows:6 windows x64 arch:x64

9191f8a87959eae9126ee49b6cbbf896

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
CreateThread
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
VirtualProtect
SetLastError
VirtualFree
lstrlenW
VirtualAlloc
GetThreadLocale
LoadLibraryA
GetNativeSystemInfo
GetProcAddress
CloseHandle
IsBadReadPtr
LocalAlloc
ExitThread
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32NextW
GetDiskFreeSpaceExW
Process32FirstW
GetSystemInfo
GlobalMemoryStatusEx
WinExec
SetEndOfFile
WriteConsoleW
CreateFileW
SetStdHandle
HeapReAlloc
GlobalFree
GetLastError
MultiByteToWideChar
HeapSize
GetComputerNameExW
InitializeCriticalSectionEx
GetEnvironmentVariableW
TerminateProcess
FreeLibrary
HeapFree
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
DeleteFileW
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
Sleep
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetLocaleInfoEx
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringEx
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
OutputDebugStringW
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
RtlUnwind

user32

EnumThreadWindows

advapi32

RegGetValueA
CryptDestroyKey
CryptAcquireContextW
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
RegOpenKeyW
RegQueryValueExW

shell32

CommandLineToArgvW

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpSetOption

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

Exports

Exports

Drop0
Drop1
Drop2
T34

Sections

.text
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b9b170148cc804191cae29db5caef99553709fea1e39066876f7887937e11b9e.doc
.docx .doc office2007
d231603b824d680b067872e4cd52958db3ca3920f95d712ac3e3f234ee8b37b5.doc
.doc windows office2003

ThisDocument
f4c8369e4de1f12cc5a71eb5586b38fc78a9d8db2b189b8c25ef17a572d4d6b7.exe
.exe windows:5 windows x64 arch:x64

0ad501347658d973b4e2cfc18237277b

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:b4:98:57:97:52:86:fc:12:a5:97:3d:32:81:31:e5:99:a6:30:5b:c6:f9:92:cc:e4:37:bd:e5:39:a1:90:73
Signer

Actual PE Digest

ba:b4:98:57:97:52:86:fc:12:a5:97:3d:32:81:31:e5:99:a6:30:5b:c6:f9:92:cc:e4:37:bd:e5:39:a1:90:73

Digest Algorithm

sha256

PE Digest Matches

true

51:6d:cb:f1:74:b5:a2:24:bf:e7:b0:0e:de:42:2f:24:25:eb:ee:0d
Signer

Actual PE Digest

51:6d:cb:f1:74:b5:a2:24:bf:e7:b0:0e:de:42:2f:24:25:eb:ee:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

EnumProcessModules
GetModuleBaseNameW

kernel32

CreateProcessW
GetCurrentProcess
InitializeCriticalSection
OpenProcess
GetLastError
ContinueDebugEvent
WaitForDebugEvent
ResumeThread
CreateThread
FormatMessageW
MultiByteToWideChar
ExpandEnvironmentStringsW
TerminateProcess
SetConsoleCtrlHandler
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetFileAttributesW
GetEnvironmentVariableA
GetCurrentDirectoryW
Process32FirstW
GetSystemInfo
WaitForMultipleObjects
Process32NextW
IsDebuggerPresent
CreateToolhelp32Snapshot
DebugBreak
GetSystemTime
ExitProcess
DebugActiveProcessStop
Sleep
SetFilePointerEx
GetTimeFormatW
CreateFileW
ReleaseSemaphore
GetFileSizeEx
CreateSemaphoreW
GetProcessId
DeleteFileW
SetLastError
DeviceIoControl
VirtualQueryEx
SetStdHandle
HeapReAlloc
WriteConsoleW
OutputDebugStringW
LoadLibraryExW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DebugActiveProcess
OpenThread
ReadProcessMemory
GetTickCount
GetThreadContext
GetDateFormatW
DeleteCriticalSection
WaitForSingleObject
SetEndOfFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetModuleFileNameW
GetVersionExW
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetCommandLineW
CreateEventW
ReadFile
ReadConsoleW
FreeLibrary
GetFileType
GetConsoleCP
FlushFileBuffers
GetStringTypeW
HeapSize
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
IsProcessorFeaturePresent
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetProcessHeap
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
WriteFile
RtlCaptureContext
RtlVirtualUnwind

user32

SendMessageW
GetDlgItem
InflateRect
LoadCursorW
DialogBoxIndirectParamW
SetWindowTextW
EndDialog
GetSysColorBrush
wsprintfW
IsHungAppWindow
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
LoadStringA
SetCursor

gdi32

StartPage
GetDeviceCaps
SetMapMode
StartDocW
EndDoc
EndPage

comdlg32

PrintDlgW

advapi32

EnumServicesStatusExW
OpenSCManagerW
CloseServiceHandle
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW
RegCreateKeyW

shell32

CommandLineToArgvW

ole32

CoUninitialize
CoInitializeEx
CoAllowSetForegroundWindow
CoCreateInstance
CLSIDFromString

pdh

PdhOpenQueryW
PdhAddCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f58042f2009cd4a7a9d500cdc46008bb98390d67b0fcf480f7330f1faf8d5845.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 720KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ThisDocument

Headers

File Characteristics

Sections

.clam01 Size: 239KB - Virtual size: 239KB

Headers

File Characteristics

Sections

.text Size: 440KB - Virtual size: 440KB

.data Size: 28KB - Virtual size: 28KB

.rdata Size: 28KB - Virtual size: 28KB

/4 Size: 92KB - Virtual size: 92KB

.bss Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

/14 Size: 4KB - Virtual size: 4KB

/29 Size: 44KB - Virtual size: 44KB

/41 Size: 8KB - Virtual size: 8KB

/55 Size: 8KB - Virtual size: 8KB

/67 Size: 4KB - Virtual size: 4KB

/80 Size: 4KB - Virtual size: 4KB

/91 Size: 24KB - Virtual size: 24KB

/102 Size: 4KB - Virtual size: 4KB

d5f959ab6b08418cb29e2bc700317fb4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

comdlg32

Sections

.text Size: 648KB - Virtual size: 646KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 68KB - Virtual size: 246KB

.rsrc Size: 112KB - Virtual size: 108KB

Headers

File Characteristics

Sections

CODE Size: 359KB - Virtual size: 359KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 26KB - Virtual size: 26KB

.rsrc Size: 35KB - Virtual size: 35KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

321e8cb3e6acb5f44272d988bb955d41

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

.clam01
Size: 239KB - Virtual size: 239KB

.text
Size: 440KB - Virtual size: 440KB

.data
Size: 28KB - Virtual size: 28KB

.rdata
Size: 28KB - Virtual size: 28KB

/4
Size: 92KB - Virtual size: 92KB

.bss
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

/14
Size: 4KB - Virtual size: 4KB

/29
Size: 44KB - Virtual size: 44KB

/41
Size: 8KB - Virtual size: 8KB

/55
Size: 8KB - Virtual size: 8KB

/67
Size: 4KB - Virtual size: 4KB

/80
Size: 4KB - Virtual size: 4KB

/91
Size: 24KB - Virtual size: 24KB

/102
Size: 4KB - Virtual size: 4KB

.text
Size: 648KB - Virtual size: 646KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 68KB - Virtual size: 246KB

.rsrc
Size: 112KB - Virtual size: 108KB

CODE
Size: 359KB - Virtual size: 359KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 35KB - Virtual size: 35KB

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 84KB - Virtual size: 83KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 293KB - Virtual size: 292KB

.clam01
Size: 520KB - Virtual size: 520KB

.clam02
Size: 100KB - Virtual size: 100KB

.clam03
Size: 224KB - Virtual size: 224KB

.clam04
Size: 40KB - Virtual size: 40KB

.text
Size: 28KB - Virtual size: 26KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

20/20tm
Size: 32KB - Virtual size: 31KB

_data
Size: 1KB - Virtual size: 15KB

_idata
Size: 3KB - Virtual size: 3KB

_rsrc
Size: 9KB - Virtual size: 9KB

_reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 16B

.UPX0
Size: 12KB - Virtual size: 10KB

.UPX1
Size: 8KB - Virtual size: 7KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 512B - Virtual size: 167B

.rdata
Size: 512B - Virtual size: 182B