9997aebe1489f0c536cb0a2fa423c4c8

Sharing

Copy URL Twitter E-mail

General

Target

9997aebe1489f0c536cb0a2fa423c4c8
Size

2.5MB
MD5

9997aebe1489f0c536cb0a2fa423c4c8
SHA1

8b6af37aa7867626ae03119f763fb8f209e9edb1
SHA256

020d05ca67529ed45cfb8ca8e385442504cf46a0f9a3ebc193529412c2abd468
SHA512

536b87b6a56e7b5e611a2bc5bf525642b66fa8cae91c9f72a5b8f39273757e5161bf8ab7ddee4617a47a48267185b76145900955c476ebd5243cd15dad655158
SSDEEP

49152:URvd1Y5OExXuhW8SDWgIWWtgxzV2oZOaDbltOm+xAV08C9fEUZIS5u:UR/ExTlWrg1Zxam+xAq8CRqmu

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/sotab.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/sotab.dll	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sotab.dll
unpack002/out.upx

Files

9997aebe1489f0c536cb0a2fa423c4c8
.zip
ADPopupSU.dll
.dll regsvr32 windows:4 windows x86 arch:x86

706b73b40d41dd77b48f69ae0f97c11b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:61:30:64:72:5d:29:95:33:4f:25:a0:f8:82:11:d1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

19/05/2011, 00:00

Not After

18/05/2012, 23:59

Subject

CN=Akorea,O=Akorea,L=Haeundae-gu\ ,ST=BUSAN,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

wininet

DeleteUrlCacheEntry

mfc42

ord6394
ord2841
ord5440
ord6383
ord858
ord2107
ord801
ord941
ord6883
ord541
ord6215
ord6199
ord6442
ord2864
ord665
ord1979
ord3318
ord5186
ord354
ord5710
ord551
ord4278
ord922
ord3811
ord798
ord1997
ord4277
ord4129
ord2764
ord5465
ord5194
ord533
ord924
ord2818
ord535
ord6648
ord861
ord6663
ord1601
ord6385
ord6779
ord926
ord4202
ord6877
ord537
ord3337
ord6392
ord6407
ord939
ord2763
ord6055
ord4078
ord1776
ord5450
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord3742
ord818
ord567
ord4275
ord6197
ord6379
ord2379
ord6453
ord6876
ord6143
ord5778
ord5448
ord5861
ord1228
ord540
ord2135
ord1949
ord860
ord1105
ord800
ord3663
ord823
ord6467
ord1131
ord2725
ord1134
ord3953
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord1575
ord1176
ord1116
ord4407
ord3402

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_mbsrev
_mbsstr
strstr
strtoul
_mbsnbcpy
_strdup
sprintf
malloc
free
strcmp
strcpy
strlen
srand
rand
atoi
_mbscmp
_mbsicmp
strcat
_stricmp
memcmp
memset
__CxxFrameHandler
_purecall
memcpy
_wcsicmp

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
lstrlenW
InterlockedDecrement
EnterCriticalSection
GetCurrentProcessId
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree
LocalAlloc
GetTempPathA
CreateDirectoryA
lstrlenA
DeleteFileA
CopyFileA
GetTickCount
MultiByteToWideChar
CreateProcessA
WideCharToMultiByte
WritePrivateProfileStringA
GetPrivateProfileStringA
InterlockedIncrement

user32

DestroyWindow
IsWindow
GetWindowRect
EnableWindow
KillTimer
SetForegroundWindow
WaitForInputIdle
EnumWindows
GetParent
SetTimer
GetWindowThreadProcessId
GetClassNameA
GetSystemMetrics
GetClientRect
SendMessageA
CreateWindowExA
GetWindowLongA
SetWindowLongA
ShowWindow
IsWindowVisible
SetWindowPos

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

oleaut32

SysStringLen
VariantClear
SysFreeString
LoadRegTypeLi

urlmon

URLDownloadToFileA
URLOpenStreamA

atl

ord15
ord21
ord23
ord18
ord57
ord32
ord58
ord30
ord11
ord10
ord39
ord47
ord16

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SUUninstallJN.exe
.exe windows:5 windows x86 arch:x86

c226788d6f17c60c3aa2aa087274bcad

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:61:30:64:72:5d:29:95:33:4f:25:a0:f8:82:11:d1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

19/05/2011, 00:00

Not After

18/05/2012, 23:59

Subject

CN=Akorea,O=Akorea,L=Haeundae-gu\ ,ST=BUSAN,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetFileAttributesA
GetFileSizeEx
GetFileTime
HeapAlloc
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
RaiseException
VirtualAlloc
HeapReAlloc
ExitProcess
ExitThread
CreateThread
HeapSize
VirtualFree
HeapCreate
GetStdHandle
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
CompareStringW
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
TlsFree
DeleteCriticalSection
GetProcessHeap
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetModuleFileNameW
LoadLibraryA
FreeResource
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
FindActCtxSectionStringA
LoadLibraryExA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
GetModuleHandleA
GetProcAddress
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
lstrlenA
CreateDirectoryA
GetSystemDirectoryA
CreateProcessA
WaitForSingleObject
InterlockedDecrement
MultiByteToWideChar
GetLastError
SetLastError
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
Sleep
CloseHandle
OpenProcess
TerminateProcess
Process32Next
DeleteFileA
MoveFileExA
RemoveDirectoryA
GetModuleFileNameA
GetTempPathA
CopyFileA
WinExec
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
UnhandledExceptionFilter
SizeofResource

user32

DestroyMenu
UnregisterClassA
LoadCursorA
GetSysColorBrush
CharUpperA
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
MessageBoxA
DrawIcon
SendMessageA
PostMessageA
ReleaseDC
GetDC
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
IsIconic
GetWindowRect
GetClientRect
InvalidateRect
LoadIconA
EnableWindow
GetSystemMetrics
FindWindowA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
SetMenu

gdi32

DeleteDC
GetStockObject
ExtTextOutA
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
Escape

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
GetUserNameA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA

shell32

SHGetSpecialFolderPathA

shlwapi

PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFileExistsA
PathFindFileNameA

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
VariantChangeType

urlmon

URLOpenStreamA

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SupportBarJN.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ac220bdf78365fe1712e985fa2c8f337

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:61:30:64:72:5d:29:95:33:4f:25:a0:f8:82:11:d1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

19/05/2011, 00:00

Not After

18/05/2012, 23:59

Subject

CN=Akorea,O=Akorea,L=Haeundae-gu\ ,ST=BUSAN,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

msimg32

TransparentBlt

kernel32

HeapFree
RtlUnwind
HeapAlloc
GetCommandLineA
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
CreateThread
ExitThread
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
SetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileTime
GetFileSize
GetFileAttributesA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalFree
TlsAlloc
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetModuleFileNameA
GlobalAlloc
lstrcmpA
GetCurrentThread
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalAlloc
lstrcpynA
GetLastError
GlobalLock
GlobalUnlock
SetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
LocalFree
WaitForSingleObject
FindResourceA
LoadResource
LockResource
CreateDirectoryA
lstrlenA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetTempPathA
DeleteFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
VirtualFree

user32

DestroyMenu
GetSysColorBrush
PtInRect
GetClassNameA
LoadStringA
UnregisterClassA
CharUpperA
PostQuitMessage
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
GetCursorPos
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
SetWindowTextA
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
ClientToScreen
LoadIconA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
wsprintfA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
GetKeyState
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
KillTimer
DestroyWindow
FillRect
DrawTextA
CreateWindowExA
GetWindowLongA
SetWindowLongA
SendMessageA
FindWindowExA
MoveWindow
SetTimer
GetSystemMetrics
SetWindowPos
SetForegroundWindow
IsWindowVisible
IsWindow
EnableWindow
LoadBitmapA
PostMessageA
LoadCursorA
GetDC
ReleaseDC
GetClientRect
GetWindowRect
GetParent
SetCursor
InvalidateRect
DestroyCursor
GetClassInfoA

gdi32

CreateBitmap
RectVisible
PtVisible
Escape
GetDeviceCaps
ExtTextOutA
TextOutA
DeleteObject
CreateFontA
GetObjectA
CreateCompatibleDC
SelectObject
StretchBlt
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetBkMode
GetStockObject
RestoreDC
SaveDC
DeleteDC
SetBkColor
SetTextColor
GetClipBox
CreatePatternBrush
CreateCompatibleBitmap
BitBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent
ord17

oleaut32

SysFreeString
VariantClear
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysAllocString
SysAllocStringByteLen

urlmon

URLDownloadToFileA

atl

ord23
ord58
ord47
ord39
ord30
ord10
ord32
ord16
ord21
ord15
ord18
ord57
ord11

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SupportBarUpdateJN.exe
.exe windows:4 windows x86 arch:x86

bc93399ec38b1cf7b9e1dae283d7f8a1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:61:30:64:72:5d:29:95:33:4f:25:a0:f8:82:11:d1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

19/05/2011, 00:00

Not After

18/05/2012, 23:59

Subject

CN=Akorea,O=Akorea,L=Haeundae-gu\ ,ST=BUSAN,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

mfc42

ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord540
ord324
ord825
ord4234
ord1105
ord4710
ord668
ord1980
ord5710
ord3181
ord2781
ord2770
ord356
ord3337
ord3811
ord2818
ord922
ord858
ord924
ord2379
ord823
ord939
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3262
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord818
ord326
ord567
ord4129
ord2621
ord1134
ord926
ord1168
ord1832
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord860
ord537
ord940
ord535
ord800
ord1576
ord3922

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_stricmp
_setmbcp
free
__CxxFrameHandler
strtoul
_mbsnbcpy
_strdup
_mbscmp
atol
atoi
_mbsicmp
malloc

kernel32

WaitForSingleObject
GetSystemDirectoryA
CreateDirectoryA
CloseHandle
CreateMutexA
Process32First
CreateToolhelp32Snapshot
LocalFree
OpenProcess
GetModuleHandleA
GetStartupInfoA
GetLastError
GetPrivateProfileStringA
GetTempPathA
DeleteFileA
Sleep
Process32Next
CreateProcessA
WinExec

user32

EnableWindow
PostMessageA

advapi32

GetTokenInformation
ConvertSidToStringSidA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken

shell32

SHGetSpecialFolderPathA

urlmon

URLOpenStreamA
URLDownloadToFileA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
category.dat
domainmatch.dat
except.dat
mainsite.dat
sotab.dll
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 130KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
susghelp.exe
.exe windows:5 windows x86 arch:x86

806bfb8267813b186d1986a9bd273664

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:61:30:64:72:5d:29:95:33:4f:25:a0:f8:82:11:d1
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

19/05/2011, 00:00

Not After

18/05/2012, 23:59

Subject

CN=Akorea,O=Akorea,L=Haeundae-gu\ ,ST=BUSAN,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\진행프로젝트\06_1.플러스라인\ADPopupApp\SupportBar\susghelp.pdb

Imports

kernel32

WriteConsoleA
GetStringTypeW
SetEnvironmentVariableA
GetStringTypeA
GetConsoleMode
GetProcessHeap
WriteConsoleW
CompareStringW
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
VirtualFree
CreateMutexA
HeapCreate
LCMapStringW
LCMapStringA
GetTimeZoneInformation
IsValidCodePage
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
GetFileType
SetStdHandle
CreateThread
ExitThread
ExitProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
HeapReAlloc
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
FindResourceExA
VirtualProtect
GetProfileIntA
SearchPathA
GetSystemDirectoryW
LoadLibraryW
GetTempFileNameA
GetFileTime
GetFileSizeEx
SetErrorMode
GetOEMCP
GetCPInfo
GetFileAttributesA
lstrcpyA
GlobalFlags
GetCurrentDirectoryA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetModuleHandleW
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedIncrement
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
LoadLibraryA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
SuspendThread
ResumeThread
SetThreadPriority
CloseHandle
GetPrivateProfileIntA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
GetModuleHandleA
GetProcAddress
SetLastError
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
FreeResource
GetTempPathA
FindClose
FindFirstFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrlenW
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource
SetEvent
Sleep
WaitForSingleObject
WideCharToMultiByte
GetTickCount
CreateDirectoryA
lstrlenA
DeleteFileA
CopyFileA
ResetEvent
CreateEventA
GetLastError
GetConsoleOutputCP

user32

GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetCursorPos
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
UnpackDDElParam
ReuseDDElParam
InsertMenuItemA
TranslateAcceleratorA
GetMenuItemInfoA
UnregisterClassA
GetNextDlgGroupItem
InvalidateRgn
SetRect
EmptyClipboard
CloseClipboard
SetClipboardData
LoadImageA
DestroyIcon
CopyImage
OpenClipboard
DrawStateA
RegisterClipboardFormatA
EnumChildWindows
LockWindowUpdate
BringWindowToTop
IsRectEmpty
InflateRect
IsMenu
GetSystemMenu
SetClassLongA
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableA
LoadAcceleratorsA
DestroyAcceleratorTable
GetAsyncKeyState
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
CopyAcceleratorTableA
DestroyMenu
PostThreadMessageA
LoadMenuA
SetRectEmpty
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
GetSysColorBrush
CharNextA
CharUpperA
RegisterWindowMessageA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
IsCharLowerA
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
IntersectRect
GetWindowPlacement
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetWindowTextLengthA
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
LoadIconA
SendMessageA
SetTimer
IsIconic
GetSystemMetrics
SendDlgItemMessageA
CheckDlgButton
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
GetKeyNameTextA
MapVirtualKeyExA
IsClipboardFormatAvailable
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
FrameRect
GetUpdateRect
CharUpperBuffA
CopyIcon
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SubtractRect
GetDoubleClickTime
CreateMenu
GetWindowRgn
SetScrollRange
GetClientRect
DrawIcon
IsWindow
GetForegroundWindow
GetWindowRect
KillTimer
SetParent
EnableWindow
InvalidateRect
DestroyCursor
SetCursor
GetParent
GetDC
ReleaseDC
LoadBitmapA
LoadCursorA
PostMessageA
SetLayeredWindowAttributes
IsWindowVisible
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
PostQuitMessage
IsZoomed
RedrawWindow
MessageBeep
OffsetRect
SystemParametersInfoA
WinHelpA
SetWindowPos
MapDialogRect
SetWindowContextHelpId
GetWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongA
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetIconInfo

gdi32

CreateRectRgnIndirect
OffsetRgn
GetRgnBox
CreateDIBitmap
CreateFontIndirectA
CreateCompatibleBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
GetTextExtentPoint32A
SetDIBColorTable
PatBlt
GetDIBits
RealizePalette
CombineRgn
SetPixel
CreateDIBSection
SetRectRgn
GetMapMode
DPtoLP
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
Polygon
Rectangle
RoundRect
CreatePalette
GetPaletteEntries
GetTextColor
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
GetTextFaceA
SetPixelV
SetViewportOrgEx
Escape
ExtTextOutA
GetDCOrgEx
GetBkColor
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
GetWindowOrgEx
CreateCompatibleDC
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CopyMetaFileA
GetDeviceCaps
GetObjectA
CreateFontA
SelectObject
StretchBlt
OffsetViewportOrgEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegCloseKey
RegQueryValueA

shell32

DragQueryFileA
SHAppBarMessage
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderPathA
DragFinish

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
UrlUnescapeA
PathFileExistsA

oledlg

ord8

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
IsAccelerator
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleLockRunning
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleGetClipboard
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoCreateInstance

oleaut32

VariantClear
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantCopy
SystemTimeToVariantTime
SysAllocString
VariantTimeToSystemTime

urlmon

URLOpenStreamA
URLDownloadToFileA

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCloneImage
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromStream

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
DeleteUrlCacheEntry

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

706b73b40d41dd77b48f69ae0f97c11b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5d:61:30:64:72:5d:29:95:33:4f:25:a0:f8:82:11:d1Certificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

shlwapi

wininet

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

urlmon

atl

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 4KB

c226788d6f17c60c3aa2aa087274bcad

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5d:61:30:64:72:5d:29:95:33:4f:25:a0:f8:82:11:d1Certificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

urlmon

Sections

.text Size: 166KB - Virtual size: 166KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 13KB - Virtual size: 13KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5d:61:30:64:72:5d:29:95:33:4f:25:a0:f8:82:11:d1
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5d:61:30:64:72:5d:29:95:33:4f:25:a0:f8:82:11:d1
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 166KB - Virtual size: 166KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 13KB - Virtual size: 13KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5d:61:30:64:72:5d:29:95:33:4f:25:a0:f8:82:11:d1
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 24KB - Virtual size: 36KB

.rsrc
Size: 140KB - Virtual size: 136KB

.reloc
Size: 24KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5d:61:30:64:72:5d:29:95:33:4f:25:a0:f8:82:11:d1
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 24KB - Virtual size: 21KB