FabFilter_pro[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

FabFilter_pro.rar
Size

1.5MB
MD5

0d1f5e24b268fb9d65597373753bb6c3
SHA1

a691783dfd6bda6e12d9977ddf52e354e09b6829
SHA256

3ad30d66eea3a2fd587f572681f5045bbf482f4cae086513d09551a5ab8b91e9
SHA512

c705aeec522388c1e4d75ba4063ca8bceec35a72de355bab7f5b030ec497c3f9c027783c0a2e188b9f3b535de25e3bc057e231c7cd07d8b8b2303bc026c92cba
SSDEEP

24576:ygKJXW2036XlXP19iXG89odlOoYuJbdMrpEj6CMDWMsmHYNK4928FrLbEe5g8O53:ym8Z1cXG8adlOohFyrujVhN92crjcNQm

Score

1^/10

Malware Config

Signatures

Files

FabFilter_pro.rar
.rar

Password: YUKI
FabFilter pro/Cracker.dll
FabFilter pro/Data/Debug/Addition.dll
FabFilter pro/Data/Debug/Autoupdater.ini
FabFilter pro/Data/Debug/DebugPPF.tmp
FabFilter pro/Data/Debug/DebugPPT.tmp
FabFilter pro/Data/Debug/Management.log
FabFilter pro/Data/Debug/main.ini
FabFilter pro/Data/Language.pimx
FabFilter pro/Data/Main.ini
FabFilter pro/Data/Packaged/Main.ini
.xml
FabFilter pro/Data/Packaged/Resource.dll
FabFilter pro/Data/Packaged/Utils.dll
.xml
FabFilter pro/Debug/AAM/IPC/IPC.pima
.zip

Password: YUKI
AdobeIPCBroker.exe
.exe windows:6 windows x86 arch:x86

Password: YUKI

b78757e60c78fbd8d0549e7a1e0d29a1

Code Sign

0a:28:51:e5:f0:ff:db:46:e2:c9:cb:66:10:e6:51:2f
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/10/2018, 00:00

Not After

03/11/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Adobe Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ac:7d:c4:d6:78:b5:cd:0d:da:54:a6:bd:90:ba:4d:9e:d0:98:05:62:5d:95:08:08:69:0a:ff:f1:ac:cd:d5:43
Signer

Actual PE Digest

ac:7d:c4:d6:78:b5:cd:0d:da:54:a6:bd:90:ba:4d:9e:d0:98:05:62:5d:95:08:08:69:0a:ff:f1:ac:cd:d5:43

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AdobeIPCBroker.pdb

Imports

ws2_32

htonl
getsockopt
ioctlsocket
connect
closesocket
listen
getsockname
bind
WSAGetLastError
WSASetLastError
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
socket
send
select
recv
ntohs
inet_ntoa
inet_addr
htons
__WSAFDIsSet

kernel32

GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
GetLastError
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
FindFirstFileW
FindNextFileW
InitializeCriticalSectionEx
FindClose
RaiseException
DecodePointer
ReleaseMutex
CreateMutexA
Sleep
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
CreateMutexW
FreeLibrary
CreateProcessW
GetProcAddress
CloseHandle
LoadLibraryA
MultiByteToWideChar
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
InitializeCriticalSection
GetThreadPriority
HeapSize
HeapFree
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GetOEMCP
IsValidCodePage
FindNextFileA
SwitchToThread
FreeEnvironmentStringsW
GetCommandLineW
GetEnvironmentVariableW
GetCurrentProcessId
ReadFile
WriteFile
ConnectNamedPipe
GetOverlappedResult
OpenProcess
QueryFullProcessImageNameW
GetNamedPipeServerProcessId
GetLocalTime
GetCurrentThread
GetTickCount
GetEnvironmentStringsW
SetStdHandle
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
FlushFileBuffers
GetFileAttributesExW
GetFileSizeEx
GetFullPathNameW
LockFileEx
SetEndOfFile
SetFilePointerEx
UnlockFile
GetTempPathW
DuplicateHandle
PeekNamedPipe
CreateNamedPipeW
SetEvent
ResetEvent
CreateEventW
GetCurrentProcess
SetThreadPriority
HeapReAlloc
VirtualAlloc
VirtualFree
GetModuleHandleExW
LoadLibraryExW
WaitForMultipleObjects
GetNamedPipeInfo
LocalAlloc
LocalReAlloc
LocalFree
FormatMessageW
LCMapStringW
SetFilePointer
RtlCaptureStackBackTrace
TerminateProcess
GlobalAlloc
GlobalFree
GetSystemTimeAsFileTime
WaitForSingleObjectEx
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
QueryPerformanceCounter
IsDebuggerPresent
GetStartupInfoW
WideCharToMultiByte
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CompareStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
OutputDebugStringW
RtlUnwind
InterlockedPushEntrySList
GetDriveTypeW
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
ExitProcess
GetCommandLineA
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFullPathNameA
HeapAlloc
FindFirstFileExA

user32

SetWindowLongW
RegisterClassW
CreateWindowExW
SetTimer
KillTimer
TranslateMessage
DispatchMessageW
PostMessageW
PostQuitMessage
DestroyWindow
MsgWaitForMultipleObjectsEx
GetWindowLongW
GetShellWindow
EnumWindows
GetWindowThreadProcessId
DefWindowProcW
PeekMessageW

advapi32

GetUserNameW
RegCloseKey
CreateProcessWithTokenW
LookupPrivilegeValueW
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleRun
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

shell32

ShellExecuteExW
SHCreateDirectoryExW
CommandLineToArgvW

Sections

.text
Size: 748KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
customhook/AdobeIPCBrokerCustomHook.exe
.exe windows:6 windows x86 arch:x86

Password: YUKI

85aa1a3ec9a324deb93be1db280c6b57

Code Sign

0a:28:51:e5:f0:ff:db:46:e2:c9:cb:66:10:e6:51:2f
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/10/2018, 00:00

Not After

03/11/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Adobe Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:89:c1:a8:6a:c2:59:11:0f:f3:d0:dd:de:2c:9f:61:14:dd:37:fb:38:82:82:1c:83:5d:79:6e:28:bc:74:54
Signer

Actual PE Digest

45:89:c1:a8:6a:c2:59:11:0f:f3:d0:dd:de:2c:9f:61:14:dd:37:fb:38:82:82:1c:83:5d:79:6e:28:bc:74:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AdobeIPCBrokerCustomHook.pdb

Imports

shlwapi

PathAppendW

kernel32

RaiseException
HeapSize
TerminateProcess
GetTempPathW
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
CreateFileW
ReadConsoleW
WriteConsoleW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
SetEndOfFile
GetLastError
FreeLibrary
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
SetFilePointerEx
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle

user32

FindWindowExW
PostMessageW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FabFilter pro/Debug/AAM/IPC/IPC.pimx
FabFilter pro/Debug/AAM/IPC/IPC.sig
.xml
FabFilter pro/Debug/resources/AdobePIM.dll
.dll windows:5 windows x86 arch:x86

Password: YUKI

dd6ba004004c70f4eb3bbd4c9ec97b28

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:9e:86:75:de:ec:b8:47:4c:ba:a5:7d:83:53:a2:3b:25:dc:dd:a5:31:88:42:96:16:ee:64:6e:89:81:6a:d4
Signer

Actual PE Digest

54:9e:86:75:de:ec:b8:47:4c:ba:a5:7d:83:53:a2:3b:25:dc:dd:a5:31:88:42:96:16:ee:64:6e:89:81:6a:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AdobePIM.pdb

Imports

msi

ord147
ord74
ord145

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcessModules

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

shlwapi

PathIsFileSpecW
PathAddExtensionW
PathRemoveFileSpecA
PathIsDirectoryA
PathIsDirectoryEmptyW
PathIsSystemFolderW
PathIsRootW
PathRenameExtensionW
PathIsDirectoryW
PathAppendW
PathRemoveBackslashW
PathStripPathW
PathAppendA
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsA
PathRemoveExtensionW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderLocation
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHGetPathFromIDListW
SHGetFolderPathW
ord680
CommandLineToArgvW
ord51
SHCreateItemFromParsingName

winhttp

WinHttpOpen
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetCredentials
WinHttpSendRequest
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption

kernel32

TlsFree
TlsSetValue
TlsGetValue
CompareStringW
SwitchToThread
InitializeCriticalSectionAndSpinCount
GetStringTypeW
EncodePointer
TlsAlloc
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
ExitProcess
GetStdHandle
GetFileType
IsValidLocale
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
ReleaseSemaphore
CreateMutexW
WaitForSingleObject
LocalAlloc
ReleaseMutex
Sleep
OpenSemaphoreW
CloseHandle
LocalFree
GetCurrentProcessId
CreateSemaphoreW
CreateDirectoryW
GetTempPathW
MultiByteToWideChar
SetEvent
ResetEvent
GetCommandLineW
CreateProcessW
GetLocalTime
GetTimeFormatW
GetDateFormatW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
FindFirstFileW
FindNextFileW
TerminateProcess
RemoveDirectoryW
FindClose
SetEnvironmentVariableW
SetFileAttributesW
CreateEventW
GetDiskFreeSpaceExW
CreateThread
CopyFileW
lstrcmpiW
lstrcmpW
GetExitCodeProcess
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LockFileEx
GetFileSize
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetCurrentProcess
GetFileSizeEx
lstrlenW
GetACP
SizeofResource
GetModuleFileNameW
LockResource
LoadResource
FindResourceW
MoveFileExW
GlobalAlloc
GlobalFree
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
SetLastError
DuplicateHandle
ProcessIdToSessionId
TerminateThread
FindResourceExW
lstrcpyW
QueryFullProcessImageNameW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
FileTimeToSystemTime
OpenMutexW
GetUserDefaultLCID
LCMapStringW
GetUserDefaultLangID
GetUserDefaultUILanguage
SetFilePointerEx
ResumeThread
SetStdHandle
WriteConsoleW
QueryPerformanceFrequency
GetVersionExW
CreateFileMappingW

user32

wsprintfW
EnumWindows
GetWindowThreadProcessId
GetShellWindow

advapi32

InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
RegQueryValueExW
FreeSid
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
LookupAccountSidW
CreateWellKnownSid
EqualSid
GetTokenInformation
DuplicateTokenEx
GetUserNameW
ConvertSidToStringSidW
ImpersonateLoggedOnUser
ConvertStringSidToSidW
RevertToSelf
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoInitialize
CoCreateGuid
StringFromGUID2
CLSIDFromProgID
OleRun
CLSIDFromString

oleaut32

SysStringLen
VariantChangeType
VariantInit
SysFreeString
SysAllocString
VariantClear
VariantCopy
GetErrorInfo

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Exports

Exports

AAMIU_Uninstall
AAMIU_getDeploymentValidationStatus
AAMIU_preInstallPropertySet
pim_createLibraryRef
pim_freeLibraryRef
pim_freeLiraryRef
pim_freeString
pim_getAppletAndPackageInfo
pim_getAppletRegistrationInfo
pim_getAppletRelationshipInfo
pim_getCurrentCCVersion
pim_getCurrentPackagesVersion
pim_getInstallStatus
pim_getInstalledPackagesInfo
pim_launchACCCUninstallerExecutableAsAdmin
pim_selfUpdateCheck
pim_selfUpdateCheckWithData
pim_startWorkflow
pim_startWorkflowWithData
pim_syncFromPathToACF
pim_syncFromPathToPath
pim_syncUSFToACF
pim_uninstallAAMFromAAMCleanerTool
pim_uninstallAAMUsingAAMCleanerTool
pim_uninstallACCC64FromACCCCleanerTool
pim_uninstallACCCFromACCCCleanerTool
pim_uninstallADC64UsingADCCleanerTool
pim_uninstallADCUsingADCCleanerTool

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FabFilter pro/Debug/resources/Config.xml
.xml
FabFilter pro/Helper.dll
FabFilter pro/Installer.exe.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

Password: YUKI

Password: YUKI

Password: YUKI

b78757e60c78fbd8d0549e7a1e0d29a1

Code Sign

0a:28:51:e5:f0:ff:db:46:e2:c9:cb:66:10:e6:51:2fCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

ac:7d:c4:d6:78:b5:cd:0d:da:54:a6:bd:90:ba:4d:9e:d0:98:05:62:5d:95:08:08:69:0a:ff:f1:ac:cd:d5:43Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

shell32

Sections

.text Size: 748KB - Virtual size: 747KB

.rdata Size: 197KB - Virtual size: 196KB

.data Size: 17KB - Virtual size: 33KB

.gfids Size: 1024B - Virtual size: 596B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 44KB - Virtual size: 44KB

Password: YUKI

85aa1a3ec9a324deb93be1db280c6b57

Code Sign

0a:28:51:e5:f0:ff:db:46:e2:c9:cb:66:10:e6:51:2fCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

45:89:c1:a8:6a:c2:59:11:0f:f3:d0:dd:de:2c:9f:61:14:dd:37:fb:38:82:82:1c:83:5d:79:6e:28:bc:74:54Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 4KB - Virtual size: 7KB

.gfids Size: 512B - Virtual size: 512B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

Password: YUKI

dd6ba004004c70f4eb3bbd4c9ec97b28

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29Certificate

Extended Key Usages

0a:28:51:e5:f0:ff:db:46:e2:c9:cb:66:10:e6:51:2f
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

ac:7d:c4:d6:78:b5:cd:0d:da:54:a6:bd:90:ba:4d:9e:d0:98:05:62:5d:95:08:08:69:0a:ff:f1:ac:cd:d5:43
Signer

.text
Size: 748KB - Virtual size: 747KB

.rdata
Size: 197KB - Virtual size: 196KB

.data
Size: 17KB - Virtual size: 33KB

.gfids
Size: 1024B - Virtual size: 596B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 44KB - Virtual size: 44KB

0a:28:51:e5:f0:ff:db:46:e2:c9:cb:66:10:e6:51:2f
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

45:89:c1:a8:6a:c2:59:11:0f:f3:d0:dd:de:2c:9f:61:14:dd:37:fb:38:82:82:1c:83:5d:79:6e:28:bc:74:54
Signer

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 4KB - Virtual size: 7KB

.gfids
Size: 512B - Virtual size: 512B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

54:9e:86:75:de:ec:b8:47:4c:ba:a5:7d:83:53:a2:3b:25:dc:dd:a5:31:88:42:96:16:ee:64:6e:89:81:6a:d4
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 356KB - Virtual size: 356KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 66KB - Virtual size: 66KB