1d95d54990b8a2f6b7a01fbedcd7f4a1f0effae787cee2f48668f542ba5fd53a

Sharing

Copy URL Twitter E-mail

General

Target

1d95d54990b8a2f6b7a01fbedcd7f4a1f0effae787cee2f48668f542ba5fd53a
Size

307KB
MD5

a8443b9d51682df8a0dad07f187ae920
SHA1

934c44231183baa35e5ee85b93531759b8571b13
SHA256

1d95d54990b8a2f6b7a01fbedcd7f4a1f0effae787cee2f48668f542ba5fd53a
SHA512

7a9623cd5c673d0ba2a595a720159e83d7a3066c12b1f12e6055b89392fbac654bde356f57a932ada96ec958ad7694d5cdd8b420ea110c4ece0fa5ce45ae8f12
SSDEEP

6144:UWKa2KIZYECaZ1c/KKPXrMyT2G5DYqmSYJDVFXRK6+8lMv8G:UVhKlBvoyT4JVFXD+0JG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d95d54990b8a2f6b7a01fbedcd7f4a1f0effae787cee2f48668f542ba5fd53a

Files

1d95d54990b8a2f6b7a01fbedcd7f4a1f0effae787cee2f48668f542ba5fd53a
.dll windows:6 windows x86 arch:x86

db806f0c3c83e787f93cc8a2412eebdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\node-exclude\PT\branches\General\3.7.1\MD\TempOut\ParamHomePage\Release\ParamHomePage.pdb

Imports

mfc140u

ord6129
ord2378
ord995
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord11982
ord11983
ord2034
ord4090
ord9398
ord12541
ord12542
ord1045
ord3265
ord3372
ord3371
ord4974
ord5019
ord4942
ord4954
ord4960
ord4966
ord4936
ord12258
ord12262
ord3009
ord296
ord285
ord280
ord9501
ord1523
ord1525
ord1689
ord1692
ord5921
ord4664
ord12884
ord12921
ord8360
ord4815
ord14137
ord3257
ord3145
ord2304
ord8821
ord290
ord2990
ord2439
ord5029
ord2350
ord6942
ord3179
ord10349
ord11734
ord10853
ord9004
ord11605
ord11677
ord11167
ord9483
ord10854
ord3296
ord486
ord9500
ord9262
ord11164
ord10312
ord10249
ord11733
ord11244
ord10276
ord9488
ord10040
ord11881
ord10404
ord11524
ord10324
ord10316
ord11482
ord12104
ord12179
ord3304
ord5698
ord5528
ord6575
ord533
ord6219
ord13754
ord8912
ord8920
ord10504
ord11278
ord11275
ord7787
ord11117
ord2680
ord9226
ord6876
ord10048
ord10047
ord11146
ord9011
ord11122
ord11746
ord9526
ord9991
ord9986
ord9514
ord9524
ord9509
ord8304
ord9468
ord5024
ord5025
ord5026
ord5027
ord5419
ord9126
ord6490
ord8124
ord4236
ord6834
ord7654
ord6220
ord13756
ord2761
ord1476
ord3833
ord7508
ord9256
ord8345
ord14131
ord1002
ord6973
ord6865
ord8365
ord8811
ord13293
ord13086
ord6559
ord358
ord6489
ord898
ord6795
ord3882
ord2522
ord6566
ord6218
ord13752
ord2760
ord9210
ord11396
ord3403
ord3404
ord3305
ord3302
ord10255
ord8210
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord14588
ord8965
ord6978
ord11002
ord3266
ord13878
ord1722
ord1744
ord1770
ord1756
ord1777
ord5003
ord4948
ord5013
ord4997
ord4912
ord4927
ord4988
ord4502
ord5790
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord8817
ord13703
ord5935
ord2682
ord12124
ord3941
ord12168
ord4886
ord8470
ord7653
ord1472
ord8386
ord12247
ord10433
ord12928
ord12865
ord4589
ord7997
ord8324
ord5357
ord2486
ord14589
ord7922
ord14595
ord4152
ord12947
ord7941
ord14466
ord12531
ord8000
ord6860
ord3852
ord5918
ord12239
ord8217
ord12251
ord12219
ord5249
ord5549
ord5760
ord9350
ord5525
ord5763
ord5252
ord5411
ord9135
ord7441
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10250
ord9209
ord4856
ord3236
ord2246
ord14657
ord12405
ord14604
ord12348
ord6751
ord8826
ord2383
ord4053
ord2551
ord8825
ord9529
ord1168
ord9692
ord11657
ord10282
ord11603
ord10738
ord11678
ord11894
ord11180
ord12220
ord1513
ord10984
ord286
ord3849
ord1514
ord325
ord1053
ord2365
ord324
ord1052
ord2408
ord2411
ord2376
ord2410
ord485
ord2268
ord2374
ord2184
ord2300
ord2399
ord1511

kernel32

GetModuleHandleA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetModuleHandleW
GetProcAddress
LoadLibraryW
LocalAlloc
LocalFree
CloseHandle
HeapDestroy
GetLastError
RaiseException
DecodePointer
OutputDebugStringW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetPrivateProfileStringW

user32

LoadIconW
GetClientRect
PostMessageW
UnregisterClassW
DestroyIcon
InflateRect
GetParent
SendMessageW
EnableWindow
FillRect

gdi32

GetDeviceCaps
GetTextExtentPoint32W
DeleteDC
CreateFontW

msimg32

GradientFill

shlwapi

PathFileExistsW

oleaut32

SysFreeString

inoskinuiu

??0CInoSkinPDialog@@QAE@IPAVCWnd@@@Z
?EnableVisualManagerStyle@CInoSkinPDialog@@QAEXHHPBV?$CList@II@@@Z
?PreTranslateMessage@CInoSkinPDialog@@UAEHPAUtagMSG@@@Z
?OnDestroy@CInoSkinPDialog@@IAEXXZ
?OnInitDialog@CInoSkinPDialog@@MAEHXZ
?OnSize@CInoSkinPDialog@@IAEXIHH@Z
?OnCreate@CInoSkinPDialog@@IAEHPAUtagCREATESTRUCTW@@@Z
?GetThisMessageMap@CInoSkinPDialog@@KGPBUAFX_MSGMAP@@XZ
??1CInoSkinPDialog@@UAE@XZ
?GetWorkspace@@YAPAVCInoSkinPWorkspace@@XZ
?SetBackgroundColor@CInoSkinPHotSpotImageCtrl@@QAEXK@Z
?AddHotSpot@CInoSkinPHotSpotImageCtrl@@QAEHIVCRect@@PBG1@Z
?SetHighlightHotArea@CInoSkinPHotSpotImageCtrl@@QAEXHH@Z
?AdjustControlsLayout@CInoSkinPDialog@@UAEXXZ
?Create@CInoSkinPDialog@@UAEHIPAVCWnd@@@Z
?m_bDontSkin@CInoSkinPButton@@2HA
?globalData@@3UInoSkinPGLOBAL_DATA@@A
?get_accState@CInoSkinPButton@@MAEJUtagVARIANT@@PAU2@@Z
?get_accRole@CInoSkinPButton@@MAEJUtagVARIANT@@PAU2@@Z
?SizeToContent@CInoSkinPButton@@UAE?AVCSize@@H@Z
?SetItemText@CInoSkinPEditListBox@@MAEXHABV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@@Z
?SetItemData@CInoSkinPEditListBox@@UAEXHK@Z
?SelectItem@CInoSkinPEditListBox@@UAEHH@Z
?SelectFont@CInoSkinPButton@@MAEPAVCFont@@PAVCDC@@@Z
?RemoveItem@CInoSkinPEditListBox@@UAEHH@Z
?PreTranslateMessage@CInoSkinPHotSpotImageCtrl@@UAEHPAUtagMSG@@@Z
?PreTranslateMessage@CInoSkinPEditListBox@@UAEHPAUtagMSG@@@Z
?PreTranslateMessage@CInoSkinPButton@@UAEHPAUtagMSG@@@Z
?PreSubclassWindow@CInoSkinPHotSpotImageCtrl@@MAEXXZ
?PreSubclassWindow@CInoSkinPEditListBase@@MAEXXZ
?PreSubclassWindow@CInoSkinPButton@@MAEXXZ
?PreCreateWindow@CInoSkinPButton@@MAEHAAUtagCREATESTRUCTW@@@Z
?OnUpdateFont@CInoSkinPButton@@MAEXXZ
?OnSizeList@CInoSkinPEditListBox@@MAEXXZ
?OnScrollBy@CInoSkinPHotSpotImageCtrl@@MAEHVCSize@@H@Z
?OnScroll@CInoSkinPHotSpotImageCtrl@@MAEHIIH@Z
?OnPrepareDC@CInoSkinPHotSpotImageCtrl@@MAEXPAVCDC@@@Z
?OnKey@CInoSkinPEditListBase@@UAEXGE@Z
?OnGetImage@CInoSkinPEditListBase@@UAEHPAUtagLVITEMW@@@Z
?OnFillBackground@CInoSkinPButton@@MAEXPAVCDC@@ABVCRect@@@Z
?OnEndEditLabel@CInoSkinPEditListBase@@UAEXPBG@Z
?OnDrawText@CInoSkinPButton@@MAEXPAVCDC@@ABVCRect@@ABV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@II@Z
?OnDrawParentBackground@CInoSkinPButton@@UAEXPAVCDC@@VCRect@@@Z
?OnDrawHotSpot@CInoSkinPHotSpotImageCtrl@@MAEXPAVCDC@@VCRect@@PAVCInoSkinPHotSpot@@@Z
?OnDrawFocusRect@CInoSkinPButton@@MAEXPAVCDC@@ABVCRect@@@Z
?OnDrawBorder@CInoSkinPButton@@MAEXPAVCDC@@AAVCRect@@I@Z
?OnCreateList@CInoSkinPEditListBox@@MAEPAVCWnd@@XZ
?OnCommand@CInoSkinPEditListBase@@MAEHIJ@Z
?OnClickButton@CInoSkinPEditListBase@@UAEXH@Z
?OnBrowse@CInoSkinPEditListBase@@UAEXXZ
?OnAfterRenameItem@CInoSkinPEditListBase@@UAEXH@Z
?OnAfterMoveItemUp@CInoSkinPEditListBase@@UAEXH@Z
?OnAfterMoveItemDown@CInoSkinPEditListBase@@UAEXH@Z
?OnAfterAddItem@CInoSkinPEditListBase@@UAEXH@Z
?HitTest@CInoSkinPHotSpotImageCtrl@@MAEPAVCInoSkinPHotSpot@@VCPoint@@@Z
?HasHotImage@CInoSkinPHotSpotImageCtrl@@MBEHXZ
?GetVertMargin@CInoSkinPButton@@MBEHXZ
?GetSelItem@CInoSkinPEditListBox@@UBEHXZ
?GetScrollBarCtrl@CInoSkinPHotSpotImageCtrl@@UBEPAVCScrollBar@@H@Z
?GetRuntimeClass@CInoSkinPButton@@UBEPAUCRuntimeClass@@XZ
?GetMessageMap@CInoSkinPEditListBox@@MBEPBUAFX_MSGMAP@@XZ
?GetListHwnd@CInoSkinPEditListBox@@MBEPAUHWND__@@XZ
?GetItemText@CInoSkinPEditListBox@@UBE?AV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@H@Z
?GetItemData@CInoSkinPEditListBox@@UBEKH@Z
?GetImageHorzMargin@CInoSkinPButton@@MBEHXZ
?GetCount@CInoSkinPEditListBox@@UBEHXZ
?FindHotSpot@CInoSkinPHotSpotImageCtrl@@MBEPAVCInoSkinPHotSpot@@I@Z
?DrawItem@CInoSkinPButton@@UAEXPAUtagDRAWITEMSTRUCT@@@Z
?DoPaint@CInoSkinPEditListBase@@MAEXPAVCDC@@@Z
?CreateNewItem@CInoSkinPEditListBase@@MAEXXZ
?Create@CInoSkinPHotSpotImageCtrl@@UAEHABUtagRECT@@PAVCWnd@@I@Z
?CleanUp@CInoSkinPHotSpotImageCtrl@@MAEXXZ
?CleanUp@CInoSkinPButton@@UAEXXZ
?AddItem@CInoSkinPEditListBox@@UAEHABV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@KH@Z
?GetThisMessageMap@CInoSkinPHotSpotImageCtrl@@KGPBUAFX_MSGMAP@@XZ
?OnCreate@CInoSkinPHotSpotImageCtrl@@IAEHPAUtagCREATESTRUCTW@@@Z
?OnSize@CInoSkinPHotSpotImageCtrl@@IAEXIHH@Z
??1CInoSkinPHotSpotImageCtrl@@UAE@XZ
?OnDrawImage@CInoSkinPHotSpotImageCtrl@@MAEXPAVCDC@@VCRect@@@Z
?PreCreateWindow@CInoSkinPHotSpotImageCtrl@@MAEHAAUtagCREATESTRUCTW@@@Z
?DrawItem@CInoSkinPHotSpotImageCtrl@@UAEXPAUtagDRAWITEMSTRUCT@@@Z
??0CInoSkinPHotSpotImageCtrl@@QAE@H@Z
?FillGradient@CInoSkinPDrawManager@@QAEXVCRect@@KKHHH@Z
?HighlightRect@CInoSkinPDrawManager@@QAEHVCRect@@HKHK@Z
??1CInoSkinPDrawManager@@UAE@XZ
??0CInoSkinPDrawManager@@QAE@AAVCDC@@@Z
??1CInoSkinPEditListBox@@UAE@XZ
??0CInoSkinPEditListBox@@QAE@XZ
?SetStandardButtons@CInoSkinPEditListBase@@QAEHI@Z
?GetThisMessageMap@CInoSkinPButton@@KGPBUAFX_MSGMAP@@XZ
?OnLButtonUp@CInoSkinPButton@@IAEXIVCPoint@@@Z
?OnDraw@CInoSkinPButton@@MAEXPAVCDC@@ABVCRect@@I@Z
??1CInoSkinPButton@@UAE@XZ
?EnableWinXPTheme@CInoSkinPButton@@SAXH@Z
??0CInoSkinPButton@@QAE@XZ
?Create@CInoSkinPDialog@@UAEHPBGPAVCWnd@@@Z
?GetInstance@CInoSkinPVisualManager@@SAPAV1@XZ
?DrawRadioButton@CInoSkinPWinXPThemeManager@@UAEHPAVCDC@@VCRect@@HHHH@Z
?DrawCheckBox@CInoSkinPWinXPThemeManager@@UAEHPAVCDC@@VCRect@@HHHH@Z
??1CInoSkinPMemDC@@UAE@XZ
??0CInoSkinPMemDC@@QAE@AAVCDC@@PAVCWnd@@EN@Z
?SetActiveMenu@CInoSkinPDialog@@MAEXPAVCInoSkinPPopupMenu@@@Z
?PreInitDialog@CInoSkinPDialog@@MAEXXZ
?OnSetPlacement@CInoSkinPDialog@@UAEHAAUtagWINDOWPLACEMENT@@@Z
?OnRTLChanged@CInoSkinPDialog@@UAEXH@Z
?OnOK@CInoSkinPDialog@@UAEXXZ
?OnDrawRibbonBackgroundImage@CInoSkinPDialog@@UAEXPAVCDC@@VCRect@@@Z
?OnDrawBackstageWatermark@CInoSkinPDialog@@UAEXPAVCDC@@VCRect@@@Z
?OnCommand@CInoSkinPDialog@@MAEHIJ@Z
?OnCancel@CInoSkinPDialog@@UAEXXZ
?OnBeforeExpand@CInoSkinPDialog@@UAEXXZ
?OnAfterExpand@CInoSkinPDialog@@UAEXXZ
?GetRuntimeClass@CInoSkinPDialog@@UBEPAUCRuntimeClass@@XZ
?GetRibbonStartPageLeftPaneWidth@CInoSkinPDialog@@UAEHXZ
?DoModal@CInoSkinPDialog@@UAEHXZ
?DrawParentBackground@InoSkinPGLOBAL_DATA@@QAEHPAVCWnd@@PAVCDC@@PAUtagRECT@@@Z

gdiplus

GdiplusShutdown

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memmove
__std_terminate
_purecall
memset
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo
_initterm_e
_initterm
terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

_recalloc
free

Exports

Exports

CreateInterFace
SafeRelease
SetQueryInterfaceCallback
SupportedInterface

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db806f0c3c83e787f93cc8a2412eebdc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

gdi32

msimg32

shlwapi

oleaut32

inoskinuiu

gdiplus

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 201KB - Virtual size: 200KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 201KB - Virtual size: 200KB

.reloc
Size: 9KB - Virtual size: 8KB