9c8e39d21afdf79241f6a99074b27730db5f3530b97a49069d4eb848766bf0a4

Sharing

Copy URL

Twitter E-mail

General

Target

9c8e39d21afdf79241f6a99074b27730db5f3530b97a49069d4eb848766bf0a4
Size

2.0MB
MD5

cbc1ed8ef1c95eb694874de5e9a511f4
SHA1

435c895b1d482e8f60b9b4b2e997daa7f6541789
SHA256

9c8e39d21afdf79241f6a99074b27730db5f3530b97a49069d4eb848766bf0a4
SHA512

8b38a04f9645681b7590ae80677b61fb8e3c7cbab0a0c25496cd84191f844c1b240f7918d3f28052af268f45b95b7a28046754936bb4a1f306924979bf88a9e8
SSDEEP

49152:sgDU5GmeHwQREtaiRSiCjoAwKCKFBPQZ+eTrr6guJ/X:sgY5ncFREtf9CjwKXs5TqH/X

Score

1^/10

Malware Config

Signatures

Files

9c8e39d21afdf79241f6a99074b27730db5f3530b97a49069d4eb848766bf0a4
.zip
EasyHiderData/Bin/boxstore.dll
.dll windows:5 windows x86 arch:x86

184e609d08d4f2d35a3bfc12ce28214d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:31:6d:09:49:d1:df:99:7a:96:44:f6:17:01:b0:21
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27-12-2022 00:00

Not After

27-12-2023 23:59

Subject

CN=天津拂云科技有限公司,O=天津拂云科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:cc:b9:8f:f7:49:be:20:7b:e5:30:c2:86:87:18:16:fd:8f:b5:1d:74:2e:7d:0a:4d:7a:04:31:ab:40:e3:ab
Signer

Actual PE Digest

5f:cc:b9:8f:f7:49:be:20:7b:e5:30:c2:86:87:18:16:fd:8f:b5:1d:74:2e:7d:0a:4d:7a:04:31:ab:40:e3:ab

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build\Easyhider\install_uninstall\Release_DLL\boxstore_dll.pdb

Imports

kernel32

WritePrivateProfileStringW
SetEvent
WaitForSingleObject
CreateEventW
GetDriveTypeW
GetTimeZoneInformation
SwitchToThread
GetFileInformationByHandle
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
SearchPathW
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
Sleep
InterlockedDecrement
InterlockedIncrement
DecodePointer
GetVersionExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
WideCharToMultiByte
GetStartupInfoW
CreateProcessW
GetModuleHandleW
LoadLibraryW
GetTickCount
GetCurrentProcess
OpenProcess
GetProcAddress
FreeLibrary
CreateFileW
ReadFile
GetFileSize
UnlockFile
WaitForSingleObjectEx
ReadConsoleW
SetEndOfFile
WriteConsoleW
LockFile
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetModuleFileNameW
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
GetWindowsDirectoryW
GetTempPathW
FindResourceExW
FindResourceW
lstrlenW
FindClose
SizeofResource
LoadResource
SetLastError
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
DeleteFileA
CreateFileA
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetFileType
GetStdHandle
GetACP
GetCurrentThread
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetPrivateProfileIntW
GlobalUnlock
GlobalLock
GetTempFileNameA
GetTempPathA
CloseHandle
GlobalFree
GlobalAlloc
FlushFileBuffers
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetShortPathNameW
GetPrivateProfileStringW
LocalAlloc
InterlockedCompareExchange
WriteFile
SetFilePointerEx
WaitForMultipleObjects
GetLongPathNameW
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetLogicalDriveStringsW
QueryDosDeviceW
CopyFileW
OutputDebugStringA
OutputDebugStringW
GetFileSizeEx
GetLocalTime
ResetEvent
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LocalFree
FormatMessageW
GetSystemDirectoryW
GetTempFileNameW
GetEnvironmentVariableW
GetDiskFreeSpaceExW
SetFilePointer
GetFileAttributesExW
InterlockedExchange

user32

GetMonitorInfoW
MonitorFromWindow
GetWindow
MapWindowPoints
SetForegroundWindow
IsIconic
DialogBoxParamW
PostQuitMessage
CharNextW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
EndDialog
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW
wsprintfW
RegisterWindowMessageW
SendMessageTimeoutW
SendNotifyMessageW
FindWindowW
CopyRect
EqualRect
UnionRect
PtInRect
SetCursor
DestroyCursor
DrawFocusRect
MoveWindow
FillRect
ScreenToClient
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DrawTextW
ReleaseCapture
SetCapture
GetAsyncKeyState
GetFocus
SetWindowPos
UpdateLayeredWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
OffsetRect
IsDialogMessageW
CallWindowProcW
DefWindowProcW
GetWindowThreadProcessId
SendMessageW
FindWindowExW
PostMessageW
KillTimer
SetTimer
GetMessageW
GetShellWindow
IsWindowVisible

gdi32

OffsetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
DeleteDC
DeleteObject
RestoreDC
RectVisible
SelectClipRgn
SelectObject
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
SetViewportOrgEx
CreateFontW
EnumFontFamiliesW
SaveDC
BitBlt
GetStockObject

advapi32

GetTokenInformation
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CryptContextAddRef
CryptReleaseContext
CryptAcquireContextW
GetTrusteeNameW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
LookupAccountNameW
CryptEncrypt
LookupAccountSidW
DeleteAce
EqualSid
RegQueryValueExW
GetUserNameW
CryptDecrypt

shell32

SHFileOperationW
ord165
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateDirectoryExW
ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
OleRun
CoCreateGuid
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VariantCopy
SysStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocString
GetErrorInfo
VariantChangeType
SetErrorInfo
VariantInit
CreateErrorInfo
VarUI4FromStr
SysAllocStringLen
SysFreeString

shlwapi

PathRenameExtensionA
PathFindFileNameA
wnsprintfW
PathFileExistsW
SHDeleteValueW
PathFindExtensionW
PathAppendW
PathFindFileNameW
StrCmpIW
StrStrIA
StrTrimA
StrCmpNIW
StrStrIW
ord12
PathIsPrefixW
AssocQueryStringW
SHGetValueW
PathIsDirectoryW
PathIsRelativeW
SHSetValueW
PathRemoveFileSpecW
PathCombineW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromFileICM
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawString
GdipFillRectangleI
GdipMeasureString
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRect
GdipDrawImagePointRectI
GdipCreatePen1
GdipDeletePen
GdipDrawRectangleI
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromFile

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

setupapi

SetupIterateCabinetW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

Exports

Exports

run

Sections

.text
Size: 951KB - Virtual size: 950KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyHiderData/Bin/easywrap.exe
.exe windows:5 windows x86 arch:x86

41583675b865552e56ae092ceb4f8ed4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:31:6d:09:49:d1:df:99:7a:96:44:f6:17:01:b0:21
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27-12-2022 00:00

Not After

27-12-2023 23:59

Subject

CN=天津拂云科技有限公司,O=天津拂云科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:76:e5:2e:7f:b2:ae:c2:7b:5a:1e:91:e9:7a:69:db:01:df:15:f4:81:c7:13:15:ab:34:e0:fc:54:68:f6:7e
Signer

Actual PE Digest

9b:76:e5:2e:7f:b2:ae:c2:7b:5a:1e:91:e9:7a:69:db:01:df:15:f4:81:c7:13:15:ab:34:e0:fc:54:68:f6:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\Easyhider\easywrap\Release\easywrap.pdb

Imports

kernel32

WideCharToMultiByte
FreeLibrary
LoadLibraryW
Process32FirstW
DeleteFileW
Process32NextW
MultiByteToWideChar
CreateToolhelp32Snapshot
ResumeThread
CreateFileW
GetTempPathW
WriteFile
GetTempFileNameW
lstrlenW
GetCommandLineW
QueryPerformanceCounter
GetModuleHandleW
CreateProcessW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
ResetEvent
FindResourceExW
GetThreadIOPendingFlag
RaiseException
CloseHandle
HeapReAlloc
QueryPerformanceFrequency
LockResource
GetCurrentThread
SetEvent
GetLastError
CreateEventW
CancelWaitableTimer
HeapSize
DuplicateHandle
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
CreateMutexW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
InterlockedCompareExchange
CreateWaitableTimerW
GetCurrentProcess
EnterCriticalSection
HeapFree
SetWaitableTimer
InterlockedExchange
SizeofResource
GetStartupInfoW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindClose
WriteConsoleW
ReadConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
FindNextFileW
LocalFree
InitializeSListHead
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
FlushFileBuffers
GetFileSizeEx
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetStringTypeW
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSection
MulDiv
FreeResource
ExitProcess
GetACP
GetCurrentProcessId
GetFileSize
ReadFile
lstrcmpW
lstrcpynW
IsBadReadPtr
GetVersion
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
Sleep
GetLocalTime
InterlockedIncrement
InterlockedDecrement
OutputDebugStringA
SetEndOfFile
SetFilePointer

user32

GetWindowThreadProcessId
PostQuitMessage
SetWindowPos
PostMessageW
IsWindow
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
GetForegroundWindow
SetFocus
TranslateMessage
FindWindowW
SetForegroundWindow
SendInput
AttachThreadInput
FindWindowExW
FillRect
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindowDC
RemovePropW
GetSysColor
SendMessageW
CreateWindowExW
IsChild
DestroyWindow
UpdateLayeredWindow
IsWindowVisible
IsZoomed
CharNextW
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetClassNameW
GetWindow
wsprintfW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
LoadCursorW
LoadImageW
SystemParametersInfoW
IsIconic
SetWindowRgn
MessageBoxW
MonitorFromWindow
GetMonitorInfoW
wvsprintfW
SetCursor
InflateRect
OffsetRect
CopyRect
CharPrevW
DrawTextW
SetRect
DestroyIcon
DrawIconEx
GetIconInfo
HideCaret
ShowCaret
ClientToScreen

advapi32

RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
RegEnumKeyExW

shell32

ShellExecuteW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleUninitialize
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
OleInitialize

oleaut32

SysAllocString
SafeArrayCreate
SafeArrayPutElement
VariantInit
VariantClear

shlwapi

PathAppendW
PathFileExistsW
StrToInt64ExW
StrStrIW
PathRemoveFileSpecW
PathCombineW
StrCmpNIW
PathRenameExtensionW
PathFindFileNameW

wininet

InternetGetCookieExW
InternetCrackUrlW

winhttp

WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSetTimeouts
WinHttpSetCredentials
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpOpen

gdiplus

GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipDeleteBrush
GdipFree
GdipAlloc
GdiplusStartup
GdipCloneBrush
GdipCreateSolidFill
GdipCreatePath
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillEllipseI
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipDrawImageRectRectI
GdipImageGetFrameCount
GdipClosePathFigure
GdipCreateTexture
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipDrawEllipseI
ord1
GdipGetImageEncoders
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipGraphicsClear
GdipFillPath
GdipDrawImagePointsI
GdipGetImageEncodersSize

gdi32

GetClipBox
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetCharABCWidthsW
SetDIBColorTable
TextOutW
ExtTextOutW
CreateDCW
GetDIBits
CreateRectRgnIndirect
CombineRgn
GetDeviceCaps
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
SetDIBitsToDevice
CreateSolidBrush
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
GetTextExtentPoint32W
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
CreateDIBSection
BitBlt

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

msimg32

AlphaBlend
GradientFill

Sections

.text
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyHiderData/Bin/shellmenu.dll
.dll regsvr32 windows:5 windows x86 arch:x86

2b1b065a9b8894ff44abcf13e4c2b51d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:31:6d:09:49:d1:df:99:7a:96:44:f6:17:01:b0:21
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27-12-2022 00:00

Not After

27-12-2023 23:59

Subject

CN=天津拂云科技有限公司,O=天津拂云科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:95:7b:96:d4:29:bb:e8:7c:bc:1d:a9:6c:76:50:0e:30:9b:aa:76:d8:f2:0f:cf:e2:25:cb:1e:0b:e6:4d:41
Signer

Actual PE Digest

5c:95:7b:96:d4:29:bb:e8:7c:bc:1d:a9:6c:76:50:0e:30:9b:aa:76:d8:f2:0f:cf:e2:25:cb:1e:0b:e6:4d:41

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build\Easyhider\shellmenu\shellmenu\Release\shellmenu.pdb

Imports

kernel32

CancelWaitableTimer
LoadLibraryW
CreateFileW
GetFileAttributesW
ReadDirectoryChangesW
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
FindClose
lstrlenW
GetFullPathNameW
FindFirstFileW
FindNextFileW
lstrlenA
MultiByteToWideChar
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
OutputDebugStringW
IsDebuggerPresent
EncodePointer
GetThreadLocale
SetThreadLocale
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
GetLocalTime
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetWindowsDirectoryW
GetCurrentThreadId
GetVersionExW
GetFileSizeEx
ReadFile
CreateProcessW
GetStartupInfoW
SetWaitableTimer
CreateWaitableTimerW
CreateEventW
DuplicateHandle
CloseHandle
WaitForSingleObject
ResetEvent
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
WriteFile
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetEvent
GetACP
ExitProcess
WriteConsoleW
GetModuleFileNameA
GetFileType
GetStdHandle
GetModuleHandleExW
ExitThread
RtlUnwind
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ResumeThread
GetQueuedCompletionStatus
CreateIoCompletionPort
GetThreadIOPendingFlag
GetCurrentThread
GetCurrentProcess
GetProcAddress
FreeLibrary
InterlockedCompareExchange
InterlockedExchange
GetDriveTypeW
FindResourceExW
FindResourceW
GetLogicalDriveStringsW
SizeofResource
LoadResource
LockResource
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
Sleep
WaitForSingleObjectEx
GetCurrentProcessId
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SuspendThread
SetThreadContext
GetThreadContext
VirtualQuery
VirtualProtect
DeleteFileW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetCPInfo
TryEnterCriticalSection
InterlockedDecrement
InterlockedIncrement
GetStringTypeW
WideCharToMultiByte
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
DecodePointer

user32

DrawFocusRect
SetCursor
PtInRect
UnionRect
EqualRect
OffsetRect
PostQuitMessage
PeekMessageW
DispatchMessageW
UnregisterClassW
TranslateMessage
MsgWaitForMultipleObjectsEx
CopyRect
GetCursorPos
MonitorFromWindow
SystemParametersInfoW
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW
MapWindowPoints
ScreenToClient
GetClientRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetAsyncKeyState
SetWindowPos
UpdateLayeredWindow
ShowWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
wsprintfW
GetAncestor
GetWindowInfo
GetMonitorInfoW
MonitorFromPoint
EnumDisplaySettingsW
GetWindow
GetWindowThreadProcessId
GetShellWindow
GetDesktopWindow
WindowFromPoint
GetWindowRect
GetForegroundWindow
IsCharAlphaW
DestroyWindow
IsWindow
LoadImageW
InsertMenuItemW
DeleteMenu
GetMenuItemCount
CharNextW

gdi32

GetDeviceCaps
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
SaveDC
RestoreDC
GetTextExtentExPointW
GetTextExtentPoint32W
DeleteDC
CreateRectRgnIndirect
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
OffsetViewportOrgEx
SetViewportOrgEx
EnumFontFamiliesW
CreateFontW
RectVisible

advapi32

GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
OpenProcessToken

shell32

ord165
ord680
ShellExecuteW
DragQueryFileW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance
ReleaseStgMedium
CoGetObject
StringFromGUID2
IIDFromString
CLSIDFromString

oleaut32

SysStringLen
VarUI4FromStr
LoadTypeLi
SysFreeString
SysAllocStringLen
LoadRegTypeLi
SysAllocString
RegisterTypeLi
UnRegisterTypeLi

shlwapi

PathFileExistsW
PathCombineW
PathAppendW
PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW
StrStrIW
StrRChrW
StrCmpNIW
StrTrimA
StrStrIA
StrCmpIW
ord154
PathIsDirectoryW

comctl32

_TrackMouseEvent

gdiplus

GdipSetStringFormatTrimming
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromStream
GdipDrawImageRectRect
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCreateStringFormat
GdipDrawImageRectRectI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawString
GdipFillRectangleI

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
Install
IsInstall

Sections

.text
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyHiderData/Bin/shellmenu_x64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

e7be079bec7a9890a1ad6ee4494dc0da

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:31:6d:09:49:d1:df:99:7a:96:44:f6:17:01:b0:21
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27-12-2022 00:00

Not After

27-12-2023 23:59

Subject

CN=天津拂云科技有限公司,O=天津拂云科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:42:64:65:e1:bc:54:ff:b5:9f:85:cc:fc:e6:b4:7b:c3:37:cd:16:be:79:b2:71:23:ae:64:45:b5:dc:bf:01
Signer

Actual PE Digest

8b:42:64:65:e1:bc:54:ff:b5:9f:85:cc:fc:e6:b4:7b:c3:37:cd:16:be:79:b2:71:23:ae:64:45:b5:dc:bf:01

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\build\Easyhider\shellmenu\shellmenu\Release\shellmenu_x64.pdb

Imports

kernel32

ReadDirectoryChangesW
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
FindClose
lstrlenW
GetFullPathNameW
FindFirstFileW
FindNextFileW
lstrlenA
MultiByteToWideChar
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
OutputDebugStringW
IsDebuggerPresent
EncodePointer
GetThreadLocale
SetThreadLocale
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
GetLocalTime
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetWindowsDirectoryW
GetCurrentThreadId
GetVersionExW
GetFileSizeEx
ReadFile
CreateProcessW
GetStartupInfoW
GetFileAttributesW
CreateFileW
LoadLibraryW
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
CreateEventW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
WriteFile
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
DuplicateHandle
ExitProcess
WriteConsoleW
GetModuleFileNameA
GetFileType
GetStdHandle
GetModuleHandleExW
ExitThread
RtlPcToFileHeader
RtlUnwindEx
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ResumeThread
GetQueuedCompletionStatus
CreateIoCompletionPort
GetThreadIOPendingFlag
GetCurrentThread
GetCurrentProcess
GetProcAddress
FreeLibrary
GetDriveTypeW
FindResourceExW
FindResourceW
GetLogicalDriveStringsW
SizeofResource
LoadResource
LockResource
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
Sleep
WaitForSingleObjectEx
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SuspendThread
SetThreadContext
GetThreadContext
VirtualQuery
VirtualProtect
DeleteFileW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
HeapAlloc
HeapDestroy
TlsAlloc
SwitchToThread
GetCPInfo
TryEnterCriticalSection
GetStringTypeW
WideCharToMultiByte
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
GetACP
DecodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

user32

CharNextW
DrawFocusRect
SetCursor
PtInRect
EqualRect
UnionRect
PostQuitMessage
PeekMessageW
DispatchMessageW
UnregisterClassW
TranslateMessage
MsgWaitForMultipleObjectsEx
OffsetRect
GetCursorPos
MonitorFromWindow
SystemParametersInfoW
LoadCursorW
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
MapWindowPoints
ScreenToClient
GetClientRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetAsyncKeyState
SetWindowPos
UpdateLayeredWindow
ShowWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
wsprintfW
GetAncestor
GetWindowInfo
GetMonitorInfoW
MonitorFromPoint
EnumDisplaySettingsW
GetWindow
GetWindowThreadProcessId
GetShellWindow
GetDesktopWindow
WindowFromPoint
GetWindowRect
GetForegroundWindow
IsCharAlphaW
DestroyWindow
IsWindow
LoadImageW
InsertMenuItemW
DeleteMenu
GetMenuItemCount
CopyRect

gdi32

GetDeviceCaps
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
SaveDC
RestoreDC
GetTextExtentExPointW
GetTextExtentPoint32W
DeleteDC
CreateRectRgnIndirect
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
OffsetViewportOrgEx
SetViewportOrgEx
CreateFontW
EnumFontFamiliesW
RectVisible

advapi32

GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
OpenProcessToken

shell32

ord165
ord680
ShellExecuteW
DragQueryFileW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CoGetObject
StringFromGUID2
IIDFromString
CLSIDFromString
ReleaseStgMedium

oleaut32

UnRegisterTypeLi
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
SysAllocString
RegisterTypeLi

shlwapi

PathFileExistsW
PathCombineW
PathAppendW
PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW
StrStrIW
StrRChrW
StrCmpNIW
StrTrimA
StrStrIA
StrCmpIW
ord154
PathIsDirectoryW

comctl32

_TrackMouseEvent

gdiplus

GdipSetTextRenderingHint
GdipCreateBitmapFromStream
GdipDisposeImage
GdiplusStartup
GdipCloneImage
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangleI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDrawString

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
Install
IsInstall

Sections

.text
Size: 609KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyHiderData/config.ini

Sharing

General

Malware Config

Signatures

Files

184e609d08d4f2d35a3bfc12ce28214d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:31:6d:09:49:d1:df:99:7a:96:44:f6:17:01:b0:21Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

5f:cc:b9:8f:f7:49:be:20:7b:e5:30:c2:86:87:18:16:fd:8f:b5:1d:74:2e:7d:0a:4d:7a:04:31:ab:40:e3:abSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

setupapi

version

secur32

wininet

iphlpapi

urlmon

Exports

Exports

Sections

.text Size: 951KB - Virtual size: 950KB

.rdata Size: 187KB - Virtual size: 186KB

.data Size: 18KB - Virtual size: 26KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 47KB - Virtual size: 47KB

41583675b865552e56ae092ceb4f8ed4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:31:6d:09:49:d1:df:99:7a:96:44:f6:17:01:b0:21Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9b:76:e5:2e:7f:b2:ae:c2:7b:5a:1e:91:e9:7a:69:db:01:df:15:f4:81:c7:13:15:ab:34:e0:fc:54:68:f6:7eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:31:6d:09:49:d1:df:99:7a:96:44:f6:17:01:b0:21
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5f:cc:b9:8f:f7:49:be:20:7b:e5:30:c2:86:87:18:16:fd:8f:b5:1d:74:2e:7d:0a:4d:7a:04:31:ab:40:e3:ab
Signer

.text
Size: 951KB - Virtual size: 950KB

.rdata
Size: 187KB - Virtual size: 186KB

.data
Size: 18KB - Virtual size: 26KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 47KB - Virtual size: 47KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:31:6d:09:49:d1:df:99:7a:96:44:f6:17:01:b0:21
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9b:76:e5:2e:7f:b2:ae:c2:7b:5a:1e:91:e9:7a:69:db:01:df:15:f4:81:c7:13:15:ab:34:e0:fc:54:68:f6:7e
Signer

.text
Size: 692KB - Virtual size: 692KB

.rdata
Size: 185KB - Virtual size: 184KB

.data
Size: 15KB - Virtual size: 22KB

.rsrc
Size: 165KB - Virtual size: 165KB

.reloc
Size: 46KB - Virtual size: 46KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:31:6d:09:49:d1:df:99:7a:96:44:f6:17:01:b0:21
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5c:95:7b:96:d4:29:bb:e8:7c:bc:1d:a9:6c:76:50:0e:30:9b:aa:76:d8:f2:0f:cf:e2:25:cb:1e:0b:e6:4d:41
Signer

.text
Size: 524KB - Virtual size: 523KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 13KB - Virtual size: 18KB

.rsrc
Size: 453KB - Virtual size: 453KB

.reloc
Size: 29KB - Virtual size: 29KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:31:6d:09:49:d1:df:99:7a:96:44:f6:17:01:b0:21
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate