clipdiary_5[.]7[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

clipdiary_5.7.exe
Size

4.3MB
MD5

67fabbe10de6ff72f5f44addb463b077
SHA1

ad76b4e807916d6cd6087d0c4678d290b6702895
SHA256

d078451484facc9fc9568bdf2c13b11fb5d9f5e95a5be095bbd45bfc586789b0
SHA512

db3d944d904eec73864ac2ea62acdcb4f7374677d96611af475cb85bf8a82ab93ca3ad9c0f4291e4852167c29f6d5fd7113fde5207e278af9a5dd8204a30d881
SSDEEP

98304:xVZ8AKZrEvXsq3twJm3HHjpzxy9dQPL35GhVEmd7W/f26wJ2ElfM2Upbd:DGAK6PsGuQ3H91T3UhVEmgejjU/

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
clipdiary_5.7.exe
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/clipdiary.exe
unpack001/uninst.exe
unpack003/$PLUGINSDIR/FindProcDLL.dll
unpack003/$PLUGINSDIR/UAC.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

clipdiary_5.7.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
FindClose
FindNextFileA
MulDiv
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpiA
FindFirstFileA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

ab0d6b61eda9d1dc039b5837f731d965

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
lstrcmpiA
GetCurrentThreadId
LoadLibraryA
FreeLibrary
GetProcAddress
GetLastError
GetExitCodeProcess
WaitForSingleObject
DuplicateHandle
Sleep
GetCurrentProcessId
CreateThread
GetCommandLineA
OpenProcess
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
SetLastError
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcpynA
GetModuleHandleA

user32

SendMessageW
DialogBoxParamA
CharNextA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
SetWindowsHookExA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
GetWindowThreadProcessId
MessageBoxA
SetWindowLongA
LoadImageA
DestroyWindow
GetWindowLongA
EnableWindow
ShowWindow
SetWindowTextA
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
EndDialog

advapi32

RegCloseKey
QueryServiceStatus
OpenServiceA
CloseServiceHandle
OpenSCManagerA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
GetShellFolderPath
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Languages/ar/lib.mo
Languages/ar/lib.po
Languages/ar/messages.mo
Languages/ar/messages.po
Languages/bs/messages.mo
Languages/bs/messages.po
Languages/cs/lib.mo
Languages/cs/lib.po
Languages/cs/messages.mo
Languages/cs/messages.po
Languages/da/lib.mo
Languages/da/lib.po
Languages/da/messages.mo
Languages/da/messages.po
Languages/de/lib.mo
Languages/de/lib.po
Languages/de/messages.mo
Languages/de/messages.po
Languages/en/messages.mo
.eml
Languages/en/messages.po
Languages/es_mx/lib.mo
Languages/es_mx/lib.po
Languages/es_mx/messages.mo
Languages/es_mx/messages.po
Languages/fi/lib.mo
Languages/fi/lib.po
Languages/fi/messages.mo
Languages/fi/messages.po
Languages/fr/lib.mo
Languages/fr/lib.po
Languages/fr/messages.mo
Languages/fr/messages.po
Languages/hi/lib.mo
Languages/hi/lib.po
Languages/hi/messages.mo
Languages/hi/messages.po
Languages/id/lib.mo
Languages/id/lib.po
Languages/id/messages.mo
Languages/id/messages.po
Languages/it/lib.mo
Languages/it/lib.po
Languages/it/messages.mo
Languages/it/messages.po
Languages/messages.pot
Languages/nb/lib.mo
Languages/nb/lib.po
Languages/nb/messages.mo
Languages/nb/messages.po
Languages/nl/lib.mo
Languages/nl/lib.po
Languages/nl/messages.mo
Languages/nl/messages.po
Languages/pl/lib.mo
Languages/pl/lib.po
Languages/pl/messages.mo
Languages/pl/messages.po
Languages/pt_BR/lib.mo
Languages/pt_BR/lib.po
Languages/pt_BR/messages.mo
Languages/pt_BR/messages.po
Languages/ro/lib.mo
Languages/ro/lib.po
Languages/ro/messages.mo
Languages/ro/messages.po
Languages/ru/lib.mo
Languages/ru/lib.po
Languages/ru/messages.mo
Languages/ru/messages.po
Languages/sv/lib.mo
Languages/sv/lib.po
Languages/sv/messages.mo
Languages/sv/messages.po
Languages/tr/lib.mo
Languages/tr/lib.po
Languages/tr/messages.mo
Languages/tr/messages.po
Languages/uz/messages.mo
Languages/uz/messages.po
Languages/zh_CN/lib.mo
Languages/zh_CN/lib.po
Languages/zh_CN/messages.mo
Languages/zh_CN/messages.po
Languages/zh_TW/lib.mo
Languages/zh_TW/lib.po
Languages/zh_TW/messages.mo
Languages/zh_TW/messages.po
clipdiary.exe
.exe windows:6 windows x86 arch:x86

6c53a00044134ac38e7fb1816311c0cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_My\_Work\Clipdiary\Clipdiary\Release\Clipdiary.pdb

Imports

kernel32

SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetSystemTimeAsFileTime
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
GetEnvironmentVariableA
FindClose
FindFirstFileW
SetFileTime
InitializeCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
SetErrorMode
ExitProcess
SetThreadPriority
TerminateThread
GetExitCodeThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetCurrentDirectoryW
GetFileType
CopyFileW
GetFileTime
GetLongPathNameW
GetTempFileNameW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReadDirectoryChangesW
FindNextFileW
SetHandleInformation
CreatePipe
SetNamedPipeHandleState
PeekNamedPipe
WaitForMultipleObjects
GetExitCodeProcess
CreateThread
CreateProcessW
GetEnvironmentVariableW
GetVersionExW
GetNativeSystemInfo
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
GetComputerNameW
IsValidCodePage
GetCommandLineW
GetACP
IsValidLocale
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
ExpandEnvironmentStringsW
GetCurrentThread
RaiseException
IsBadReadPtr
IsBadStringPtrA
MulDiv
GlobalFree
GlobalHandle
GetStdHandle
FreeConsole
AttachConsole
WriteConsoleA
WriteConsoleW
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
ReadConsoleOutputCharacterA
RtlUnwind
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDriveTypeW
GetFileInformationByHandle
GetTimeZoneInformation
CreateDirectoryW
RemoveDirectoryW
MoveFileExW
SetStdHandle
SetFileAttributesW
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
EnumSystemLocalesW
GetOEMCP
GetFileSizeEx
GetCurrentDirectoryW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetSystemTime
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
LocalFree
LCMapStringEx
GetCPInfo
CompareStringEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
GetLogicalDriveStringsW
EnterCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageA
FreeLibrary
QueryPerformanceFrequency
GetLocaleInfoW
Process32NextW
Process32FirstW
lstrcpyW
SetLastError
K32GetProcessImageFileNameW
Module32FirstW
CreateToolhelp32Snapshot
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
OpenProcess
GetLastError
CloseHandle
GetTickCount
GetFileAttributesW
Sleep

user32

GetSysColor
FillRect
InflateRect
PtInRect
SetParent
GetWindow
IsDialogMessageW
SetScrollInfo
GetScrollInfo
SystemParametersInfoW
LoadBitmapW
LoadIconW
LoadImageW
GetIconInfo
CreateDialogParamW
GetDlgItem
SetWindowRgn
GetWindowPlacement
SetLayeredWindowAttributes
FlashWindowEx
IsIconic
IsZoomed
CreateDialogIndirectParamW
GetDialogBaseUnits
DrawMenuBar
GetSystemMenu
EnableMenuItem
DrawTextW
DrawFocusRect
CreateIconIndirect
DrawStateW
CopyRect
OffsetRect
DrawEdge
DrawFrameControl
GetMenuState
CheckMenuItem
GetSubMenu
GetMenuItemID
SetMenuItemInfoW
GetSysColorBrush
SetRect
CheckMenuRadioItem
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
SetMenuInfo
InsertMenuItemW
GetComboBoxInfo
IsMenu
keybd_event
GetWindowTextLengthW
HideCaret
ValidateRgn
IsRectEmpty
ChildWindowFromPoint
FindWindowExW
DrawIconEx
RegisterWindowMessageW
SetMenu
DestroyCursor
MessageBeep
GetClassNameW
WindowFromPoint
GetDoubleClickTime
GetCaretBlinkTime
GetClassInfoW
GetProcessDefaultLayout
SetCursorPos
CreateAcceleratorTableW
DestroyAcceleratorTable
TranslateAcceleratorW
GetMessageW
ValidateRect
GetWindowDC
BeginPaint
EndPaint
GetDesktopWindow
AdjustWindowRectEx
ShowCursor
ChangeDisplaySettingsExW
EnumDisplaySettingsW
MonitorFromWindow
EnumDisplayMonitors
wsprintfW
MoveWindow
AnimateWindow
ShowWindow
CallWindowProcW
PostQuitMessage
GetMessageTime
GetMessagePos
UnregisterHotKey
RegisterHotKey
TranslateMessage
KillTimer
SetTimer
MsgWaitForMultipleObjects
DispatchMessageW
LoadCursorW
SetCursor
DdeFreeStringHandle
DdeQueryStringW
DdeCreateStringHandleW
DdeGetLastError
DdeFreeDataHandle
DdeGetData
DdeCreateDataHandle
DdeClientTransaction
DdeNameService
DdePostAdvise
DdeDisconnect
DdeUninitialize
DdeInitializeW
BringWindowToTop
RegisterClassW
DestroyWindow
UnregisterClassW
DefWindowProcW
WaitForInputIdle
PeekMessageW
PostThreadMessageW
MessageBoxW
GetClientRect
SetWindowTextW
EnableScrollBar
ScrollWindow
RedrawWindow
InvalidateRect
GetUpdateRgn
ChildWindowFromPointEx
MapWindowPoints
ScreenToClient
UnionRect
ReleaseDC
UpdateWindow
GetMenuItemInfoW
TrackPopupMenu
GetMenuItemCount
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetCapture
VkKeyScanW
GetAsyncKeyState
GetKeyState
GetFocus
GetActiveWindow
SetFocus
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SendMessageW
IsWindowVisible
GetForegroundWindow
SetForegroundWindow
GetWindowLongW
SetWindowLongW
SendInput
MapVirtualKeyW
GetDC
BlockInput
IsWindow
OpenClipboard
CloseClipboard
GetClipboardOwner
SetClipboardData
GetClipboardData
RegisterClipboardFormatW
GetCursorPos
GetPropW
SetWindowPos
EnumClipboardFormats
GetKeyNameTextW
CharLowerW
GetKeyboardLayoutList
DestroyIcon
SetRectEmpty
GetGUIThreadInfo
GetMonitorInfoW
MonitorFromPoint
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowW
ClientToScreen
GetWindowRect
GetSystemMetrics
AddClipboardFormatListener
CreateWindowExW
PostMessageW
GetClipboardFormatNameW
EmptyClipboard
IsClipboardFormatAvailable
GetWindowTextW
GetWindowThreadProcessId
GetParent
DdeConnect

gdi32

PlayEnhMetaFile
GetEnhMetaFileHeader
GetEnhMetaFileW
DeleteEnhMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
GetSystemPaletteEntries
CreateDCW
SetAbortProc
SetDIBColorTable
GetDIBColorTable
CreateDIBitmap
SetTextColor
CreateDIBSection
GetDIBits
ExtCreatePen
CreatePen
GetTextExtentExPointW
GetCharABCWidthsW
StartDocW
GetNearestPaletteIndex
CreatePalette
PtInRegion
GetRgnBox
EqualRgn
CreateICW
RectInRegion
CreateRectRgnIndirect
CombineRgn
MoveToEx
LineTo
GetBkColor
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolyBezier
Polyline
Polygon
LPtoDP
DPtoLP
ExtTextOutW
ModifyWorldTransform
SetWorldTransform
GetWorldTransform
SetStretchBltMode
SetROP2
EndDoc
StartPage
EndPage
GetPaletteEntries
SetBkMode
SetBkColor
OffsetRgn
GetRegionData
ExtCreateRegion
GetOutlineTextMetricsW
CreateFontIndirectW
GetObjectW
DeleteObject
GdiFlush
SetBrushOrgEx
GetTextMetricsW
SelectPalette
SelectObject
RealizePalette
GetDeviceCaps
EnumFontFamiliesExW
CreateRectRgn
StretchDIBits
StretchBlt
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
ExtSelectClipRgn
RoundRect
Rectangle
PolyPolygon
Pie
MaskBlt
GetObjectType
GetClipBox
ExtFloodFill
BitBlt
CreateBitmap
CreateBitmapIndirect
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreateSolidBrush
GetGraphicsMode
GetViewportExtEx
GetWindowExtEx
GetTextExtentPoint32W
GetPixel
SelectClipRgn
SetPixel
SetWindowOrgEx
CreateHatchBrush
CreatePatternBrush
GetStockObject
Arc
Ellipse
ExcludeClipRect

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ExtractIconExW
ShellExecuteExW
ExtractIconW
DragAcceptFiles
DragFinish
SHGetMalloc
ord6
DragQueryPoint
SHGetFolderPathW
CommandLineToArgvW
Shell_NotifyIconW
DragQueryFileW
SHGetFileInfoW

wsock32

WSACleanup
__WSAFDIsSet
WSAStartup
inet_ntoa
WSAGetLastError
accept
getservbyname
bind
closesocket
connect
getsockname
getsockopt
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket
gethostbyname
gethostbyaddr
ntohs
ntohl
ioctlsocket
htons
htonl

winmm

PlaySoundW

comctl32

ImageList_Replace
ImageList_SetBkColor
ImageList_Draw
ImageList_SetDragCursorImage
ImageList_Remove
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_Copy
ord16
ord17
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

rpcrt4

UuidToStringW
RpcStringFreeW

shlwapi

AssocQueryStringW
SHAutoComplete

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msimg32

AlphaBlend
GradientFill

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PageSetupDlgW
PrintDlgW
ChooseFontW
ChooseColorW
CommDlgExtendedError

advapi32

RegSetValueExW
GetUserNameW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

ole32

OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
RegisterDragDrop
CoLockObjectExternal
OleInitialize
DoDragDrop
RevokeDragDrop
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
CoCreateInstance
ReleaseStgMedium

oleacc

LresultFromObject

uxtheme

DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeBackgroundContentRect
IsThemeBackgroundPartiallyTransparent
IsThemePartDefined
IsAppThemed
IsThemeActive
GetCurrentThemeName
GetThemeBackgroundExtent
GetThemeFont
SetWindowTheme
GetThemeSysFont
GetThemeSysColor
GetThemeInt
GetThemePartSize
GetThemeMargins
DrawThemeParentBackground
GetThemeColor

Exports

Exports

sqlite3_carray_bind
sqlite3_carray_init
sqlite3_csv_init
sqlite3_fileio_init
sqlite3_regexp_init
sqlite3_series_init
sqlite3_shathree_init
sqlite3_uuid_init
sqlite3_vsv_init

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 205KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
credits.txt
license.txt
resource.bin
.zip
about.html
buttons/PlaySound.png
.png
buttons/angle-double-left_16.png
.png
buttons/angle-double-right_16.png
.png
buttons/angle-left_16.png
.png
buttons/angle-right_16.png
.png
buttons/filter-clear.png
.png
buttons/filter-locate.png
.png
buttons/filter-set.png
.png
congrat.jpeg
.jpg
icons/blog.png
.png
icons/buy.png
.png
icons/buy_128.png
.png
icons/buy_32.png
.png
icons/buy_64.png
.png
icons/cliptype/bitmap.png
.png
icons/cliptype/clip.png
.png
icons/cliptype/file.png
.png
icons/cliptype/html.png
.png
icons/cliptype/rtf.png
.png
icons/cliptype/s-bitmap.png
.png
icons/cliptype/s-file.png
.png
icons/cliptype/s-html.png
.png
icons/cliptype/s-rtf.png
.png
icons/cliptype/s-text.png
.png
icons/cliptype/s-unknown.png
.png
icons/cliptype/text.png
.png
icons/cliptype/unknown.png
.png
icons/clipview.png
.png
icons/copy_clipboard.png
.png
icons/copy_clipboard_128.png
.png
icons/copy_clipboard_32.png
.png
icons/copy_clipboard_64.png
.png
icons/delete.png
.png
icons/delete_128.png
.png
icons/delete_32.png
.png
icons/delete_64.png
.png
icons/down.png
.png
icons/down_128.png
.png
icons/down_32.png
.png
icons/down_64.png
.png
icons/empty_clipboard.png
.png
icons/facebook.png
.png
icons/feed.png
.png
icons/folder.png
.png
icons/help.png
.png
icons/hide.png
.png
icons/home.png
.png
icons/information.png
.png
icons/lock.png
.png
icons/mail.png
.png
icons/new.png
.png
icons/new_128.png
.png
icons/new_32.png
.png
icons/new_64.png
.png
icons/options.png
.png
icons/paste_clipboard.png
.png
icons/paste_clipboard_128.png
.png
icons/paste_clipboard_32.png
.png
icons/paste_clipboard_64.png
.png
icons/power-off_red.png
.png
icons/power-off_red_128.png
.png
icons/power-off_red_32.png
.png
icons/power-off_red_64.png
.png
icons/reconnect.png
.png
icons/rename.png
.png
icons/rename_128.png
.png
icons/rename_32.png
.png
icons/rename_64.png
.png
icons/save.png
.png
icons/starred.png
.png
icons/typein.png
.png
icons/typein_128.png
.png
icons/typein_32.png
.png
icons/typein_64.png
.png
icons/unknown_app_icon.png
.png
icons/unstarred.png
.png
icons/up.png
.png
icons/up_128.png
.png
icons/up_32.png
.png
icons/up_64.png
.png
icons/updates.png
.png
logo.png
.png
nagscreen/Clipboard128.png
.png
nagscreen/buy.png
.png
nagscreen/ccards.png
.png
nagscreen/feedback.png
.png
nagscreen/go.png
.png
nagscreen/home.png
.png
nagscreen/nagscreen.html
nagscreen/no.png
.png
nagscreen/yes.png
.png
rtf/16/document_background.png
.png
rtf/16/fill_color.png
.png
rtf/16/font_colors.png
.png
rtf/16/font_size_decrease.png
.png
rtf/16/font_size_increase.png
.png
rtf/16/text_align_center.png
.png
rtf/16/text_align_justity.png
.png
rtf/16/text_align_left.png
.png
rtf/16/text_align_right.png
.png
rtf/16/text_bold.png
.png
rtf/16/text_italic.png
.png
rtf/16/text_underline.png
.png
rtf/32/document_background.png
.png
rtf/32/fill_color.png
.png
rtf/32/font_colors.png
.png
rtf/32/font_size_decrease.png
.png
rtf/32/font_size_increase.png
.png
rtf/32/text_align_center.png
.png
rtf/32/text_align_justity.png
.png
rtf/32/text_align_left.png
.png
rtf/32/text_align_right.png
.png
rtf/32/text_bold.png
.png
rtf/32/text_italic.png
.png
rtf/32/text_underline.png
.png
wizard.png
.png
sounds/sound1.wav
sounds/sound2.wav
sounds/sound3.wav
sounds/sound4.wav
sounds/sound5.wav
sounds/sound6.wav
sounds/sound7.wav
sounds/sound8.wav
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

ab0d6b61eda9d1dc039b5837f731d965

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
lstrcmpiA
GetCurrentThreadId
LoadLibraryA
FreeLibrary
GetProcAddress
GetLastError
GetExitCodeProcess
WaitForSingleObject
DuplicateHandle
Sleep
GetCurrentProcessId
CreateThread
GetCommandLineA
OpenProcess
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
SetLastError
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcpynA
GetModuleHandleA

user32

SendMessageW
DialogBoxParamA
CharNextA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
SetWindowsHookExA
SendMessageTimeoutA
WaitForInputIdle
DefWindowProcA
PostMessageA
GetLastActivePopup
PostQuitMessage
SetForegroundWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
UnregisterClassA
GetWindowTextA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
IsWindow
GetWindowThreadProcessId
MessageBoxA
SetWindowLongA
LoadImageA
DestroyWindow
GetWindowLongA
EnableWindow
ShowWindow
SetWindowTextA
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
EndDialog

advapi32

RegCloseKey
QueryServiceStatus
OpenServiceA
CloseServiceHandle
OpenSCManagerA
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExA

ole32

CoInitialize
CoUninitialize

Exports

Exports

Exec
ExecCodeSegment
ExecWait
GetElevationType
GetOuterHwnd
GetShellFolderPath
IsAdmin
RunElevated
ShellExec
ShellExecWait
StackPush
SupportsUAC
Unload

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 28KB - Virtual size: 28KB

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 10KB

.reloc Size: 1KB - Virtual size: 1KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 320B

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 205KB - Virtual size: 435KB

.rsrc
Size: 51KB - Virtual size: 50KB

.reloc
Size: 499KB - Virtual size: 498KB