d0197669ed982b05aed104fc14462d52e9d24e2e1690676d8160ee8f3ec60a97

Sharing

Copy URL Twitter E-mail

General

Target

d0197669ed982b05aed104fc14462d52e9d24e2e1690676d8160ee8f3ec60a97
Size

1.2MB
MD5

ec970cb46c00553e4cc57d6ed778867d
SHA1

f507e60e1f5d8002f701a13c8358f617a048b4b4
SHA256

d0197669ed982b05aed104fc14462d52e9d24e2e1690676d8160ee8f3ec60a97
SHA512

a303411f79b4107931b9d00958f47102da8b64202413ac9f74fafaf5e747956890b48753880b73f831387cb1bc0a00738b06049c7e6dfefb3e2ae57182805464
SSDEEP

24576:fKJUHCNq0viqimXcccDXGalb/eeoP+qo+eenUTy0X:OdsLeeoLbnUTy0X

Score

1^/10

Malware Config

Signatures

Files

d0197669ed982b05aed104fc14462d52e9d24e2e1690676d8160ee8f3ec60a97
.exe windows:5 windows x86 arch:x86

a9573294e500afa416bfe3e4976750cb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/08/2022, 00:00

Not After

29/07/2025, 23:59

Subject

SERIALNUMBER=91110108680456115E,CN=Glarysoft Ltd,O=Glarysoft Ltd,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13104861696469616e204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/08/2022, 00:00

Not After

29/07/2025, 23:59

Subject

SERIALNUMBER=91110108680456115E,CN=Glarysoft Ltd,O=Glarysoft Ltd,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13104861696469616e204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b7:ab:57:46:1a:6e:8d:a5:d0:04:49:69:07:1c:21:8c:d7:e6:5d:29:a9:b7:f6:5f:52:9f:db:54:8c:7c:36:2b
Signer

Actual PE Digest

b7:ab:57:46:1a:6e:8d:a5:d0:04:49:69:07:1c:21:8c:d7:e6:5d:29:a9:b7:f6:5f:52:9f:db:54:8c:7c:36:2b

Digest Algorithm

sha256

PE Digest Matches

true

cf:73:97:c7:af:22:00:ca:99:9f:e3:56:79:70:13:df:38:d7:dd:b1
Signer

Actual PE Digest

cf:73:97:c7:af:22:00:ca:99:9f:e3:56:79:70:13:df:38:d7:dd:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\winapps\mh\trunk\Build\MalwareHunter\Release\MalwareHunter.pdb

Imports

mfc90u

ord4512
ord5497
ord6074
ord6493
ord3685
ord6808
ord4543
ord3528
ord6164
ord654
ord6347
ord4741
ord611
ord3489
ord3286
ord4652
ord1665
ord2274
ord693
ord595
ord797
ord3563
ord3252
ord5664
ord4658
ord1493
ord6411
ord3355
ord2280
ord3637
ord1603
ord2478
ord2479
ord6013
ord2469
ord814
ord1552
ord1542
ord6832
ord1243
ord2523
ord608
ord324
ord5535
ord663
ord404
ord3399
ord2209
ord664
ord405
ord6060
ord6572
ord6063
ord4518
ord398
ord662
ord6275
ord3145
ord2695
ord3187
ord5770
ord5938
ord6095
ord4541
ord4410
ord290
ord587
ord792
ord1166
ord2431
ord3674
ord1222
ord4530
ord2971
ord767
ord3642
ord1714
ord750
ord1708
ord1779
ord3906
ord4815
ord3856
ord6780
ord1047
ord613
ord337
ord3768
ord4171
ord2820
ord3150
ord2141
ord3158
ord4040
ord710
ord791
ord3665
ord5078
ord4010
ord790
ord586
ord3842
ord2243
ord6204
ord339
ord2539
ord3537
ord4490
ord3061
ord6636
ord3488
ord333
ord1533
ord4000
ord639
ord374
ord3794
ord2282
ord2901
ord6271
ord316
ord601
ord2551
ord2676
ord4519
ord3165
ord6355
ord4266
ord4262
ord2372
ord1383
ord3167
ord3146
ord2727
ord6349
ord4270
ord2360
ord4400
ord3160
ord686
ord436
ord1063
ord1088
ord1688
ord1354
ord3486
ord2595
ord5850
ord2326
ord3741
ord4234
ord6659
ord5167
ord4774
ord2592
ord2470
ord6372
ord2597
ord5182
ord744
ord524
ord2069
ord4527
ord1064
ord6065
ord1486
ord2593
ord677
ord4656
ord1682
ord1770
ord2278
ord3826
ord6079
ord1108
ord6577
ord1938
ord2139
ord4682
ord1272
ord4910
ord3543
ord2106
ord1183
ord1137
ord6529
ord811
ord938
ord5979
ord4494
ord6686
ord4405
ord1298
ord1607
ord285
ord3220
ord1599
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord3115
ord4905
ord4681
ord3670
ord3500
ord2447
ord1144
ord3217
ord6022
ord6604
ord1156
ord1098
ord4211
ord794
ord589
ord4043
ord4351
ord2904
ord784
ord582
ord6579
ord4131
ord1556
ord5736
ord5737
ord6115
ord5553
ord3071
ord1211
ord690
ord441
ord2537
ord286
ord799
ord266
ord265
ord3577
ord2130
ord1357
ord2596
ord6666
ord4516
ord3742
ord1674
ord3511
ord633
ord2103
ord1601
ord4510
ord2277
ord1667
ord4654
ord3496
ord615
ord6551
ord4398
ord3231
ord462
ord2356
ord6096
ord6547
ord367
ord636
ord1353
ord2758
ord6091
ord6574
ord3933
ord1719
ord4660
ord778
ord4044
ord4631
ord6187
ord5863
ord6040
ord5974
ord6101
ord6415
ord280
ord813
ord5851
ord2694
ord600
ord1250
ord1254
ord296
ord5632
ord5324
ord5008
ord2208
ord1810
ord1809
ord1675
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord5653
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord3513
ord6174
ord935
ord6418
ord1248
ord6183
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord6569
ord4579
ord3622
ord6566
ord4348
ord2891
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord801

msvcr90

memset
__CxxFrameHandler3
memcpy
_decode_pointer
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
sscanf
rand
srand
wcsstr
wprintf
_wcsnicmp
_mktime64
_resetstkoflw
memcpy_s
wcsncpy
wcsftime
malloc
calloc
_recalloc
free
_kbhit
printf
wcscpy_s
_purecall
memmove_s
_wcstoui64
?what@exception@std@@UBEPBDXZ
wcstol
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
__wargv
_wcsicmp
__argc
strtol
atoi
wcsrchr
wcschr
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_localtime64_s
_time64

kernel32

SetThreadExecutionState
LocalFree
LocalAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalFree
GetTickCount
GetCommandLineW
GetComputerNameW
GetVersion
InterlockedDecrement
CreateFileW
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
LeaveCriticalSection
CreateDirectoryW
WriteFile
SetFileTime
GetFileInformationByHandle
GetFileAttributesW
DuplicateHandle
ResetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ExpandEnvironmentStringsW
CreateEventW
SetEvent
GlobalUnlock
GlobalLock
GlobalAlloc
FileTimeToSystemTime
InterlockedExchange
GetPrivateProfileStringW
SetUnhandledExceptionFilter
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetFileSize
GetLocalTime
InterlockedCompareExchange
GetStartupInfoW
VirtualQuery
OpenThread
ResumeThread
GetThreadContext
SuspendThread
RtlCaptureContext
GetCurrentProcess
GetCurrentThread
FreeLibrary
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
lstrlenW
SetLastError
LoadLibraryW
GetLastError
MulDiv
GetSystemPowerStatus
GetCurrentThreadId
GetSystemTime
Sleep
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
DeleteFileW
SetPriorityClass
GetCurrentProcessId
OpenProcess
GetLongPathNameW
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
CloseHandle
HeapFree
GetProcessHeap
GetVersionExW
WaitForSingleObject
GetModuleFileNameW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess

user32

wsprintfW
EnumChildWindows
GetWindow
GetScrollInfo
CallWindowProcW
SetCapture
IsRectEmpty
DrawIconEx
TrackMouseEvent
ReleaseCapture
MessageBoxW
InsertMenuW
CreateMenu
GetWindowLongW
GetMenuBarInfo
GetMenuItemID
GetMenuItemCount
GetSysColor
SetWindowTextW
UnionRect
ExitWindowsEx
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
GrayStringW
DrawTextExW
TabbedTextOutW
SetWindowLongW
EqualRect
DrawTextW
AppendMenuW
GetSubMenu
CreatePopupMenu
FillRect
SetScrollPos
UpdateWindow
SetParent
GetSysColorBrush
SetWindowRgn
MonitorFromPoint
GetMonitorInfoW
LoadCursorW
SetCursor
PtInRect
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
FrameRect
ChildWindowFromPointEx
ScreenToClient
WindowFromPoint
GetCursorPos
IsChild
FindWindowExA
WaitForInputIdle
FindWindowW
CopyRect
GetParent
LoadImageW
InvalidateRect
SwitchToThisWindow
SetForegroundWindow
SetWindowPos
ShowWindow
AttachThreadInput
SendMessageTimeoutW
OffsetRect
RedrawWindow
ReleaseDC
GetDC
GetForegroundWindow
GetDesktopWindow
IsWindow
KillTimer
DrawIcon
GetSystemMetrics
IsIconic
GetClientRect
SetTimer
LoadIconW
GetWindowRect
SetRect
IsWindowVisible
GetWindowThreadProcessId
PostMessageW
SendMessageW
EnableWindow

gdi32

TextOutW
ExtTextOutW
Escape
CreateSolidBrush
CreatePen
CreateRoundRectRgn
CreatePatternBrush
RectVisible
FillRgn
FrameRgn
CreateFontIndirectW
GetBkColor
GetDeviceCaps
PtVisible
GetCurrentObject
GetTextColor
CreatePolygonRgn
CreateRectRgn
GetTextMetricsW
GetDIBColorTable
StretchBlt
SetDIBColorTable
GetBkMode
GetStockObject
CreateCompatibleBitmap
BitBlt
SetBrushOrgEx
SelectObject
DeleteObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
CreateFontW
GetObjectW
GetTextExtentPoint32W

msimg32

TransparentBlt
GradientFill
AlphaBlend

advapi32

LookupPrivilegeValueW
CheckTokenMembership
FreeSid
GetUserNameW
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetSpecialFolderPathW
ord165
SHGetFileInfoW
CommandLineToArgvW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

SHGetValueW
SHSetValueW
PathFileExistsW
ColorAdjustLuma
StrCmpLogicalW
StrFormatByteSizeW
PathFindFileNameW
PathIsDirectoryW

ole32

CoTaskMemFree
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
SysAllocStringLen
VariantClear

msvcp90

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?close@?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?open@?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXPB_WHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??_D?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

gdiplus

GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStream
GdipDrawImageRectI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipFillPieI
GdipFillRectangleI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

antivirus

AVProtectStart
AVEnumToList
AVProtectSetOption
AVInitialize
AVEnableEngine
AVCloudSetOption
AVInstall
AVUpdateDate
AVUninstall
AVGetValidInstallerPath
AVUninitialize
AVUpdate
AVStopUpdate
AVProtectSetCallback
AVEnumEngine
AVUninstallEngine
AVGetDataInfo
AVAddAnalysisFiles
AVGetDataDetailInfo
AVSaveLog
AVGetScanTime
AVSuspend
AVGetDataProperty
AVScanAddToList
AVSetDataProperty
AVSetCallBack
AVAddScanObjectLocation
AVCreateScanObject
AVSetObjectOption
AVSetOption
AVScan
AVCreateInstance
AVRepair
AVDestroyInstance
AVEnumToListItem
AVEnumAnalysisHistoryList
AVRestoreQuarantineFile
AVClearQuarantineFile
AVDeleteQuarantineFile
AVEnumQuarantine
AVDeleteLog
AVEnumLogRecord
AVEnumLogList
AVGetToList
AVDeleteToList
AVDeleteMultiToList
AVStop
AVClearAnalysisHistoryList
AVInstallEngine
AVGetEngineVersion
AVQuarantineFile
AVWriteLog
AVAddToList
AVProtectStop

appmetrics

ord8
ord3

crashreport

ord1

psapi

EnumProcessModules
GetModuleInformation
GetModuleFileNameExW
GetProcessImageFileNameW

dbghelp

SymGetModuleBase64
StackWalk64
SymFunctionTableAccess64

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CryptMsgClose
CryptStringToBinaryA
CertCreateCertificateContext
CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CryptQueryObject
CertGetNameStringW
CertFindCertificateInStore

languages

ord6
ord5
ord3
ord4
ord8

zlib1

uncompress

config

ord11
ord13

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9573294e500afa416bfe3e4976750cb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

b7:ab:57:46:1a:6e:8d:a5:d0:04:49:69:07:1c:21:8c:d7:e6:5d:29:a9:b7:f6:5f:52:9f:db:54:8c:7c:36:2bSigner

cf:73:97:c7:af:22:00:ca:99:9f:e3:56:79:70:13:df:38:d7:dd:b1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp90

gdiplus

version

antivirus

appmetrics

crashreport

psapi

dbghelp

wintrust

crypt32

languages

zlib1

config

Sections

.text Size: 612KB - Virtual size: 612KB

.rdata Size: 146KB - Virtual size: 145KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 325KB - Virtual size: 324KB

.reloc Size: 69KB - Virtual size: 69KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:28:14:36:98:54:a8:5f:9b:8f:90:12:67:c0:3c:f2
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b7:ab:57:46:1a:6e:8d:a5:d0:04:49:69:07:1c:21:8c:d7:e6:5d:29:a9:b7:f6:5f:52:9f:db:54:8c:7c:36:2b
Signer

cf:73:97:c7:af:22:00:ca:99:9f:e3:56:79:70:13:df:38:d7:dd:b1
Signer

.text
Size: 612KB - Virtual size: 612KB

.rdata
Size: 146KB - Virtual size: 145KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 325KB - Virtual size: 324KB

.reloc
Size: 69KB - Virtual size: 69KB