a29865ffdcf006b14b68851ce2160a3f

Sharing

Copy URL

Twitter E-mail

General

Target

a29865ffdcf006b14b68851ce2160a3f
Size

1.8MB
MD5

a29865ffdcf006b14b68851ce2160a3f
SHA1

99a39ed317976663b45b04dc2eadfc2b0ef810f2
SHA256

3a91b62f6264e3bbd47412b8c8fa70efd52d42419f7e4387c8f1ea12f3147fab
SHA512

7af5d14daa093350b3a8d96cc2fbaf9cdc72796bbbf6c620d2291df29ee80d52cd40f3bd3b281d2ced456106281931f3e45817a21c33973a3720b69e5f6074bf
SSDEEP

49152:Dg4lYcK5+t1s2lA+1rnThxfDwp5vlbpufDJOoF:TqcKt2S+1rAp5N+lOoF

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/$PLUGINSDIR/nsisFirewall.dll
unpack001/$SYSDIR/remover.exe
unpack001/BKeeper.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$SYSDIR/remover.exe	nsis_installer_1
static1/unpack001/$SYSDIR/remover.exe	nsis_installer_2

Files

a29865ffdcf006b14b68851ce2160a3f
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:03:97:df:89:b2:f3:68:4c:31:97:2b:f9:65:b7:3c
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

17-08-2010 00:00

Not After

16-08-2012 23:59

Subject

CN=MediaSave Co.\, Ltd.,OU=EC Team,O=MediaSave Co.\, Ltd.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisFirewall.dll
.dll windows:4 windows x86 arch:x86

1a4c99175e8891c64634680f4f238d51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
InterlockedDecrement
lstrlenA
MultiByteToWideChar
LocalFree

user32

wsprintfA

ole32

OleRun
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString

oleaut32

VariantClear
GetErrorInfo
SysFreeString
SysAllocString

msvcrt

??2@YAPAXI@Z
_onexit
__dllonexit
_initterm
free
??1type_info@@UAE@XZ
_CxxThrowException
_adjust_fdiv
??3@YAXPAX@Z
malloc
__CxxFrameHandler

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/remover.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BKeeper.dll
.dll windows:4 windows x86 arch:x86

48bab3ac6fc156d8267f4f20f375f21a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Project\BlueKeeper_관련\BKeeper\release\BKeeper.pdb

Imports

kernel32

lstrcmpW
lstrcpyW
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
GetLastError
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
WriteFile
LoadLibraryA
InitializeCriticalSection
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

GetClassNameW
GetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExW
PostMessageW
MessageBoxW
SendMessageW
GetAsyncKeyState
CallNextHookEx

shell32

SHGetSpecialFolderPathW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

GetAccessUrl
GetActiveVal
InstallHook
SetActiveVal
SetSearchFileVal
SetSearchRegVal
UninstallHook

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HKT
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Searchhost.exe
.exe windows:5 windows x86 arch:x86

9910819cab59e3e35ab0ad89cfea0a0a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:03:97:df:89:b2:f3:68:4c:31:97:2b:f9:65:b7:3c
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

17-08-2010 00:00

Not After

16-08-2012 23:59

Subject

CN=MediaSave Co.\, Ltd.,OU=EC Team,O=MediaSave Co.\, Ltd.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\me\바탕 화면\사본 - URLManager\Searchhost\Release\Searchhost.pdb

Imports

ole32

OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleLockRunning
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleGetClipboard
CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
StgCreateDocfileOnILockBytes
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoGetClassObject
OleCreateMenuDescriptor
StgOpenStorageOnILockBytes
OleRun
CoCreateInstance
CoInitialize

bkeeper

GetActiveVal
ord3
ord2

user32

GetScrollInfo
GetWindowThreadProcessId
SendMessageA
InvalidateRect
EnableWindow
SendMessageTimeoutA
RegisterWindowMessageA
EnumChildWindows
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
FindWindowExA
GetClassNameA
AppendMenuA
GetSystemMenu
DestroyCursor
GetWindowRgn
CreateMenu
GetDoubleClickTime
GetIconInfo
SubtractRect
CopyIcon
CharUpperBuffA
GetUpdateRect
FrameRect
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
IsClipboardFormatAvailable
MapVirtualKeyExA
IsCharLowerA
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
SetCursorPos
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
UnionRect
GetKeyNameTextA
GetNextDlgGroupItem
EmptyClipboard
CloseClipboard
SetClipboardData
LoadImageA
DestroyIcon
CopyImage
OpenClipboard
DrawStateA
RegisterClipboardFormatA
LockWindowUpdate
IsMenu
SetClassLongA
SetParent
NotifyWinEvent
CreateAcceleratorTableA
DestroyAcceleratorTable
GetAsyncKeyState
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
PostThreadMessageA
DeleteMenu
WaitMessage
WindowFromPoint
UnregisterClassA
CharNextA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
SetWindowLongA
GetWindowLongA
LoadIconA
LoadCursorA
BringWindowToTop
TranslateAcceleratorA
InvalidateRgn
SetRect
CopyAcceleratorTableA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
GetMenuItemInfoA
InflateRect
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
MessageBeep
RedrawWindow
IsZoomed
PostQuitMessage
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
GetCursorPos
ReleaseCapture
SetCursor
SetCapture
KillTimer
SetTimer
ClientToScreen
SetWindowRgn
FillRect
IsRectEmpty
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
CharUpperA
GetDesktopWindow
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
GetMenuStringA
GetMenuState
GetWindow
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
GetMenu
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
PtInRect
SetWindowPlacement
CopyRect
SetScrollInfo
IsWindow
DeferWindowPos
EqualRect
ScreenToClient
GetParent
AdjustWindowRectEx
GetSysColor
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
MessageBoxA
PostMessageA
UpdateWindow
IsWindowVisible
ShowScrollBar
SetForegroundWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
GetKeyState
TrackPopupMenu
ScrollWindow
MapWindowPoints
PeekMessageA
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageA
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextLengthA
SetFocus
GetWindowTextA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHGetFileInfoA
DragFinish
DragQueryFileA
SHGetPathFromIDListA
SHBrowseForFolderA
SHAppBarMessage

kernel32

IsValidCodePage
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
VirtualFree
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
HeapSize
GetConsoleMode
CompareStringW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetACP
CreateThread
ExitThread
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FindResourceExA
VirtualProtect
GetProfileIntA
SearchPathA
GetSystemDirectoryW
LoadLibraryW
GetTempPathA
GetTickCount
GetCurrentDirectoryA
SetErrorMode
GetFileSizeEx
GetTempFileNameA
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetModuleHandleW
GetCurrentProcessId
GetTimeZoneInformation
WaitForSingleObject
ResumeThread
SetThreadPriority
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
InterlockedExchange
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
CloseHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetModuleFileNameW
GetThreadLocale
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
SetLastError
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
GetProcessHeap
ExitProcess
DeleteFileA
CreateDirectoryA
GetLastError
Sleep
lstrcmpA
GetModuleHandleA
GetVersionExA
GetProcAddress
LoadLibraryA
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection
HeapAlloc
HeapDestroy
HeapFree
HeapCreate
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GetFileType
SetStdHandle
InterlockedDecrement
InterlockedIncrement
lstrcpyA
lstrlenA
GetConsoleCP

gdi32

SetPixelV
GetTextFaceA
EnumFontFamiliesExA
GetSystemPaletteEntries
GetNearestPaletteIndex
SetPaletteEntries
ExtFloodFill
GetViewportOrgEx
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetWindowOrgEx
GetPaletteEntries
CreatePalette
RoundRect
Rectangle
Polygon
Polyline
CreatePolygonRgn
GetMapMode
SetRectRgn
CreateDIBSection
SetPixel
StretchBlt
CombineRgn
RealizePalette
GetDIBits
PatBlt
SetDIBColorTable
CreateRoundRectRgn
GetTextCharsetInfo
EnumFontFamiliesA
GetTextMetricsA
CreateDIBitmap
OffsetRgn
GetTextColor
GetBkColor
CreateCompatibleBitmap
GetRgnBox
CreateRectRgnIndirect
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32A
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateFontIndirectA
Ellipse
LPtoDP
DPtoLP
CreateEllipticRgn
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CopyMetaFileA
GetDeviceCaps

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegCloseKey
RegEnumKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA

comctl32

ImageList_GetIconSize
InitCommonControlsEx

shlwapi

PathFindExtensionA
PathStripToRootA
PathRemoveFileSpecW
PathFindFileNameA
PathIsUNCA

oledlg

ord8

oleaut32

SysAllocString
VariantChangeType
SystemTimeToVariantTime
LoadTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear
VariantInit
GetErrorInfo

urlmon

URLDownloadToFileA

gdiplus

GdipFree
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipAlloc

wininet

DeleteUrlCacheEntry

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SearchhostUpdate.exe
.exe windows:5 windows x86 arch:x86

4a37cddb26745ab4fed5ad99ec56c6af

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:03:97:df:89:b2:f3:68:4c:31:97:2b:f9:65:b7:3c
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

17-08-2010 00:00

Not After

16-08-2012 23:59

Subject

CN=MediaSave Co.\, Ltd.,OU=EC Team,O=MediaSave Co.\, Ltd.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\me\바탕 화면\사본 - URLManager\SearchhostUpdate\Release\SearchhostUpdate.pdb

Imports

kernel32

GetConsoleOutputCP
WriteConsoleW
WriteConsoleA
GetConsoleMode
GetProcessHeap
GetConsoleCP
LCMapStringW
LCMapStringA
CompareStringW
GetStringTypeW
GetStringTypeA
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
VirtualFree
HeapCreate
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetACP
IsDebuggerPresent
TerminateProcess
GetFileType
SetStdHandle
HeapSize
CreateThread
ExitThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
RtlUnwind
HeapReAlloc
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
FindResourceExA
VirtualProtect
GetProfileIntA
SearchPathA
GetSystemDirectoryW
LoadLibraryW
GetTempPathA
GetTickCount
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
GetFileSizeEx
SetErrorMode
GetTempFileNameA
GetFileTime
GetFileAttributesA
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleW
FileTimeToLocalFileTime
FindNextFileA
GetCurrentProcessId
WaitForSingleObject
ResumeThread
SetThreadPriority
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
InterlockedExchange
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
CloseHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
FileTimeToSystemTime
GetThreadLocale
GetLastError
SetLastError
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
CopyFileA
GetSystemDirectoryA
Sleep
ExitProcess
GetPrivateProfileStringA
DeleteFileA
CreateDirectoryA
lstrcpyA
lstrcmpA
MultiByteToWideChar
InterlockedDecrement
GetModuleFileNameA
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
SetEnvironmentVariableA

user32

IsClipboardFormatAvailable
MapVirtualKeyExA
IsCharLowerA
GetMenuDefaultItem
SetMenuDefaultItem
EnableScrollBar
SetCursorPos
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
UnionRect
GetNextDlgGroupItem
EmptyClipboard
CloseClipboard
SetClipboardData
LoadImageA
DestroyIcon
CopyImage
OpenClipboard
DrawStateA
RegisterClipboardFormatA
EnumChildWindows
LockWindowUpdate
IsMenu
GetSystemMenu
SetClassLongA
SetParent
NotifyWinEvent
CreateAcceleratorTableA
DestroyAcceleratorTable
GetAsyncKeyState
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
PostThreadMessageA
DeleteMenu
WaitMessage
WindowFromPoint
GetMenuItemInfoA
InflateRect
UnregisterClassA
CharNextA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
InvalidateRgn
SetRect
CopyAcceleratorTableA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
ShowOwnedPopups
GetMessageA
TranslateMessage
ValidateRect
MapVirtualKeyA
GetKeyNameTextA
ReleaseDC
GetDC
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
MapDialogRect
MessageBeep
RedrawWindow
IsZoomed
PostQuitMessage
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
GetCursorPos
ReleaseCapture
SetCursor
LoadCursorA
SetCapture
KillTimer
SetTimer
ClientToScreen
SetWindowRgn
FillRect
IsRectEmpty
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
InvalidateRect
EnableWindow
LoadIconA
GetWindowLongA
SetWindowLongA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
TranslateMDISysAccel
FrameRect
GetUpdateRect
CharUpperBuffA
CopyIcon
SubtractRect
GetIconInfo
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
PostMessageA
MessageBoxA
CreateWindowExA
GetDoubleClickTime
CreateMenu
GetWindowRgn
DestroyCursor
SetWindowContextHelpId
SendMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA
GetMenuState
GetWindowTextA
GetWindowTextLengthA
AdjustWindowRectEx
IsWindow
UnhookWindowsHookEx
CharUpperA
UpdateWindow
GetParent
IsChild
GetFocus
GetDlgCtrlID
GetWindow
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
GetMenu
CallWindowProcA
DefWindowProcA
PtInRect
SetWindowPlacement
CopyRect
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
GetSysColor
RegisterClassA
GetClassInfoA
GetClassInfoExA
UpdateLayeredWindow

gdi32

CreateHatchBrush
GetRgnBox
CreateCompatibleBitmap
GetBkColor
GetTextColor
CreateFontIndirectA
GetTextExtentPoint32A
OffsetRgn
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
SetDIBColorTable
GetDIBits
RealizePalette
CombineRgn
StretchBlt
SetPixel
CreateDIBSection
SetRectRgn
GetMapMode
CreatePolygonRgn
Polyline
Polygon
Rectangle
RoundRect
CreatePalette
CreateSolidBrush
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
GetTextFaceA
SetPixelV
TextOutA
RectVisible
PtVisible
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetPaletteEntries
GetDeviceCaps
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
Ellipse
LPtoDP
DPtoLP
CreateEllipticRgn
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CopyMetaFileA
ExtTextOutA

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueA
RegEnumKeyA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetFileInfoA
DragFinish
DragQueryFileA
SHAppBarMessage
SHGetPathFromIDListA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA

oledlg

ord8

ole32

CoRegisterMessageFilter
CoRevokeClassObject
CoInitializeEx
CoUninitialize
OleGetClipboard
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
OleCreateMenuDescriptor
CoGetClassObject
CLSIDFromProgID
CreateStreamOnHGlobal
CLSIDFromString
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
IsAccelerator
OleTranslateAccelerator
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleDestroyMenuDescriptor

oleaut32

VariantClear
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantChangeType
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
VariantInit
SysAllocString
OleCreateFontIndirect
VariantTimeToSystemTime

urlmon

URLDownloadToFileA

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCloneImage

wininet

DeleteUrlCacheEntry

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

5e:03:97:df:89:b2:f3:68:4c:31:97:2b:f9:65:b7:3cCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 291KB

.ndata Size: - Virtual size: 256KB

.rsrc Size: 2KB - Virtual size: 1KB

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 646B

.data Size: - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 146B

1a4c99175e8891c64634680f4f238d51

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

msvcrt

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 356B

.reloc Size: 1024B - Virtual size: 574B

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

5e:03:97:df:89:b2:f3:68:4c:31:97:2b:f9:65:b7:3c
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 291KB

.ndata
Size: - Virtual size: 256KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 646B

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 146B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 356B

.reloc
Size: 1024B - Virtual size: 574B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 291KB

.ndata
Size: - Virtual size: 256KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 11KB

.HKT
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 500B

.reloc
Size: 8KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

5e:03:97:df:89:b2:f3:68:4c:31:97:2b:f9:65:b7:3c
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 274KB - Virtual size: 274KB

.data
Size: 24KB - Virtual size: 51KB

.rsrc
Size: 81KB - Virtual size: 80KB