a3a9825b6d7a9400c8286cd09b5f1b0b

Sharing

Copy URL

Twitter E-mail

General

Target

a3a9825b6d7a9400c8286cd09b5f1b0b
Size

1.4MB
MD5

a3a9825b6d7a9400c8286cd09b5f1b0b
SHA1

86fadf882772fad466369c93eb518c7a68235afc
SHA256

d18c4ad4457a319649d5f860ed50d7405c3e6e8399a769af3bf9e529c2051129
SHA512

f72a0777dae9ab9f49a0e397daaaf41edf36cdabeda04c2d4d9493a61fbd972c0b7418b9894fef54ffa1c966a0e9a5680d431b5d67044dc47a570d59e1a317eb
SSDEEP

24576:XrOB1NqJr7adJSV062R5wMAexh6vB/abAaF55YMJtSc/l8OVU6ZM1Se3/SqgMfbd:bO7NO2TSV062HyrZKAaFHzJtp/lpU6SX

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/setuphlp.dll
unpack001/$TEMP/SCSIinst.exe
unpack001/Lang/1033.dll
unpack001/Plugins/Images/bw5mount.dll
unpack001/Plugins/Images/ccdmount.dll
unpack001/Plugins/Images/mdsmount.dll
unpack001/Plugins/Images/nrgmount.dll
unpack001/Plugins/Images/pdimount.dll
unpack001/pfctoc.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

a3a9825b6d7a9400c8286cd09b5f1b0b
.exe windows:4 windows x86 arch:x86

c6ec2286dd1d610e91f6cf961129a7e3

Code Sign

45:63:12:86:ed:34:d1:53:bf:0d:ae:d7:92:d0:df:bc
Certificate

Issuer

CN=DAEMON Tools Root CA

Not Before

30/09/2004, 21:00

Not After

30/09/2009, 20:59

Subject

CN=DAEMON Tools Timestamping Services,OU=Class A

Extended Key Usages

ExtKeyUsageTimeStamping

5c:66:d7:4d:ba:46:8c:78:b2:3e:4d:5c:38:0d:00:c6
Certificate

Issuer

CN=DAEMON Tools Root CA

Not Before

01/10/2004, 04:00

Not After

01/10/2009, 03:59

Subject

CN=DAEMON Tools Code Signing Services,OU=Class A

Extended Key Usages

ExtKeyUsageCodeSigning

04:6d:a3:28:b2:dd:fc:83:4e:ae:19:16:3c:ad:e9:77
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

30/09/2004, 21:00

Not After

30/09/2011, 20:59

Subject

CN=DAEMON Tools Root CA

04:6d:a3:28:b2:dd:fc:83:4e:ae:19:16:3c:ad:e9:77
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

30/09/2004, 21:00

Not After

30/09/2011, 20:59

Subject

CN=DAEMON Tools Root CA

08:86:b0:c2:2a:d1:13:97:40:dc:d1:c5:78:3a:43:be
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

27/06/2004, 21:00

Not After

31/12/2039, 23:59

Subject

CN=Generic Root Trust CA

bd:52:10:a6:43:c0:b7:26:9d:72:54:87:41:14:c6:81:1d:7b:91:59
Signer

Actual PE Digest

bd:52:10:a6:43:c0:b7:26:9d:72:54:87:41:14:c6:81:1d:7b:91:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetModuleHandleA
SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
LoadLibraryA
ExitProcess
GetCurrentProcess
CopyFileA
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
GetTempFileNameA
lstrcpyA
lstrlenA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetSystemDirectoryA
RemoveDirectoryA
GlobalFree
MulDiv
GetProcAddress
FreeLibrary
MultiByteToWideChar
DeleteFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA

user32

SetWindowTextA
SetTimer
DestroyWindow
CreateDialogParamA
ExitWindowsEx
CharNextA
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
ScreenToClient
GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
SetClassLongA
IsWindowEnabled
SetWindowPos
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
DefWindowProcA

gdi32

GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA
SHGetPathFromIDListA

ole32

OleUninitialize
OleInitialize
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

922b855d216a21490e4bcbf6c29b7f7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetModuleHandleA
GetPrivateProfileIntA
GlobalAlloc
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
MapWindowPoints
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
CreateWindowExA

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/dtsetup.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/setuphlp.dll
.dll windows:4 windows x86 arch:x86

4434aba69d0932b0bc15e81d87ce65fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

CreateEventA
LocalAlloc
lstrcatA
lstrcpyA
GlobalAlloc
GlobalFree
GetLastError
GetCurrentThread
FreeLibrary
GetModuleFileNameA
CreateMutexA
MultiByteToWideChar
LoadLibraryA
GlobalReAlloc
IsDBCSLeadByte
WideCharToMultiByte
GetExitCodeProcess
SetCurrentDirectoryA
CreateProcessA
ReleaseMutex
Sleep
lstrcmpiA
GetCurrentDirectoryA
WaitForSingleObject
CloseHandle
LocalFree
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetSystemDirectoryA
lstrcmpA
lstrlenA
SetEvent

user32

MessageBoxA
wsprintfA

advapi32

RegDeleteValueA
RegSetValueExA
RegQueryValueExA
EqualSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
FreeSid
OpenProcessToken
OpenThreadToken
RegCloseKey
GetTokenInformation

Exports

Exports

A0DB34FC6FE35D429A28ADDE5467D4D7
Hlp1
Hlp2
Hlp3
Hlp4

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsis0
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsis1
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SCSIinst.exe
.exe windows:4 windows x86 arch:x86

12e16d9067308ee4647c82779c7644d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
CreateFileW
GetCommandLineW
GetLastError
WriteFile
CloseHandle
DeleteFileW
Sleep
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetSystemWindowsDirectoryW
ExitProcess
lstrlenW

user32

MessageBoxW
wsprintfW

advapi32

RegSetValueExW
OpenServiceW
DeleteService
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
CloseServiceHandle
CreateServiceW
OpenSCManagerW
RegCreateKeyExW

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/SPTDinst.exe
.exe windows:4 windows x86 arch:x86

d274c2d6956a042052885987fc75b2c8

Code Sign

40:24:03:d6:91:0d:de:6e:b5:11:98:26:2d:2c:6f:9d
Certificate

Issuer

CN=Duplex Secure Root CA

Not Before

27/06/2004, 21:00

Not After

27/06/2009, 20:59

Subject

CN=Duplex Secure Timestamping Services,OU=Class A

Extended Key Usages

ExtKeyUsageTimeStamping

47:54:ca:05:d1:55:88:b5:41:b6:86:29:f9:93:7d:54
Certificate

Issuer

CN=Duplex Secure Root CA

Not Before

27/06/2004, 21:00

Not After

27/06/2009, 20:59

Subject

CN=Duplex Secure Code Signing Services,OU=Class A

Extended Key Usages

ExtKeyUsageCodeSigning

3b:81:e8:3c:d1:93:5c:9d:4d:64:2f:2c:13:14:b7:6b
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

27/06/2004, 21:00

Not After

27/06/2011, 20:59

Subject

CN=Duplex Secure Root CA

3b:81:e8:3c:d1:93:5c:9d:4d:64:2f:2c:13:14:b7:6b
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

27/06/2004, 21:00

Not After

27/06/2011, 20:59

Subject

CN=Duplex Secure Root CA

08:86:b0:c2:2a:d1:13:97:40:dc:d1:c5:78:3a:43:be
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

27/06/2004, 21:00

Not After

31/12/2039, 23:59

Subject

CN=Generic Root Trust CA

fa:d2:fc:10:50:ea:c8:8d:cf:78:25:3d:d0:ea:19:a7:ba:d8:b7:41
Signer

Actual PE Digest

fa:d2:fc:10:50:ea:c8:8d:cf:78:25:3d:d0:ea:19:a7:ba:d8:b7:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CertOpenStore

setupapi

SetupDiGetClassDescriptionA

imagehlp

CheckSumMappedFile

kernel32

SetEndOfFile
VirtualAlloc
GetCommandLineA
WaitForSingleObject
GetTickCount
ReleaseMutex
CloseHandle
LocalAlloc
CreateMutexA
LocalFree
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetCurrentThread
GetLastError
GetCurrentProcess
Sleep
HeapSize
VirtualFree
DeleteFileA
GetStartupInfoA
GetVersionExA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ReadFile
SetStdHandle
GetFileType
SetFilePointer
SetHandleCount
GetStdHandle
DeleteCriticalSection
WriteFile
RtlUnwind
InterlockedExchange
VirtualQuery
ExitProcess
TerminateProcess
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW
HeapReAlloc
FlushFileBuffers
InitializeCriticalSection
CreateFileA
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

MessageBoxA

advapi32

FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegOpenKeyA
CreateServiceA
OpenServiceA
CloseServiceHandle
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegGetKeySecurity
RegSetKeySecurity
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
OpenSCManagerA

Exports

Exports

A0DB34FC6FE35D429A28ADDE5467D4D7

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 636KB - Virtual size: 639KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sptd0
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Icons/tray1.ico
Icons/tray2.ico
Lang/1033.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Images/bw5mount.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ImagePluginClose
ImagePluginGetInfo
ImagePluginGetVersion
ImagePluginOpen

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Images/ccdmount.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ImagePluginClose
ImagePluginGetInfo
ImagePluginGetVersion
ImagePluginOpen

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Images/mdsmount.dll
.dll windows:4 windows x86 arch:x86

95c1ad1b73ae08008eee19c26f1db6fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
MultiByteToWideChar

Exports

Exports

ImagePluginClose
ImagePluginCreate
ImagePluginGetInfo
ImagePluginGetVersion
ImagePluginOpen
ImagePluginReadSectors
ImagePluginSetInfo
ImagePluginWriteSectors

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Images/nrgmount.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ImagePluginClose
ImagePluginGetInfo
ImagePluginGetVersion
ImagePluginOpen

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/Images/pdimount.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ImagePluginClose
ImagePluginGetInfo
ImagePluginGetVersion
ImagePluginOpen

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SetupDTSB.exe
.exe windows:4 windows x86 arch:x86

72f5ce5dc0583916066aba0978c025d5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:55:3e:9d:bd:ea:a7:c5:d2:e5:d1:2e:3c:96:b5:61
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/03/2005, 00:00

Not After

08/04/2006, 23:59

Subject

CN=WHENU.COM INC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Department,O=WHENU.COM INC,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects.NET\UInstall\UInstall\Release\UInstall.pdb

Imports

kernel32

LockResource
GetVersionExA
LoadLibraryA
FreeLibrary
GetTempPathA
GetFileAttributesA
GetWindowsDirectoryA
lstrcpyA
CreateDirectoryA
GetLastError
GetCurrentProcessId
DeleteFileA
GetProcAddress
WaitForSingleObject
CloseHandle
CreateFileA
WriteFile
GetModuleFileNameA
lstrlenA
GetTempFileNameA
GetShortPathNameA
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
ResumeThread
GetProcessHeap
RaiseException
lstrcmpiA
GetStringTypeExA
GetThreadLocale
lstrcmpA
FindResourceExA
WideCharToMultiByte
InterlockedExchange
GetACP
GetLocaleInfoA
DeleteCriticalSection
InitializeCriticalSection
GetFileSize
LoadResource
MapViewOfFile
CompareStringA
UnmapViewOfFile
SetFilePointer
SetEndOfFile
lstrcatA
MultiByteToWideChar
OpenProcess
TerminateProcess
lstrlenW
RemoveDirectoryA
lstrcpynA
FileTimeToSystemTime
FlushInstructionCache
HeapAlloc
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
VirtualQuery
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetModuleHandleA
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
LocalAlloc
SizeofResource
FindResourceA
SystemTimeToFileTime
GetLocalTime
GetCommandLineA
CreateFileMappingA
HeapFree

user32

DestroyWindow
PostQuitMessage
CharNextA
wsprintfA
UnregisterClassA
RegisterClassExA
GetClassInfoExA
LoadCursorA
CreateWindowExA
GetSystemMetrics
SendMessageTimeoutA
IsWindow
GetWindowThreadProcessId
FindWindowA
CallWindowProcA
DefWindowProcA
GetWindowLongA
SetWindowLongA
wvsprintfA
CharUpperA
MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHFileOperationA
SHGetMalloc
ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VarR8FromStr

shlwapi

PathGetArgsA
PathFindFileNameA

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
daemon.dll
.dll windows:4 windows x86 arch:x86

3d81086e09cf290a48f3bc5d15880ae5

Code Sign

45:63:12:86:ed:34:d1:53:bf:0d:ae:d7:92:d0:df:bc
Certificate

Issuer

CN=DAEMON Tools Root CA

Not Before

30/09/2004, 21:00

Not After

30/09/2009, 20:59

Subject

CN=DAEMON Tools Timestamping Services,OU=Class A

Extended Key Usages

ExtKeyUsageTimeStamping

5c:66:d7:4d:ba:46:8c:78:b2:3e:4d:5c:38:0d:00:c6
Certificate

Issuer

CN=DAEMON Tools Root CA

Not Before

01/10/2004, 04:00

Not After

01/10/2009, 03:59

Subject

CN=DAEMON Tools Code Signing Services,OU=Class A

Extended Key Usages

ExtKeyUsageCodeSigning

04:6d:a3:28:b2:dd:fc:83:4e:ae:19:16:3c:ad:e9:77
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

30/09/2004, 21:00

Not After

30/09/2011, 20:59

Subject

CN=DAEMON Tools Root CA

04:6d:a3:28:b2:dd:fc:83:4e:ae:19:16:3c:ad:e9:77
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

30/09/2004, 21:00

Not After

30/09/2011, 20:59

Subject

CN=DAEMON Tools Root CA

08:86:b0:c2:2a:d1:13:97:40:dc:d1:c5:78:3a:43:be
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

27/06/2004, 21:00

Not After

31/12/2039, 23:59

Subject

CN=Generic Root Trust CA

a3:99:03:2d:a8:12:eb:6a:f7:96:c4:83:18:ca:ed:5f:e2:87:95:6f
Signer

Actual PE Digest

a3:99:03:2d:a8:12:eb:6a:f7:96:c4:83:18:ca:ed:5f:e2:87:95:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

cfgmgr32

CM_Open_Class_KeyA
CM_Get_Child
CM_Get_Sibling
CM_Get_Device_IDW
CM_Locate_DevNodeW
CM_Get_DevNode_Status

setupapi

SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiCallClassInstaller
SetupDiSetSelectedDevice
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiRegisterDeviceInfo
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiRemoveDevice
SetupDiDeleteDevRegKey
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetINFClassW

kernel32

SetCurrentDirectoryA
HeapSize
Sleep
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
CloseHandle
LocalFree
CreateMutexA
LocalAlloc
GetCurrentProcess
GetLastError
GetCurrentThread
FreeLibrary
GetModuleFileNameA
IsBadReadPtr
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetModuleHandleA
ReleaseMutex
WaitForSingleObject
DeviceIoControl
CreateFileA
WriteFile
SetLastError
CompareStringA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
InterlockedExchange
GetLocaleInfoA
IsBadCodePtr
GetStringTypeA
FlushFileBuffers
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
GetEnvironmentStrings
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
LCMapStringA
IsBadWritePtr
HeapReAlloc
GetFileType
GetFullPathNameA
RemoveDirectoryA
CreateDirectoryA
GetDriveTypeA
GetCurrentDirectoryA
SetEnvironmentVariableA
SetFilePointer
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
MoveFileA
DeleteFileA
ReadFile
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetEndOfFile
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
TerminateProcess
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetACP
GetOEMCP
HeapDestroy
HeapCreate
VirtualFree

user32

RegisterWindowMessageA

advapi32

RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
RegCreateKeyExA
OpenThreadToken
RegCloseKey
RegDeleteKeyA
OpenSCManagerA
FreeSid

Exports

Exports

A0DB34FC6FE35D429A28ADDE5467D4D7

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vdt0
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vdt1
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
daemon.exe
.exe windows:4 windows x86 arch:x86

9ff09131ca0ba9099ceeabb35b88bf2e

Code Sign

45:63:12:86:ed:34:d1:53:bf:0d:ae:d7:92:d0:df:bc
Certificate

Issuer

CN=DAEMON Tools Root CA

Not Before

30/09/2004, 21:00

Not After

30/09/2009, 20:59

Subject

CN=DAEMON Tools Timestamping Services,OU=Class A

Extended Key Usages

ExtKeyUsageTimeStamping

5c:66:d7:4d:ba:46:8c:78:b2:3e:4d:5c:38:0d:00:c6
Certificate

Issuer

CN=DAEMON Tools Root CA

Not Before

01/10/2004, 04:00

Not After

01/10/2009, 03:59

Subject

CN=DAEMON Tools Code Signing Services,OU=Class A

Extended Key Usages

ExtKeyUsageCodeSigning

04:6d:a3:28:b2:dd:fc:83:4e:ae:19:16:3c:ad:e9:77
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

30/09/2004, 21:00

Not After

30/09/2011, 20:59

Subject

CN=DAEMON Tools Root CA

04:6d:a3:28:b2:dd:fc:83:4e:ae:19:16:3c:ad:e9:77
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

30/09/2004, 21:00

Not After

30/09/2011, 20:59

Subject

CN=DAEMON Tools Root CA

08:86:b0:c2:2a:d1:13:97:40:dc:d1:c5:78:3a:43:be
Certificate

Issuer

CN=Generic Root Trust CA

Not Before

27/06/2004, 21:00

Not After

31/12/2039, 23:59

Subject

CN=Generic Root Trust CA

17:ed:05:a4:04:6b:3b:ba:86:94:c1:08:26:06:8b:21:83:c4:e1:7a
Signer

Actual PE Digest

17:ed:05:a4:04:6b:3b:ba:86:94:c1:08:26:06:8b:21:83:c4:e1:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDrives
CloseHandle
GetCurrentProcess
WaitForMultipleObjects
SetLastError
OutputDebugStringA
FreeLibrary
InitializeCriticalSectionAndSpinCount
ReleaseMutex
WaitForSingleObject
CreateThread
GetCommandLineW
InterlockedExchange
CompareStringA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
SetEvent
FlushFileBuffers
HeapSize
GetTimeZoneInformation
GetSystemInfo
VirtualProtect
SetStdHandle
InitializeCriticalSection
GetExitCodeProcess
GetOEMCP
GetACP
GetStringTypeA
GetLocaleInfoA
LCMapStringA
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
GetLastError
LocalFree
Sleep
GetVersion
GetModuleHandleA
LoadLibraryA
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
HeapAlloc
HeapFree
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
RtlUnwind
VirtualQuery
FileTimeToSystemTime
FileTimeToLocalFileTime
TerminateProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetFilePointer
SetEnvironmentVariableA

user32

TranslateMessage
DestroyIcon
CreatePopupMenu
GetCursorPos
TrackPopupMenu
DestroyMenu
GetParent
GetWindowRect
GetSystemMetrics
MoveWindow
PostQuitMessage
ExitWindowsEx
GetDlgItem
EndDialog
ShowWindow
DestroyWindow
SetForegroundWindow

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegCloseKey

Exports

Exports

A0DB34FC6FE35D429A28ADDE5467D4D7

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.daemon0
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pfctoc.dll
.dll windows:4 windows x86 arch:x86

92dc1350050c1104b682cc5ee133e008

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
GetModuleHandleA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeLibrary
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetCommandLineA
HeapAlloc
WritePrivateProfileStringA
ExitProcess
TerminateProcess
HeapSize
GetTimeZoneInformation
GetACP
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapFree
GlobalFlags
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
DuplicateHandle
GlobalFree
GlobalAlloc
GlobalReAlloc
FindFirstFileA
FindClose
UnlockFile
LockFile
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SetLastError
GetEnvironmentStrings
GlobalLock
SetFilePointer
SetEndOfFile
GetCurrentThread
GlobalDeleteAtom
GetLastError
LocalFree
GetCurrentThreadId
lstrcmpA
GetFileTime
InterlockedDecrement
GetFileAttributesA
WideCharToMultiByte
InterlockedIncrement
GetModuleFileNameA
lstrcmpiA
GetVolumeInformationA
GetFullPathNameA
lstrcpynA
MultiByteToWideChar
lstrcpyA
lstrlenA
LoadLibraryA
GetProcAddress
FlushFileBuffers
CloseHandle
CreateFileA
WriteFile
ReadFile
GetEnvironmentStringsW
GetCurrentProcess
GetEnvironmentVariableA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetFileSize

user32

RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
IsIconic
SystemParametersInfoA
GetWindowPlacement
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
GetSystemMetrics
CharUpperA
wsprintfA
LoadBitmapA
GetMenuCheckMarkDimensions
LoadStringA

gdi32

DeleteObject
SaveDC
RestoreDC
GetStockObject
SelectObject
SetBkColor
SetTextColor
SetViewportOrgEx
OffsetViewportOrgEx
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
CreateBitmap
DeleteDC

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

comctl32

ord17

Exports

Exports

PfcFreeToc
PfcGetToc

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

c6ec2286dd1d610e91f6cf961129a7e3

Code Sign

45:63:12:86:ed:34:d1:53:bf:0d:ae:d7:92:d0:df:bcCertificate

Extended Key Usages

5c:66:d7:4d:ba:46:8c:78:b2:3e:4d:5c:38:0d:00:c6Certificate

Extended Key Usages

04:6d:a3:28:b2:dd:fc:83:4e:ae:19:16:3c:ad:e9:77Certificate

04:6d:a3:28:b2:dd:fc:83:4e:ae:19:16:3c:ad:e9:77Certificate

08:86:b0:c2:2a:d1:13:97:40:dc:d1:c5:78:3a:43:beCertificate

bd:52:10:a6:43:c0:b7:26:9d:72:54:87:41:14:c6:81:1d:7b:91:59Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 108KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

922b855d216a21490e4bcbf6c29b7f7d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 930B

4434aba69d0932b0bc15e81d87ce65fb

Headers

File Characteristics

Imports

version

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1008B

.nsis0 Size: 1024B - Virtual size: 856B

.nsis1 Size: 21KB - Virtual size: 20KB

.reloc Size: 4KB - Virtual size: 4KB

12e16d9067308ee4647c82779c7644d0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 220KB - Virtual size: 218KB

d274c2d6956a042052885987fc75b2c8

45:63:12:86:ed:34:d1:53:bf:0d:ae:d7:92:d0:df:bc
Certificate

5c:66:d7:4d:ba:46:8c:78:b2:3e:4d:5c:38:0d:00:c6
Certificate

04:6d:a3:28:b2:dd:fc:83:4e:ae:19:16:3c:ad:e9:77
Certificate

04:6d:a3:28:b2:dd:fc:83:4e:ae:19:16:3c:ad:e9:77
Certificate

08:86:b0:c2:2a:d1:13:97:40:dc:d1:c5:78:3a:43:be
Certificate

bd:52:10:a6:43:c0:b7:26:9d:72:54:87:41:14:c6:81:1d:7b:91:59
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 108KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 930B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1008B

.nsis0
Size: 1024B - Virtual size: 856B

.nsis1
Size: 21KB - Virtual size: 20KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 220KB - Virtual size: 218KB

40:24:03:d6:91:0d:de:6e:b5:11:98:26:2d:2c:6f:9d
Certificate

47:54:ca:05:d1:55:88:b5:41:b6:86:29:f9:93:7d:54
Certificate

3b:81:e8:3c:d1:93:5c:9d:4d:64:2f:2c:13:14:b7:6b
Certificate

3b:81:e8:3c:d1:93:5c:9d:4d:64:2f:2c:13:14:b7:6b
Certificate

08:86:b0:c2:2a:d1:13:97:40:dc:d1:c5:78:3a:43:be
Certificate

fa:d2:fc:10:50:ea:c8:8d:cf:78:25:3d:d0:ea:19:a7:ba:d8:b7:41
Signer

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 636KB - Virtual size: 639KB

.rsrc
Size: 8KB - Virtual size: 5KB

.sptd0
Size: 84KB - Virtual size: 82KB

.reloc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 16B - Virtual size: 8B

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 46B

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 48B

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 94B

.text
Size: 18KB - Virtual size: 17KB

.data
Size: - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 512B - Virtual size: 168B