b638189fdddc2959280e694dfceb58d0

Sharing

Copy URL Twitter E-mail

General

Target

b638189fdddc2959280e694dfceb58d0
Size

26.3MB
MD5

b638189fdddc2959280e694dfceb58d0
SHA1

2f2775e3dc75e59fc74aaee9d80b50a93fc134ca
SHA256

c1c837a3ad75ea227dac00b0e90ef9f14815bce1e78f493a5969b7040fb2e124
SHA512

41c8d0706ab77777b14009a207375216eaff882f1d0d3c97ffa8b753a25d42781a0a566896f7f65d2056a7c91bb87b25216b067ea7b4be6cdf61d55effdbf201
SSDEEP

393216:963hdBlf1BTJ9PQkT+t0IRvcGVwFM9fNKgs/GkjJjAckpEZriDgPI1nJ5Tx5q9:9ohdv1BvSKGOq9fNKgs95AckpEPQpJNK

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack003/$PLUGINSDIR/nsRandom.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Keygen.exe	upx
static1/unpack003/$PLUGINSDIR/nsRandom.dll	upx

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Keygen.exe
unpack001/sss2007int.exe
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/Processes.dll
unpack003/$PLUGINSDIR/SysRestore.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PLUGINSDIR/nsRandom.dll
unpack004/out.upx
unpack003/$PLUGINSDIR/nsSCM.dll
unpack003/$SYSDIR/SatSrv.exe
unpack003/Suite.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/sss2007int.exe	nsis_installer_1

Files

b638189fdddc2959280e694dfceb58d0
.rar
CORE.NFO
Keygen.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 532KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 76KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sss2007int.exe
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SysRestore.dll
.dll windows:4 windows x86 arch:x86

a81c3ed1cb573fcd1e554161b1aec265

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

user32

wsprintfA

srclient

SRSetRestorePointA

Exports

Exports

InstallFailed
InstallStart
InstallSuccess
UninstallFailed
UninstallStart
UninstallSuccess

Sections

.text
Size: 512B - Virtual size: 442B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 493B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName

Sections

.text
Size: 1024B - Virtual size: 573B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsRandom.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetRandom

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsSCM.dll
.dll windows:4 windows x86 arch:x86

cae3b41a07819ca715746a4d081b8a6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CreateServiceA
StartServiceA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CloseServiceHandle

kernel32

GlobalFree
GetLastError
lstrcpyA
lstrcpynA
GlobalAlloc

user32

wsprintfA

Exports

Exports

Install
QueryStatus
Remove
Start
Stop

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/Drivers/sleen15.sys
.sys windows:4 windows x86 arch:x86

0212df445f626339389c38d109d672dc

Code Sign

01:00:00:00:00:01:0f:05:89:3d:70
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

20/11/2006, 13:23

Not After

20/11/2007, 13:23

Subject

CN=Softwareentwicklung Patric Remus - ArchiCrypt -,O=Softwareentwicklung Patric Remus,C=DE,1.2.840.113549.1.9.1=#0c16416e667261676540417263686943727970742e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:3a:1b:19:07:72:dd:47:bf:1f:4f:d2:aa:20:18:53:2c:c7:0b:a1
Signer

Actual PE Digest

da:3a:1b:19:07:72:dd:47:bf:1f:4f:d2:aa:20:18:53:2c:c7:0b:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetRelatedDeviceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
IoRegisterShutdownNotification
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
wcscpy
ExFreePoolWithTag
ObReferenceObjectByHandle
PsCreateSystemThread
ObOpenObjectByPointer
IoGetCurrentProcess
ExAllocatePoolWithTag
KeReleaseSemaphore
wcsncat
wcscat
IoDeleteSymbolicLink
SeTokenType
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwCreateFile
NtAdjustPrivilegesToken
ZwOpenProcessToken
IoCreateUnprotectedSymbolicLink
wcslen
KeInitializeSpinLock
KeInitializeSemaphore
KeReleaseMutex
SeCreateClientSecurity
KeGetCurrentThread
ZwWriteFile
ZwReadFile
_allmul
KeQuerySystemTime
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetEvent
PsRevertToSelf
SeImpersonateClient
KeSetPriorityThread
ExfInterlockedInsertTailList
IoSetHardErrorOrVerifyDevice
IofCompleteRequest
KeInitializeMutex
RtlQueryRegistryValues
RtlAppendUnicodeToString
RtlCopyUnicodeString
_except_handler3
IoFreeIrp
MmMapLockedPages
ProbeForWrite
IoFreeMdl
MmUnlockPages
MmUnmapLockedPages
MmMapLockedPagesSpecifyCache
KeBugCheck
_alldiv
KeClearEvent
IoFileObjectType
ZwQueryInformationFile
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoAllocateIrp
KeBugCheckEx

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/SatSrv.exe
.exe windows:4 windows x86 arch:x86

3607fc1cf49d024ce2e6c6b708cea4ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\AntiTheft.engine\_output\Release\SatSrv.pdb

Imports

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
SetEvent
Sleep
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetLocalTime
FindClose
FindFirstFileA
FindFirstFileW
GetDriveTypeW
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
FlushFileBuffers
GetDateFormatW
GetLocaleInfoA
GetFileTime
OpenFile
GetFileAttributesW
GetCurrentProcessId
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
GetTickCount
CreateThread
SetFileTime
SetFileAttributesW
WaitForSingleObject
CreateEventW
SetErrorMode
CreateDirectoryW
GetCPInfo
GetACP
InterlockedExchange
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
UnmapViewOfFile
CreateFileMappingW
GetLastError
MapViewOfFile
GlobalLock
CloseHandle
GlobalHandle
GlobalFree
GlobalAlloc
GetTimeFormatW
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
HeapReAlloc
QueryPerformanceCounter
GetCurrentThreadId
VirtualQuery
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

FindWindowExW
SendMessageW

advapi32

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetServiceStatus
RegFlushKey
RegCloseKey

ole32

CoUninitialize
CoInitialize

ws2_32

recv
send
socket
ioctlsocket
htons
gethostbyname
connect
WSAGetLastError
select
shutdown
closesocket
WSAStartup
WSACleanup

shlwapi

PathFileExistsW

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$WINDIR/sleen1564.sys
.sys windows:4 windows x64 arch:x64

c0ff1e8b239a90a66e2a119017515ce2

Code Sign

01:00:00:00:00:01:0f:05:89:3d:70
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

20/11/2006, 13:23

Not After

20/11/2007, 13:23

Subject

CN=Softwareentwicklung Patric Remus - ArchiCrypt -,O=Softwareentwicklung Patric Remus,C=DE,1.2.840.113549.1.9.1=#0c16416e667261676540417263686943727970742e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:6a:14:77:59:55:94:b0:2f:ad:b8:60:9f:26:a7:ef:fd:5b:17:58
Signer

Actual PE Digest

5b:6a:14:77:59:55:94:b0:2f:ad:b8:60:9f:26:a7:ef:fd:5b:17:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

__chkstk
ZwClose
NtAdjustPrivilegesToken
ZwOpenProcessToken
ObfDereferenceObject
KeWaitForSingleObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetRelatedDeviceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
IoRegisterShutdownNotification
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
ExFreePoolWithTag
ObReferenceObjectByHandle
PsCreateSystemThread
ObOpenObjectByPointer
IoGetCurrentProcess
ExAllocatePoolWithTag
KeReleaseSemaphore
wcsncat
IoDeleteSymbolicLink
SeTokenType
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwCreateFile
IoCreateUnprotectedSymbolicLink
KeInitializeSemaphore
KeReleaseMutex
SeCreateClientSecurity
ZwWriteFile
ZwReadFile
ExInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetEvent
PsRevertToSelf
SeImpersonateClient
KeSetPriorityThread
ExInterlockedInsertTailList
IoSetHardErrorOrVerifyDevice
IofCompleteRequest
KeInitializeMutex
RtlQueryRegistryValues
RtlAppendUnicodeToString
RtlCopyUnicodeString
__C_specific_handler
IoFreeIrp
MmMapLockedPages
ProbeForWrite
IoFreeMdl
MmUnlockPages
MmUnmapLockedPages
MmMapLockedPagesSpecifyCache
KeBugCheck
KeClearEvent
IoFileObjectType
ZwQueryInformationFile
MmBuildMdlForNonPagedPool
IoAllocateMdl
IoAllocateIrp
KeBugCheckEx

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 896B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 32B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AntiTheft.res
.zip
res/CBMP/BMP_ANTITHEFT_BACKGROUND.png
.png
res/CBMP/BMP_ANTITHEFT_BUTTON.png
.png
res/CBMP/BMP_ANTITHEFT_BUTTON_FOCUSED.png
.png
res/CBMP/BMP_ANTITHEFT_BUTTON_PRESSED.png
.png
res/CBMP/BMP_ANTITHEFT_STATE_ACTIVE.png
.png
res/CBMP/BMP_ANTITHEFT_STATE_INACTIVE.png
.png
res/CBMP/BMP_ANTITHEFT_STATE_WARNING.png
.png
res/CBMP/BMP_ANTITHEFT_TITLE.png
.png
res/CBMP/BMP_LOGO_ANTITHEFT.png
.png
res/CBMP/BMP_LOGO_ANTITHEFT64.png
.png
res/CBMP/BMP_LOGO_ANTITHEFT_OLD.png
.png
res/ICON/IDI_FEATURE_ANTITHEFT.ico
res/ICON/IDI_FEATURE_ANTITHEFT_OLD.ico
res/TEXTSTRINGTABLE/DE_ANTITHEFT.txt
res/TEXTSTRINGTABLE/EN_ANTITHEFT.txt
res/TEXTSTRINGTABLE/ES_ANTITHEFT.txt
res/TEXTSTRINGTABLE/FR_ANTITHEFT.txt
res/TEXTSTRINGTABLE/JP_ANTITHEFT.txt
res/TEXTSTRINGTABLE/PL_ANTITHEFT.txt
res/XMLDIALOG/DLG_ANTITHEFT_MAINDLG.sxd
res/XMLDIALOG/DLG_ANTITHEFT_TASK_FINISH.sxd
res/XMLDIALOG/DLG_ANTITHEFT_TASK_REGISTER.sxd
res/XMLDIALOG/DLG_ANTITHEFT_TASK_WELCOME.sxd
res/XMLDIALOG/DLG_STEGANOS_ANTITHEFT_CCONFIGPANELANTITHEFT.sxd
res/XMLFEATURE/AntiTheft.sxp
ChannelDefault.res
.zip
res/XMLCHANNEL/CHANNEL_DEFAULT.sxc
FileManager.res
.zip
res/BITMAP/IDB_BACKGROUND.bmp
res/BITMAP/IDB_SHELL_DECRYPT.bmp
res/BITMAP/IDB_SHELL_ENCRYPT.bmp
res/BITMAP/IDB_SHELL_HIDE.bmp
res/BITMAP/IDB_TOOLBAR.bmp
res/BITMAP/IDB_TOOLBAR_COLD.bmp
res/BITMAP/IDB_TOOLBAR_DISABLED.bmp
res/CBMP/BMP_BACKGROUND_FILEMANAGER.png
.png
res/CBMP/BMP_LOGO_FILEMANAGER.png
.png
res/ICON/IDI_FEATURE_FILEMANAGER.ico
res/TEXTSTRINGTABLE/CN_FILEMANAGER.txt
res/TEXTSTRINGTABLE/DE_FILEMANAGER.txt
res/TEXTSTRINGTABLE/EN_FILEMANAGER.txt
res/TEXTSTRINGTABLE/ES_FILEMANAGER.txt
res/TEXTSTRINGTABLE/FR_FILEMANAGER.txt
res/TEXTSTRINGTABLE/JP_FILEMANAGER.txt
res/TEXTSTRINGTABLE/PL_FILEMANAGER.txt
res/XMLFEATURE/FileManager.sxp
FileTables.res
.zip
res/XMLFEATURE/FileTables.sxp
HTMLDialogs.res
.zip
res/CBMP/BMP_LOGO_TOOLKIT32.png
.png
res/CBMP/BMP_LOGO_TOOLKIT48.png
.png
res/CBMP/BMP_WHITE33.png
.png
res/CSS/CSS_STEGANOS.css
res/JSCRIPT/JS_AJAX.js
.js
res/JSCRIPT/JS_CONFIGDIALOG.js
.js
res/JSCRIPT/JS_DISABLECONTEXTMENU.js
res/JSCRIPT/JS_FIXPNG.js
.js
res/JSCRIPT/JS_IFRAME.js
.js
res/JSCRIPT/JS_PROGRESSBAR.js
.js
HotKeys.res
.zip
PasswordManager.res
.zip
PicPass.res
.zip
SSS2007EN_default.chm
.chm
SSS2007ES_default.chm
.chm
Safe.res
.zip
SteganosUI.res
.zip
Suite.exe
.exe windows:4 windows x86 arch:x86

67e286eb26fade3d51e782b3b8ccffdd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
FormatMessageW
EnumResourceNamesW
GetComputerNameW
GetExitCodeProcess
CreateProcessW
MulDiv
VirtualFree
VirtualAlloc
GetFileSize
FindNextFileW
GetCurrentThread
OutputDebugStringW
DeleteFileW
SetFileAttributesW
lstrlenA
GetTempFileNameW
GetTempPathW
FindNextFileA
LoadLibraryA
SetCurrentDirectoryA
SetCurrentDirectoryW
OpenFileMappingW
SetEvent
WaitForMultipleObjects
CreateEventW
GetDiskFreeSpaceW
GetSystemDirectoryW
GetVersion
GetWindowsDirectoryW
CreateToolhelp32Snapshot
Process32First
Process32Next
GetVolumeInformationW
SetLastError
WritePrivateProfileStringW
GetFileAttributesW
OpenFile
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
QueryPerformanceCounter
SetStdHandle
IsBadCodePtr
GetFileTime
FlushFileBuffers
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetTimeZoneInformation
GetSystemInfo
VirtualProtect
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCPInfo
GetDateFormatA
GetTimeFormatA
LCMapStringW
LCMapStringA
HeapSize
SetUnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
VirtualQuery
GetVersionExA
GetStartupInfoW
GetFullPathNameA
GetCurrentDirectoryA
GetDriveTypeA
IsBadReadPtr
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
TerminateProcess
GetModuleHandleA
ExitProcess
CreateSemaphoreW
Sleep
LockResource
ExitThread
CreateThread
SetThreadPriority
ResumeThread
DuplicateHandle
GetCurrentProcessId
OpenProcess
CreateFileA
GetModuleFileNameA
GetDriveTypeW
FindFirstFileW
FindFirstFileA
FindClose
GetTickCount
lstrcpynW
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrcpyW
lstrlenW
GetModuleFileNameW
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
HeapAlloc
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
SetFileTime
GetCurrentDirectoryW
GetCurrentThreadId
GlobalUnlock
GlobalSize
ReleaseSemaphore
TerminateThread
LoadLibraryW
GetProcAddress
FreeLibrary
CreateDirectoryW
WideCharToMultiByte
MultiByteToWideChar
LocalFileTimeToFileTime
SystemTimeToFileTime
CreateFileW
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetThreadLocale
GetLocaleInfoA
GetACP
GlobalLock
InterlockedExchange
UnmapViewOfFile
CreateFileMappingW
GetLastError
MapViewOfFile
CloseHandle
GetVersionExW
GlobalHandle
GlobalFree
GlobalAlloc
GetOEMCP

user32

SetRectEmpty
IsRectEmpty
SetPropA
GetSystemMetrics
IsClipboardFormatAvailable
GetClipboardData
GetCursorPos
CreatePopupMenu
TrackPopupMenu
GetKeyState
RegisterWindowMessageW
GetSysColor
DestroyWindow
AppendMenuW
DestroyMenu
GetSystemMenu
FillRect
DrawFocusRect
InflateRect
SetRect
DrawTextW
DestroyIcon
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CreateWindowExW
wsprintfW
RegisterClassExW
GetClassInfoExW
AnimateWindow
CreateDialogParamW
CreateDialogIndirectParamW
SystemParametersInfoW
MapWindowPoints
FlashWindowEx
SetActiveWindow
OffsetRect
DrawStateW
SetMenu
CreateMenu
ReleaseCapture
SetCapture
PtInRect
UnionRect
SetCursor
GetSysColorBrush
UnregisterClassW
DefWindowProcW
SetWindowLongW
GetMessageW
CallWindowProcW
GetWindowDC
ReleaseDC
LoadBitmapW
LoadImageW
GetDoubleClickTime
FindWindowW
ExitWindowsEx
LoadCursorW
WinHelpW
CharNextW
SendMessageW
GetPropW
CopyRect
ScreenToClient
GetParent
GetWindowRect
BeginPaint
EndPaint
GetDC
GetClientRect
GetIconInfo
GetWindowThreadProcessId
SendMessageTimeoutW
PostQuitMessage
DispatchMessageW
TranslateMessage
PeekMessageW
GetPropA
EnumWindows
MessageBoxW
DestroyCursor
TranslateAcceleratorW
GetDialogBaseUnits
IsWindowEnabled
MoveWindow
ShowWindow
InvalidateRect
UpdateWindow
SetFocus
SetWindowTextW
EndDialog
EnableWindow
DrawEdge
GetFocus
RedrawWindow
IsWindow
SetTimer
KillTimer
GetDlgCtrlID
PostMessageW
DialogBoxIndirectParamW
DialogBoxParamW
SetParent
SetPropW
GetDlgItem
CreateCursor
GetWindowTextW
GetWindowTextLengthW
GetWindowPlacement
SetWindowPlacement
SetWindowPos
MapDialogRect
EnumChildWindows
InsertMenuW
GetDesktopWindow
TrackMouseEvent
GetWindowLongW
GetClassNameW
LockWindowUpdate
EnumThreadWindows
SetForegroundWindow
IsWindowVisible
GetWindow

gdi32

SetPixel
GetObjectA
GetTextAlign
SetTextAlign
SetTextColor
GetObjectW
SelectClipRgn
GetClipBox
GetViewportOrgEx
CreateRectRgn
GetPixel
BitBlt
SetViewportOrgEx
SetBkMode
SelectObject
CreateDIBitmap
GetDeviceCaps
CreateSolidBrush
CreatePatternBrush
DeleteObject
DeleteDC
ExtTextOutW
SetBkColor
GetCurrentObject
SetMapMode
RestoreDC
SaveDC
GetTextExtentPoint32W
GetTextColor
CreateFontIndirectW
CreateFontW
OffsetWindowOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
SetWindowOrgEx

advapi32

IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumValueW
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
CreateProcessAsUserW
GetUserNameW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegFlushKey
RegCloseKey

shell32

SHGetFileInfoW
SHGetMalloc
ShellExecuteExA
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW

ole32

CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
RevokeDragDrop
RegisterDragDrop

oleaut32

VarUI4FromStr

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCreateLineBrush
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImageRectRectI
GdipSetTextContrast
GdipSetStringFormatHotkeyPrefix
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipMeasureString
GdipDrawString
GdipDrawLineI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetStringFormatAlign
GdipCreateBitmapFromGraphics
GdipDeleteFont
GdipCreateStringFormat
GdipGetImageGraphicsContext
GdipCreateHICONFromBitmap
GdipDrawRectangleI
GdipDeletePen
GdipCreatePen1
GdipDrawImageRectI
GdipFillRectangleI
GdipScaleWorldTransform
GdipResetWorldTransform
GdipSetSmoothingMode
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteGraphics
GdipDeleteBrush
GdipCreateBitmapFromResource
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipCloneBitmapAreaI
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteStringFormat

shlwapi

PathFileExistsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_GetImageCount
ImageList_AddMasked
InitCommonControlsEx

rpcrt4

UuidToStringA
RpcStringFreeA

ws2_32

WSAStartup
gethostname
WSACleanup
inet_ntoa
gethostbyname

crypt32

CertGetNameStringW
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertFreeCertificateContext

Sections

.text
Size: 900KB - Virtual size: 899KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TraceDestructor.res
.zip
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 532KB

UPX1 Size: 76KB - Virtual size: 80KB

.rsrc Size: 2KB - Virtual size: 4KB

18bc6fa81e19f21156316b1ae696ed6b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 109KB

.ndata Size: - Virtual size: 96KB

.rsrc Size: 10KB - Virtual size: 9KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

a81c3ed1cb573fcd1e554161b1aec265

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

srclient

Exports

Exports

Sections

.text Size: 512B - Virtual size: 442B

.rdata Size: 512B - Virtual size: 493B

.data Size: - Virtual size: 180B

.reloc Size: 512B - Virtual size: 170B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

UPX0
Size: - Virtual size: 532KB

UPX1
Size: 76KB - Virtual size: 80KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 109KB

.ndata
Size: - Virtual size: 96KB

.rsrc
Size: 10KB - Virtual size: 9KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 512B - Virtual size: 442B

.rdata
Size: 512B - Virtual size: 493B

.data
Size: - Virtual size: 180B

.reloc
Size: 512B - Virtual size: 170B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 1024B - Virtual size: 573B

.rdata
Size: 1024B - Virtual size: 576B

.data
Size: 512B - Virtual size: 45B

.reloc
Size: 512B - Virtual size: 132B

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 28KB - Virtual size: 28KB

DATA
Size: 1KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 73B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 650B

.data
Size: 512B - Virtual size: 28B

.reloc
Size: 512B - Virtual size: 284B

01:00:00:00:00:01:0f:05:89:3d:70
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate