family_tree_builder_8644[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

family_tree_builder_8644.exe
Size

95.9MB
MD5

5e4094eb3e13d0f5f5307af21830fc17
SHA1

b66da56808e3a5b31023b23b29d191a126981c91
SHA256

283ee93f2eae581d9b3699f6db8682232352eda0d3bdf0ae4e4ab2cfe1e794c5
SHA512

72c56629a3b4df687cd41039735047831ab5a3b858d34f6e48496c895c9d66352802806a1ca056f20e0ea57f3e079038ce05848739621cc2c698daf8ea593045
SSDEEP

1572864:ZwfxNLmzsnD4fwA/oJDlGw3wn7OnLuwEJ+fQE/4ni7Fapb8PcIfxbb8OCPPmYjR:6JNSz00FGlGfO6d+n+8PT8ZjR

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/Download.dll
unpack001/$PLUGINSDIR/Genealogy.dll
unpack001/$PLUGINSDIR/INetC.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

family_tree_builder_8644.exe
.exe windows:4 windows x86 arch:x86

ea4e67a31ace1a72683a99b80cf37830

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:da:68:af:0c:af:24:98:3c:10:52:74:2e:21:ef:b2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

05/01/2022, 00:00

Not After

12/02/2025, 23:59

Subject

SERIALNUMBER=5036628,CN=MyHeritage (USA) Inc.,OU=MyHeritage (USA) Inc.,O=MyHeritage (USA) Inc.,L=Lehi,ST=Utah,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

95:9d:96:07:23:48:d0:49:39:d1:34:5c:33:eb:90:9b:76:7c:86:6d:14:56:28:60:69:5f:e4:fb:19:fe:e9:0b
Signer

Actual PE Digest

95:9d:96:07:23:48:d0:49:39:d1:34:5c:33:eb:90:9b:76:7c:86:6d:14:56:28:60:69:5f:e4:fb:19:fe:e9:0b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA

shell32

SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
GetSysColor
SetCursor
GetWindowLongA
SetClassLongA
SetWindowPos
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
GetTempFileNameA
RemoveDirectoryA
WriteFile
CreateDirectoryA
GetLastError
CreateProcessA
GlobalLock
GlobalUnlock
CreateThread
lstrcpynA
SetErrorMode
GetDiskFreeSpaceA
lstrlenA
GetCommandLineA
GetVersion
GetWindowsDirectoryA
SetEnvironmentVariableA
GetTempPathA
CopyFileA
GetCurrentProcess
ExitProcess
GetModuleFileNameA
GetFileSize
ReadFile
GetTickCount
Sleep
CreateFileA
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Download.dll
.dll windows:4 windows x86 arch:x86

121197d0e49662908d6c892a071a5f42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\ftb40\Installer\Download\release\Download.pdb

Imports

ws2_32

ioctlsocket
select
__WSAFDIsSet
WSASetLastError
gethostbyname
socket
connect
setsockopt
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
WSAStartup
WSACleanup

kernel32

GetStringTypeW
GetStringTypeA
InitializeCriticalSection
CreateFileA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ReadFile
SetStdHandle
MultiByteToWideChar
GlobalAlloc
Sleep
lstrcpyA
lstrcpynA
GlobalFree
GetTickCount
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVersionExA
GetVolumeInformationA
HeapAlloc
HeapFree
SleepEx
SetLastError
CloseHandle
DuplicateHandle
GetCurrentProcess
WaitForSingleObject
ReleaseMutex
SetEvent
WaitForMultipleObjects
CreateEventA
CreateMutexA
GetExitCodeThread
TerminateThread
GetLastError
ExpandEnvironmentStringsA
FormatMessageA
GetCurrentDirectoryA
GetFullPathNameA
ExitProcess
HeapSize
SetFilePointer
LCMapStringW
LCMapStringA
FlushFileBuffers
RaiseException
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
GetLocaleInfoA
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
SetHandleCount
GetConsoleMode
WriteConsoleA
CompareStringA
GetTimeZoneInformation
GetConsoleCP
WriteConsoleW
GetConsoleOutputCP
DeleteFileA
MoveFileA
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
SetEndOfFile
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
ExitThread
CreateThread
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
WriteFile
WideCharToMultiByte

user32

GetFocus
FindWindowExA
GetClientRect
CreateWindowExA
GetDlgItem
ShowWindow
IsWindowVisible
EnableWindow
SendMessageA
RegisterWindowMessageA
CallWindowProcA
SetWindowTextW
SetWindowLongA

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA

ole32

CoCreateGuid

rpcrt4

RpcStringFreeA
UuidToStringA

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
download
download_quiet
get_client_guid
get_install_guid
get_rand
ping

Sections

.text
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Genealogy.dll
.dll windows:6 windows x86 arch:x86

73643a9a8f9ca1cd1237e9c4049b0e43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
HeapFree
Process32First
WaitForSingleObject
GetProcessHeap
WriteFile
OpenProcess
GlobalAlloc
Thread32First
WideCharToMultiByte
SizeofResource
HeapDestroy
GetExitCodeProcess
CreateProcessA
TerminateProcess
Thread32Next
ReadFile
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
FindFirstFileA
GetLastError
GetProcAddress
HeapSize
GlobalFree
FindClose
HeapAlloc
Process32Next
LockResource
DecodePointer
FindNextFileA
GetModuleHandleA
CreateToolhelp32Snapshot
DeleteCriticalSection
CloseHandle
GetCurrentProcessId
LocalFree
FlushFileBuffers
WriteConsoleW
SetStdHandle
ReadConsoleW
RtlUnwind
LoadLibraryExW
GetModuleFileNameW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
lstrcpynA
HeapReAlloc
GetLocaleInfoA
SetFilePointer
GetFileSize
CreateFileA
LoadLibraryA
GetStringTypeW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetLocalTime
GetCommandLineA
GetCurrentThreadId
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetFileAttributesExW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW

user32

GetWindow
GetClassNameA
GetWindowRect
PostThreadMessageA
SendMessageA
RegisterWindowMessageA
EnumWindows
GetWindowTextA
GetWindowLongA
GetWindowTextW
CreateWindowExA
IsWindow
FindWindowA
GetDlgCtrlID

advapi32

RegDeleteValueA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
IsValidSid
RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA
GetTokenInformation
OpenProcessToken

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoCreateInstance

Exports

Exports

AppendTextToFile
CheckInstall
CreateShortcut
DisplayImage
DoubleStringSlashes
ExecSilent
ExecSilentWait
ExecSilentWaitLog
FindChrome
FindOpera
GetAppStatus
GetDistribution
GetLanguageNameFromID
GetMSIEVersion
GetSID
IsAutoSyncOn
IsBrowserRunning
IsFTBRunning
IsFlashInstalled
IsLogHistory
IsMSIEToolbarDisabled
IsMyHeritageVersion
IsProcessRunning
LogTextToFile
LogWindows
ProjectHasPhotos
QuitPublisherAndViewer
StopUpdateChecking
TerminateProc
TerminateResearch
UnDisableMSIEToolbar

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/INetC.dll
.dll windows:5 windows x86 arch:x86

a3e0d0307509d9b4a199d5ac4ca5b3f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetErrorDlg
HttpQueryInfoA
HttpEndRequestA
HttpSendRequestExA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetOptionA
InternetQueryOptionA
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCrackUrlA

comctl32

ord17

kernel32

GlobalFree
GlobalAlloc
WideCharToMultiByte
DeleteFileA
CreateFileA
GetModuleHandleA
LoadLibraryA
lstrlenA
lstrcpyA
lstrcpynA
lstrcmpiA
lstrcmpA
GetTickCount
MulDiv
CloseHandle
SetFilePointer
ReadFile
lstrcatA
SleepEx
GetProcAddress
LocalAlloc
LocalFree
CreateThread
TerminateThread
GetLastError
WaitForSingleObject
GetFileSize
WriteFile

user32

SendDlgItemMessageA
SetTimer
KillTimer
EnableWindow
UpdateWindow
RedrawWindow
SetWindowTextA
GetWindowTextA
GetClientRect
GetWindowRect
MessageBoxA
GetWindowLongA
SetWindowLongA
GetParent
FindWindowExA
LoadIconA
IsDialogMessageA
SystemParametersInfoA
SetDlgItemTextA
wsprintfA
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
PostMessageA
IsWindow
DestroyWindow
ShowWindow
SetWindowPos
IsWindowVisible
CreateDialogParamA
GetDlgItem

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Side2.jpg
.jpg
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Upgrade.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
.jpg
$PLUGINSDIR/modern-wizard.bmp

Sharing

General

Malware Config

Signatures

Files

ea4e67a31ace1a72683a99b80cf37830

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

08:da:68:af:0c:af:24:98:3c:10:52:74:2e:21:ef:b2Certificate

Extended Key Usages

Key Usages

95:9d:96:07:23:48:d0:49:39:d1:34:5c:33:eb:90:9b:76:7c:86:6d:14:56:28:60:69:5f:e4:fb:19:fe:e9:0bSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 106KB

.ndata Size: - Virtual size: 56KB

.rsrc Size: 107KB - Virtual size: 107KB

121197d0e49662908d6c892a071a5f42

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

ole32

rpcrt4

iphlpapi

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 302KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 20KB - Virtual size: 17KB

73643a9a8f9ca1cd1237e9c4049b0e43

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

a3e0d0307509d9b4a199d5ac4ca5b3f5

Headers

DLL Characteristics

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:da:68:af:0c:af:24:98:3c:10:52:74:2e:21:ef:b2
Certificate

95:9d:96:07:23:48:d0:49:39:d1:34:5c:33:eb:90:9b:76:7c:86:6d:14:56:28:60:69:5f:e4:fb:19:fe:e9:0b
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 106KB

.ndata
Size: - Virtual size: 56KB

.rsrc
Size: 107KB - Virtual size: 107KB

.text
Size: 304KB - Virtual size: 302KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B