cc720aeb96d00c55d2696330ee47bc1d

Sharing

Copy URL Twitter E-mail

General

Target

cc720aeb96d00c55d2696330ee47bc1d
Size

1.7MB
MD5

cc720aeb96d00c55d2696330ee47bc1d
SHA1

c7d9f58494bbc201d5b7d6a51aefb1e87705668e
SHA256

5074c259ce07cc34361419c288e7bd8a5ed207df20487c061f993cea09f62bac
SHA512

ed5e9e22f971f28f0e37add0a782a56ea057d92d952a74c00941ef12712b070219d3836c5e300f85f4445008dba755e15bbd29d6fe1d5c553e91a5589aded550
SSDEEP

49152:1jwyHA1zjZYiVorzEWe03hFDcgPhTmL7Di+w:xw84z9YiGzhe03zcgZeC+w

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
cc720aeb96d00c55d2696330ee47bc1d
unpack001/$APPDATA/CCTV/tv/Reli_CCTV.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/Communicate.dll
unpack001/VnetClinfo.ocx

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

cc720aeb96d00c55d2696330ee47bc1d
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/CCTV/tv/Reli_CCTV.dll
.dll regsvr32 windows:4 windows x86 arch:x86

521f9c4d68040595afccce1c3e4ba117

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\hjoost\builds\cctv\bin\lite_release\Reli_CCTV_dll.pdb

Imports

gdiplus

GdipCreateHBITMAPFromBitmap
GdipGraphicsClear
GdipCreateFromHWND
GdipSetEmpty
GdipDeleteRegion
GdipImageRotateFlip
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageRawFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipCloneImage
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipDisposeImage
GdipAlloc
GdipFree
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFromHDC
GdipGetDC
GdipReleaseDC
GdipDrawString
GdipCreateBitmapFromGdiDib
GdipDrawImageI
GdipCreateBitmapFromGraphics
GdipSetClipRegion
GdipMeasureString
GdipCreateTexture
GdipDrawRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipCloneBrush
GdipDrawImageRectRectI
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipIsVisibleRegionRectI
GdipFillRectangleI
GdipCreatePen1
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteFont
GdipCombineRegionRectI
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipDeletePen
GdipCreateLineBrushFromRectI
GdipCreateRegion
GdipCombineRegionRegion
GdiplusShutdown
GdiplusStartup

wininet

InternetSetOptionW
InternetCrackUrlW
HttpOpenRequestW
InternetConnectW
InternetSetStatusCallbackW
InternetCanonicalizeUrlW
HttpSendRequestW
InternetCloseHandle
InternetGetLastResponseInfoW
InternetReadFile
InternetOpenUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetOpenW
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
CreateUrlCacheEntryW
CommitUrlCacheEntryW
InternetQueryDataAvailable
GetUrlCacheEntryInfoW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

kernel32

LoadLibraryExW
EnterCriticalSection
lstrcmpiW
FindNextFileW
WideCharToMultiByte
MoveFileExW
GetTempPathW
GetTempFileNameW
LockResource
CreateMutexW
CreateEventW
FindFirstFileW
CreateThread
FindClose
CopyFileW
CreateFileW
CloseHandle
WriteFile
Sleep
CreateDirectoryW
WaitForSingleObject
DeleteFileW
GetCurrentThreadId
GetTickCount
SetEvent
OpenProcess
CreateToolhelp32Snapshot
Module32FirstW
TerminateProcess
Module32NextW
UnmapViewOfFile
GetCurrentProcessId
Process32FirstW
Process32NextW
MulDiv
GetCurrentProcess
MapViewOfFile
FlushInstructionCache
SetLastError
LocalAlloc
LocalFree
GetLongPathNameW
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
InterlockedCompareExchange
GetProcessHeap
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
RtlUnwind
SetHandleCount
GetFileType
FindResourceW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
SetEndOfFile
ReadFile
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrlenA
SetFilePointerEx
QueueUserWorkItem
GetUserDefaultLangID
GetThreadPriority
CreateSemaphoreW
ReleaseSemaphore
lstrcpynW
WaitForMultipleObjects
lstrcmpW
FindResourceExW
CreateFileMappingW
DuplicateHandle
ResetEvent
TryEnterCriticalSection
FreeResource
CreateProcessW
GetFileSizeEx
GetSystemTime
SystemTimeToFileTime
CompareFileTime
RemoveDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
FreeLibrary
GetLastError
LoadResource
InterlockedDecrement
GetSystemDirectoryW
QueryPerformanceFrequency
SetThreadPriority
SetThreadExecutionState
LoadLibraryW
GetLocalTime
GetVersionExW
TerminateThread
LeaveCriticalSection
GetThreadLocale
DeleteCriticalSection
RaiseException
HeapCreate
SetThreadLocale
HeapDestroy
HeapAlloc
MultiByteToWideChar
GetModuleHandleW
HeapFree
SizeofResource
SetCurrentDirectoryW
InterlockedIncrement
lstrlenW
GetModuleFileNameW
GetStartupInfoA

user32

OffsetRect
GetWindowRect
GetDC
EndDialog
FillRect
DialogBoxParamW
IsWindow
GetKeyState
GetFocus
FrameRect
InflateRect
DestroyWindow
UnregisterClassA
CallWindowProcW
SetWindowRgn
IntersectRect
EqualRect
EndPaint
BeginPaint
PtInRect
UnionRect
GetCursorPos
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
SetTimer
CreateWindowExW
GetDlgItem
SendNotifyMessageW
GetClientRect
CopyRect
LoadCursorW
GetWindow
GetParent
SystemParametersInfoW
IsWindowVisible
SetFocus
SetWindowPos
GetClassInfoExW
GetWindowLongW
UpdateWindow
RegisterClassExW
ShowWindow
InvalidateRect
MessageBoxW
IsChild
MsgWaitForMultipleObjects
PeekMessageW
MoveWindow
SetParent
EnumDisplaySettingsW
SetWindowLongW
MapWindowPoints
ReleaseDC
SetRect
RegisterWindowMessageW
GetQueueStatus
BringWindowToTop
GetWindowThreadProcessId
IsRectEmpty
GetKeyboardState
FindWindowW
WaitForInputIdle
GetClassNameW
SetForegroundWindow
ScreenToClient
ShowCursor
SetCapture
ReleaseCapture
DrawTextW
GetActiveWindow
SetCursor
CloseWindow
CharNextW
KillTimer
SendMessageW
PostQuitMessage
RegisterClassW
DefWindowProcW

gdi32

BitBlt
SelectClipRgn
IntersectClipRect
CreateDIBSection
CreateCompatibleDC
SetBkColor
CreateSolidBrush
CreateDIBPatternBrush
SetWindowOrgEx
RestoreDC
SetViewportOrgEx
SaveDC
CreateRectRgnIndirect
DeleteDC
CreateDCW
LPtoDP
GetStockObject
DeleteObject
GetDeviceCaps
SelectObject
SetTextColor
SetBkMode
CreateFontW
CreateFontIndirectW
SetMapMode

advapi32

RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyW
RegQueryValueW
RegQueryValueExW
RegDeleteKeyW
RegCloseKey

shell32

ShellExecuteW

ole32

CoGetMalloc
GetRunningObjectTable
MkParseDisplayName
CreateBindCtx
CoFreeUnusedLibraries
CoInitialize
CLSIDFromString
CLSIDFromProgID
WriteClassStm
OleRegEnumVerbs
OleRegGetMiscStatus
OleSaveToStream
OleLoadFromStream
OleRegGetUserType
CreateOleAdviseHolder
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2

oleaut32

VariantClear
VariantInit
VariantChangeType
OleCreatePropertyFrame
UnRegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
SysStringLen
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
GetErrorInfo
RegisterTypeLi
SysFreeString
VarUI4FromStr
LoadTypeLi
SysAllocString

winmm

timeKillEvent
timeBeginPeriod
timeEndPeriod
timeSetEvent
waveOutClose
waveOutSetVolume
waveOutGetVolume
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveOutReset
waveOutOpen
timeGetTime

msimg32

TransparentBlt

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo

ws2_32

recv
WSAGetLastError
send
ntohs
inet_addr
gethostbyname
htons
socket
connect
setsockopt
closesocket
htonl
ntohl

Exports

Exports

CheckOccupy
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HelperEntry

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Communicate.dll
.dll windows:4 windows x86 arch:x86

02ae53ee88f1c68514e7eb768bf7434d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
CloseHandle
GetLastError
CreateFileMappingA
ReleaseMutex
OpenFileMappingA
WaitForSingleObject
CreateMutexA
WriteFile
SetFilePointer
CreateFileA
GetLocalTime
GetModuleFileNameA
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

user32

SendMessageA
wsprintfA
PostMessageA
FindWindowExA

Exports

Exports

??0CCommunicate@@QAE@XZ
??4CCommunicate@@QAEAAV0@ABV0@@Z
?CleanFileMap@CCommunicate@@SAHPAX@Z
?CreateFileMap@CCommunicate@@SAHAAPAX@Z
?GetClientInfo2@CCommunicate@@SAHAAU_CLIENTINFO2@@@Z
?GetClientInfo@CCommunicate@@SAHAAU_CLIENTINFO@@@Z
?GetData@CCommunicate@@SAHHPAXHAAH@Z
?Log@CCommunicate@@SAXPBD0ZZ
?LogDebug@CCommunicate@@SAXPBD0ZZ
?LogError@CCommunicate@@SAXPBDZZ
?PostMessageA@CCommunicate@@SAHIJ@Z
?Read@CCommunicate@@CAHHPAXHAAH@Z
?ReleaseAndCloseHandle@CCommunicate@@SAHPAX@Z
?SetData@CCommunicate@@SAHHPAXH@Z
?UnMapViewOfFile@CCommunicate@@CAHPAX@Z
?WaitMutex@CCommunicate@@SAPAXH@Z
?Write@CCommunicate@@CAHHPAXH@Z
?fnCommunicate@@YAHXZ
?nCommunicate@@3HA

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSINET.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

d940cf5b3d0dfb340396c0608ef1a0c5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:cb:1c:af:c1:a1:9a:a8:ba:91:ac:e1:6b:ab:e7:b6:18:25:e9:91
Signer

Actual PE Digest

8a:cb:1c:af:c1:a1:9a:a8:ba:91:ac:e1:6b:ab:e7:b6:18:25:e9:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetProcAddress
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
GetDlgItem
MoveWindow
GetWindow
GetActiveWindow
IsWindowVisible
TranslateMessage
GetParent
OffsetRect
EqualRect
DispatchMessageA
GetWindowThreadProcessId
ShowWindow
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
ClientToScreen
GetWindowRect
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
IntersectRect
SetWindowRgn
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PSPMencoder.exe
.exe windows:4 windows x86 arch:x86

4af9ba9feda469d0030495c4a04565cc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:43:28:4f:11:42:ea
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

20/09/2011, 17:14

Not After

22/09/2012, 04:55

Subject

CN=Chongqing Langzhou Trade Co.\, Ltd.,O=Chongqing Langzhou Trade Co.\, Ltd.,L=Chongqing,ST=Chongqing,C=CN,1.2.840.113549.1.9.1=#0c0d7178313332374071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

ff:0f:1b:0b:39:b3:d4:8e:e5:87:09:51:68:ce:11:95:98:47:06:61
Signer

Actual PE Digest

ff:0f:1b:0b:39:b3:d4:8e:e5:87:09:51:68:ce:11:95:98:47:06:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord582
__vbaVarSub
__vbaVarTstGt
__vbaR8FixI4
ord583
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrAryToUnicode
ord585
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaStrAryToAnsi
ord694
__vbaAryMove
__vbaCyMul
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaLineInputStr
ord696
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
ord698
__vbaFpCDblR8
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaVarSetVarAddref
ord626
__vbaI2Abs
__vbaI4Sgn
__vbaResume
__vbaCopyBytes
__vbaForEachCollAd
__vbaStrCat
__vbaVarCmpNe
__vbaBoolErrVar
ord553
__vbaLsetFixstr
ord660
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
ord556
ord557
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaLateMemSt
EVENT_SINK2_Release
ord592
ord593
__vbaForEachCollObj
__vbaVarForInit
__vbaExitProc
ord594
__vbaI4Abs
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaVarIndexStoreObj
__vbaObjSetAddref
ord702
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord305
ord599
__vbaFpR4
__vbaStrFixstr
__vbaForEachCollVar
ord520
__vbaBoolVar
__vbaFPFix
__vbaFpR8
__vbaRefVarAry
__vbaBoolVarNull
__vbaVarTstLt
__vbaVargVar
_CIsin
ord631
__vbaErase
ord709
ord525
ord632
__vbaNextEachCollObj
__vbaVarZero
__vbaVarCmpGt
__vbaVargVarMove
__vbaChkstk
__vbaCyVar
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
ord560
__vbaDateR8
__vbaCyI4
__vbaR4Str
ord561
__vbaVarLikeVar
__vbaNextEachCollVar
__vbaObjVar
__vbaI2I4
ord562
DllFunctionCall
ord670
ord563
__vbaVarOr
__vbaVarLateMemSt
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaRedimVar
__vbaLateIdCallSt
__vbaVarAnd
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
ord313
ord712
__vbaStrToUnicode
__vbaPrintFile
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaLateIdStAd
__vbaFailedFriend
ord607
__vbaVarDiv
ord608
__vbaVarCmpLe
ord716
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaStrVarVal
__vbaUbound
ord534
__vbaVarCat
ord535
__vbaCheckType
__vbaLsetFixstrFree
__vbaI2Var
__vbaStopExe
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
__vbaR8Str
__vbaVarLateMemCallLdRf
__vbaVarInt
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaVarCmpLt
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord612
ord321
ord613
__vbaVerifyVarObj
ord614
__vbaFpI2
__vbaVarMod
__vbaCheckTypeVar
__vbaVarTstGe
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaFpI4
__vbaUnkVar
ord616
__vbaRecDestructAnsi
__vbaVarSetObjAddref
ord617
__vbaLateMemCallLd
_CIatan
__vbaI2ErrVar
ord618
__vbaStrMove
__vbaCastObj
__vbaAryCopy
__vbaR8IntI4
__vbaI4Cy
ord619
__vbaForEachVar
__vbaStrVarCopy
ord542
ord543
_allmul
ord544
__vbaLateIdSt
ord545
__vbaAryRecCopy
ord652
_CItan
__vbaNextEachCollAd
ord547
__vbaFPInt
__vbaAryUnlock
__vbaFpCSngR8
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaRecAssign
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar
__vbaR8FixI2
ord581

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 752KB - Virtual size: 750KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VnetClinfo.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

2c43b9ceda934a8df955bb5505b07c25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rasapi32

RasGetConnectStatusA
RasEnumConnectionsA
RasGetProjectionInfoA

mfc42

ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3401
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1168
ord6467
ord1227
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord1089
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord6055
ord4078
ord1776
ord4407
ord5241
ord2384
ord5163
ord6370
ord4353
ord5290
ord3798
ord4837
ord1131
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord2860
ord2541
ord4949
ord1601
ord2764
ord4202
ord5683
ord539
ord2956
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord4853
ord4998
ord4713
ord2514
ord6052
ord1775
ord2385
ord6371
ord5286
ord4438
ord3279
ord4625
ord4425
ord449
ord746
ord2278
ord802
ord1085
ord542
ord3663
ord2841
ord2107
ord5450
ord5440
ord6383
ord6394
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4278
ord939
ord926
ord538
ord924
ord922
ord2915
ord5572
ord2818
ord2614
ord858
ord823
ord540
ord535
ord860
ord537
ord941
ord800
ord825
ord1176
ord1116
ord1132
ord4361
ord4441

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
fseek
_strcmpi
_stricmp
strerror
__dllonexit
?terminate@@YAXXZ
_except_handler3
_EH_prolog
atoi
_mbsicmp
wcslen
wcsncpy
_mbsnicmp
_mbsncmp
_mbscmp
strtol
_errno
fopen
__CxxFrameHandler
fclose
fread
_mbccpy
wctomb
_mbsnbcmp
_mbschr
_mbclen
ftell

kernel32

LocalAlloc
LocalFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetModuleFileNameA
WideCharToMultiByte
lstrlenW
GetLastError
CreateFileA
DeviceIoControl
CloseHandle

user32

FillRect
EnableWindow
CharNextA

gdi32

GetStockObject
Ellipse

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoInitialize

oleaut32

LoadRegTypeLi

communicate

?GetData@CCommunicate@@SAHHPAXHAAH@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
comdlg32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

988f29c1eb8054253091352741683c76

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetLastError
LockResource
GetWindowsDirectoryA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
CompareStringA
CompareStringW
lstrcmpA
GetLocaleInfoA
GetVersion
GetModuleFileNameA
GetFileAttributesA
IsBadWritePtr
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpiA
LoadLibraryA
GetProcAddress
lstrcatA
lstrlenA
lstrcpyA
WriteProfileStringA
GlobalLock
GlobalUnlock
LoadResource
FindResourceA
lstrcpynA
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProfileStringA
EnterCriticalSection
GetProcessHeap
GetCurrentThreadId
MultiByteToWideChar
InitializeCriticalSection
GlobalFree

user32

SetWindowRgn
IntersectRect
EqualRect
PtInRect
IsDialogMessageA
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBeep
PostMessageA
ClientToScreen
wsprintfA
SendMessageTimeoutA
CharNextA
GetActiveWindow
GetWindowThreadProcessId
LoadCursorA
MessageBoxA
GetWindowLongA
GetWindowRect
CreateWindowExA
SetWindowLongA
ShowWindow
DialogBoxParamA
EnableWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
OffsetRect
GetParent
GetDlgItem
SendMessageA
SetFocus
SetParent
SetDlgItemInt
EndPaint
SetActiveWindow
IsWindowVisible
WinHelpA
GetDlgItemInt
EndDialog
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA
GetWindowTextA
GetNextDlgTabItem
SendDlgItemMessageA
RegisterClassA
GetDC
ReleaseDC
LoadIconA
DrawIcon
DestroyIcon
GetSystemMetrics
RegisterWindowMessageA
LoadStringA
DefWindowProcA
UnregisterClassA
GetClientRect
BeginPaint
RegisterClipboardFormatA
SetWindowPos
MoveWindow

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
VariantChangeType
RegisterTypeLi
VariantInit
GetErrorInfo
VariantClear
SysStringLen
SysAllocStringLen
OleTranslateColor
SysFreeString
SysAllocString
CreateErrorInfo

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

GetDIBits
CreateCompatibleDC
CreateBitmap
GetSystemPaletteEntries
StretchDIBits
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
LPtoDP
SetViewportExtEx
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
CreateDCA
GetObjectA
EnumFontFamiliesA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 60KB

.rsrc Size: 28KB - Virtual size: 28KB

521f9c4d68040595afccce1c3e4ba117

Headers

File Characteristics

PDB Paths

Imports

gdiplus

wininet

version

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

msimg32

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

_TEXT64 Size: 4KB - Virtual size: 1KB

.rdata Size: 408KB - Virtual size: 405KB

.data Size: 48KB - Virtual size: 2.2MB

.rsrc Size: 156KB - Virtual size: 152KB

.reloc Size: 104KB - Virtual size: 102KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 60KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 1.7MB - Virtual size: 1.7MB

_TEXT64
Size: 4KB - Virtual size: 1KB

.rdata
Size: 408KB - Virtual size: 405KB

.data
Size: 48KB - Virtual size: 2.2MB

.rsrc
Size: 156KB - Virtual size: 152KB

.reloc
Size: 104KB - Virtual size: 102KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 4KB - Virtual size: 3KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:0e:7d:a7:00:00:00:00:00:48
Certificate

8a:cb:1c:af:c1:a1:9a:a8:ba:91:ac:e1:6b:ab:e7:b6:18:25:e9:91
Signer

.text
Size: 68KB - Virtual size: 66KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 36KB - Virtual size: 32KB

.reloc
Size: 8KB - Virtual size: 4KB