ce0f490e4e0982ddef31ea7cd21e15c5

Sharing

Copy URL Twitter E-mail

General

Target

ce0f490e4e0982ddef31ea7cd21e15c5
Size

379KB
MD5

ce0f490e4e0982ddef31ea7cd21e15c5
SHA1

934c068c763a8490c13410a2f8d1e7c192efc111
SHA256

9b31da2d831964b046d96ad67260ecbf1b22fdf7b40d748a4db2f957758a40ca
SHA512

5272433ae9fd5841c7a9ac071278a3454ca6ec20b242022edfbdfe091044f3e55159a2a4bedb1e5f08237545ed5cc2c5590d57113c2ea6b34dd2dd8e3f63c415
SSDEEP

6144:QnuwVlc/CzjUNU2UvY2/S+A2fgeNVjb9+tNDa3GxKC9Z:QuAMNU2EjXA2oeNhbSZa2B

Score

1^/10

Malware Config

Signatures

Files

ce0f490e4e0982ddef31ea7cd21e15c5
.dll windows:5 windows x64 arch:x64

f823295e26818de2df052f2c08b08503

Code Sign

01:14:e2:b8:16:a7:64:f2:d7:00:64:61:d4:42:13:21
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2018, 00:00

Not After

27/03/2020, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:1a:9e:33:1a:fd:ae:ee:c4:1d:81:cb:b0:88:52:d4:91:5b:aa:01
Signer

Actual PE Digest

7f:1a:9e:33:1a:fd:ae:ee:c4:1d:81:cb:b0:88:52:d4:91:5b:aa:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\PCReviver_with_tests\trunk\cxx\bin\x64\Release\FileExtensionManager-vc100-mt.pdb

Imports

kernel32

SetLastError
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
GlobalUnlock
GlobalLock
GlobalAlloc
SetEvent
WaitForSingleObjectEx
CloseHandle
CreateEventA
GetUserDefaultLangID
GetVersionExW
FindResourceExW
DisableThreadLibraryCalls
QueryPerformanceCounter
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
FormatMessageA
SystemTimeToFileTime
CreateWaitableTimerA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
FindResourceW
ExpandEnvironmentStringsW
GetModuleHandleW
GetModuleFileNameW
SetWaitableTimer
ResetEvent
GetCurrentProcessId
ReleaseSemaphore
WaitForMultipleObjectsEx
GetTickCount
GetModuleHandleA
OpenEventA
SizeofResource
LoadResource
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetCurrentThreadId
RaiseException
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LocalFree
GetProcAddress
LockResource
GlobalFree
GetSystemTimeAsFileTime
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
InitializeCriticalSection
DecodePointer

user32

CreateWindowExW
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetPropW
SetPropW
InvalidateRect
EndPaint
ReleaseDC
GetDC
SetWindowPos
SendMessageW
TrackMouseEvent
DestroyWindow
ShowWindow
BeginPaint
GetClientRect
FillRect
GetWindowLongPtrW
GetWindowLongW
LoadCursorW
RegisterWindowMessageW
IsWindowVisible
GetWindowRect
GetClassNameW
CallNextHookEx
mouse_event
SendInput
SetCursorPos
GetCursorPos
FindWindowW
SetWindowsHookExW
SetWindowLongW
GetParent
GetFocus
IsWindow
IsWindowEnabled
SetCursor
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
GetGuiResources
DestroyIcon
UnregisterClassW
DestroyCursor
LoadBitmapW
SetWindowLongPtrW
ReleaseCapture

gdi32

DeleteObject
DeleteDC
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
RestoreDC
SaveDC
GetDeviceCaps
StretchBlt
SetStretchBltMode
GetObjectW
GetBitmapBits

shell32

ExtractIconExW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize

advapi32

RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
ConvertStringSidToSidW
ConvertSidToStringSidW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
LookupAccountSidW
GetTokenInformation
OpenProcessToken

psapi

EnumProcesses

msvcp140

?_Incref@facet@locale@std@@UEAAXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?toupper@?$ctype@_W@std@@QEBA_W_W@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Getcoll
_Wcscoll
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Wcsxfrm
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xbad_alloc@std@@YAXXZ

shlwapi

AssocQueryKeyW
SHGetValueW
AssocQueryStringW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdiplus

GdipCreateBitmapFromResource
GdipCreateStringFormat
GdipGetFontStyle
GdipDeleteFont
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCloneFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateFromHWND
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageGraphicsContext
GdipGetStringFormatTrimming
GdipSetStringFormatTrimming
GdipGetStringFormatLineAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatAlign
GdipSetStringFormatAlign
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipGetFontHeight
GdipGetFontSize
GdipGetFamily
GdipGetFamilyName
GdipDeleteFontFamily
GdipGetDpiY
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneBitmapAreaI
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdiplusStartup
GdipSetImageAttributesWrapMode

vcruntime140

wcsstr
__vcrt_InitializeCriticalSectionEx
__std_type_info_destroy_list
__C_specific_handler
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
_purecall
__std_terminate
memmove
__std_exception_destroy
__std_exception_copy
strchr

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_seh_filter_dll
_cexit
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_errno
_beginthreadex
strerror
_invalid_parameter_noinfo

api-ms-win-crt-string-l1-1-0

wmemcpy_s
_wcsupr_s
_wcslwr_s
wcscpy_s
iswspace
wcsnlen
tolower

api-ms-win-crt-heap-l1-1-0

realloc
_recalloc
free
malloc
_callnewh

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s

api-ms-win-crt-math-l1-1-0

floor
ceil
pow

api-ms-win-crt-time-l1-1-0

_gmtime64

Exports

Exports

??0CFileExtensionManager@FileExtensionManagerLib@@QEAA@XZ
??1CFileExtensionManager@FileExtensionManagerLib@@QEAA@XZ
?canWork@CFileExtensionManager@FileExtensionManagerLib@@SA_NXZ
?changeExtensionAssociation@CFileExtensionManager@FileExtensionManagerLib@@QEAA_NHV?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@@Z
?createApplicationHandler@CFileExtensionManager@FileExtensionManagerLib@@QEAA?AV?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?createIcon@CFileExtensionManager@FileExtensionManagerLib@@AEAA?AV?$shared_ptr@V?$CIconT@$00@FileExtensionManagerLib@@@boost@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?getAdditionalData@CFileExtensionManager@FileExtensionManagerLib@@QEAA?AV?$vector@V?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@V?$allocator@V?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@@std@@@std@@H@Z
?getApplicationByProgIdOrProg@CFileExtensionManager@FileExtensionManagerLib@@AEAA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_NAEAV?$vector@V?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@V?$allocator@V?$shared_ptr@VCApplicationHandler@FileExtensionManagerLib@@@boost@@@std@@@4@AEBV34@@Z
?getExtension@CFileExtensionManager@FileExtensionManagerLib@@QEBA?AV?$shared_ptr@VCExtension@FileExtensionManagerLib@@@boost@@H@Z
?getExtensionCount@CFileExtensionManager@FileExtensionManagerLib@@QEBA_KXZ
?getExtensionData@CFileExtensionManager@FileExtensionManagerLib@@AEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEAUIQueryAssociations@@AEAV?$shared_ptr@VCExtension@FileExtensionManagerLib@@@boost@@@Z
?isScanRunning@CFileExtensionManager@FileExtensionManagerLib@@QEAA_NXZ
?join@CFileExtensionManager@FileExtensionManagerLib@@QEAAXXZ
?pathToNormal@CFileExtensionManager@FileExtensionManagerLib@@AEAAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?scanFinished@CFileExtensionManager@FileExtensionManagerLib@@AEAAXXZ
?scaningThreadFunction@CFileExtensionManager@FileExtensionManagerLib@@AEAAXXZ
?start@CFileExtensionManager@FileExtensionManagerLib@@QEAAXPEAVIExtensionNotificationHandler@2@@Z
?stop@CFileExtensionManager@FileExtensionManagerLib@@QEAAXXZ
?updateInfo@CFileExtensionManager@FileExtensionManagerLib@@QEAA_NH@Z
?useWinEightStyle@CFileExtensionManager@FileExtensionManagerLib@@SA_NXZ
HookProcFunc
showOpenWithDlg

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f823295e26818de2df052f2c08b08503

Code Sign

01:14:e2:b8:16:a7:64:f2:d7:00:64:61:d4:42:13:21Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

7f:1a:9e:33:1a:fd:ae:ee:c4:1d:81:cb:b0:88:52:d4:91:5b:aa:01Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

advapi32

psapi

msvcp140

shlwapi

wtsapi32

version

gdiplus

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 235KB - Virtual size: 234KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 10KB - Virtual size: 14KB

.pdata Size: 17KB - Virtual size: 16KB

.gfids Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

01:14:e2:b8:16:a7:64:f2:d7:00:64:61:d4:42:13:21
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7f:1a:9e:33:1a:fd:ae:ee:c4:1d:81:cb:b0:88:52:d4:91:5b:aa:01
Signer

.text
Size: 235KB - Virtual size: 234KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 10KB - Virtual size: 14KB

.pdata
Size: 17KB - Virtual size: 16KB

.gfids
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB