d5cef8ffb2a584cb8c39b22f5cb4fba7

Sharing

Copy URL Twitter E-mail

General

Target

d5cef8ffb2a584cb8c39b22f5cb4fba7
Size

1.8MB
MD5

d5cef8ffb2a584cb8c39b22f5cb4fba7
SHA1

eb1b36ef2758847b27e6a760ea34537f81cb9be7
SHA256

e97d6922595772fc4738a68d7cf43d33b50c4044670f9a868bd24ec200641ec3
SHA512

cf414bc6e81017f170e6aa2e5fcf2d4fdcb78f9f5e8d217d053e7dc2c2dc64e794eafce5fb680cd08702ac07d88c3a0d50ae0c0c00d950f3ed05b34f7e267388
SSDEEP

49152:TMPmVbX81sD+U0xOTHP0CEMXHbUwAxRAFI80i9F2oZ:TMPmpX86DzBj9XowZG8Fn2y

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Plugins/CougarPlugin.dll
unpack001/Plugins/GazellePlugin.dll
unpack001/Plugins/PCCPlugin.dll
unpack001/Plugins/USCMHLPlugin.dll
unpack001/aeroglass.dll
unpack001/libexpat.dll
unpack001/zlib1.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

d5cef8ffb2a584cb8c39b22f5cb4fba7
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:69:4b:29:97:eb:bc:b6:c2:cd:62:5a:73:f2:30:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

07/10/2010, 00:00

Not After

04/12/2011, 23:59

Subject

CN=Make The Cut\, LLC.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Make The Cut\, LLC.,L=Muskego,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:cb:73:8f:9e:9e:2b:01:e5:ce:94:89:26:a2:72:fb:26:1e:bb:bc
Signer

Actual PE Digest

33:cb:73:8f:9e:9e:2b:01:e5:ce:94:89:26:a2:72:fb:26:1e:bb:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MTC!.exe
.exe windows:4 windows x86 arch:x86

ece2b832ae3aa99a45ca93ff22cca4fa

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:69:4b:29:97:eb:bc:b6:c2:cd:62:5a:73:f2:30:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

07/10/2010, 00:00

Not After

04/12/2011, 23:59

Subject

CN=Make The Cut\, LLC.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Make The Cut\, LLC.,L=Muskego,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:2c:b9:3c:48:24:2a:9a:cf:98:a1:f9:5f:d3:b9:28:0b:1c:12:b9
Signer

Actual PE Digest

8d:2c:b9:3c:48:24:2a:9a:cf:98:a1:f9:5f:d3:b9:28:0b:1c:12:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetWindowTextW

gdi32

Ellipse

comdlg32

ChooseFontW

winspool.drv

DeviceCapabilitiesW

advapi32

SetFileSecurityW

shell32

SHGetFileInfoW

comctl32

ImageList_Add

oledlg

OleUIBusyW

ole32

CoGetClassObject

olepro32

ord253

oleaut32

SysFreeString

gdiplus

GdipDeletePath

version

GetFileVersionInfoW

wininet

HttpSendRequestW

zlib1

gzsetparams

libexpat

ord16

Sections

.text
Size: 1.1MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Plugins/CougarPlugin.dll
.dll windows:4 windows x86 arch:x86

11304899b1dbdadeed579faae449254a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
HeapFree
GetCommandLineA
HeapAlloc
ExitProcess
TerminateProcess
RaiseException
HeapSize
HeapReAlloc
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentProcess
GetProcessVersion
GlobalFlags
lstrcmpiW
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcpynW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryA
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
lstrcpyW
MulDiv
GetModuleHandleA
lstrcmpW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
GetProcAddress
FreeLibrary
QueryDosDeviceW
GetModuleHandleW
GetModuleFileNameW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
LoadResource
SizeofResource
LockResource
FormatMessageW
LocalFree
SetLastError
CreateEventW
WriteFile
GetOverlappedResult
CreateFileW
PurgeComm
SetupComm
SetCommState
SetCommTimeouts
GetLastError
Sleep
CloseHandle
CreateThread
SetThreadPriority
ResumeThread
GetFileType
WaitForSingleObject

user32

AdjustWindowRectEx
SetFocus
MapWindowPoints
SendDlgItemMessageA
SendDlgItemMessageW
UpdateWindow
LoadIconW
CheckDlgButton
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
SetWindowTextW
ShowWindow
UnregisterClassW
GetClassNameW
PtInRect
LoadCursorW
GetSysColorBrush
DestroyMenu
GetTopWindow
GetCapture
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
CreateWindowExW
SetPropW
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
EndDialog
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExW
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongW
MessageBoxW
SetCursor
LoadStringW
UnhookWindowsHookEx
PostQuitMessage
GetClientRect
InvalidateRect
GetSysColor
SendMessageW
EnableWindow
PeekMessageW
IsWindow
PostMessageW
PostThreadMessageW

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetViewportOrgEx
BitBlt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetMapMode
SetTextColor
SetBkMode
SetBkColor
SelectObject
GetStockObject
DeleteObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetDeviceCaps
CreateCompatibleDC
CreateFontIndirectW
GetObjectW
CreateCompatibleBitmap

winspool.drv

OpenPrinterW
EndPagePrinter
StartPagePrinter
ClosePrinter
WritePrinter
DocumentPropertiesW
StartDocPrinterW
EndDocPrinter

advapi32

RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

comctl32

ord17

ole32

CreateStreamOnHGlobal

gdiplus

GdipFree
GdipDeletePath
GdipDeletePathIter
GdipResetPath
GdipGetPathData
GdipPathIterNextSubpathPath
GdipCreatePath
GdipCreatePathIter
GdipGetPointCount
GdipClonePath
GdipClearPathMarkers
GdipSetPathMarker
GdipCreateMatrix2
GdipTransformPath
GdipTranslateMatrix
GdipCreateMatrix
GdipGetPathWorldBounds
GdipInvertMatrix
GdipFlattenPath
GdipScaleMatrix
GdipDeleteMatrix
GdipAddPathRectangle
GdipAddPathPath
GdipPathIterNextMarkerPath
GdipLoadImageFromStream
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipDeleteFontFamily
GdipDeleteStringFormat
GdipDeleteBrush
GdipFillPath
GdipCreateSolidFill
GdipAddPathString
GdipSetStringFormatFlags
GdipCreateStringFormat
GdipCreateFontFamilyFromName
GdipCreateLineBrushFromRect
GdipSetPageUnit
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCloneBrush
GdipFillRectangle
GdipAlloc
GdipPathIterHasCurve

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

OnPluginCutPath
OnPluginGetInfo

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/GazellePlugin.dll
.dll windows:4 windows x86 arch:x86

20aa2cc746ccda7b5e43c226c5843f93

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
SetFilePointer
GetCurrentProcess
GetProcessVersion
GlobalFlags
lstrcmpiW
lstrcpynW
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalFree
WaitForSingleObject
lstrcmpW
GlobalAlloc
GetCurrentThread
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
LoadLibraryA
FreeLibrary
FindResourceW
LoadResource
LockResource
GetVersion
lstrcatW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetModuleFileNameW
FormatMessageW
LocalFree
SetLastError
CreateEventW
WriteFile
GetOverlappedResult
CreateFileW
PurgeComm
SetupComm
SetCommState
SetCommTimeouts
GetLastError
Sleep
CloseHandle
CreateThread
SetThreadPriority
ResumeThread
VirtualFree

user32

IsDialogMessageW
SetWindowTextW
ShowWindow
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
LoadBitmapW
GetMenuCheckMarkDimensions
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutW
DrawTextW
GrayStringW
PostQuitMessage
LoadStringW
SetCursor
GetCursorPos
ValidateRect
GetActiveWindow
TranslateMessage
GetMessageW
CreateDialogIndirectParamW
EndDialog
UnregisterClassW
GetClassNameW
PtInRect
LoadCursorW
GetSysColorBrush
DestroyMenu
CheckDlgButton
LoadIconW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
DispatchMessageW
GetFocus
SetActiveWindow
SetFocus
IsDlgButtonChecked
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxW
GetParent
GetCapture
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
GetKeyState
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongW
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
SetDlgItemTextW
AdjustWindowRectEx
GetSysColor
SendMessageW
EnableWindow
GetClientRect
PeekMessageW
IsWindow
PostMessageW
PostThreadMessageW
DestroyWindow

gdi32

DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateBitmap
DeleteObject
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetTextColor
SetBkColor
GetClipBox
GetObjectW
CreateFontIndirectW
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

winspool.drv

EndPagePrinter
EndDocPrinter
WritePrinter
StartDocPrinterW
StartPagePrinter
ClosePrinter
EnumPrintersW
DocumentPropertiesW
OpenPrinterW

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

comctl32

ord17

gdiplus

GdipDeletePathIter
GdipResetPath
GdipGetPathData
GdipPathIterNextSubpathPath
GdipCreatePath
GdipCreatePathIter
GdipGetPointCount
GdipDeleteGraphics
GdipDeleteFontFamily
GdipDeleteStringFormat
GdipDeleteBrush
GdipFillPath
GdipCreateSolidFill
GdipDeleteMatrix
GdipClonePath
GdipSetStringFormatFlags
GdipCreateStringFormat
GdipCreateFontFamilyFromName
GdipCreateLineBrushFromRect
GdipSetPageUnit
GdipDeletePath
GdipSetInterpolationMode
GdipCreateFromHDC
GdipTransformPath
GdipInvertMatrix
GdipFlattenPath
GdipScaleMatrix
GdipCreateMatrix
GdipPathIterHasCurve
GdipTranslateMatrix
GdipGetPathWorldBounds
GdipCloneBrush
GdipFillRectangle
GdipClearPathMarkers
GdipSetPathMarker
GdipCreateMatrix2
GdipAddPathRectangle
GdipAddPathPath
GdipPathIterNextMarkerPath
GdipAlloc
GdipSetSmoothingMode
GdipFree
GdipAddPathString

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

OnPluginCutPath
OnPluginGetInfo

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/PCCPlugin.dll
.dll windows:4 windows x86 arch:x86

4fdd47a2df0d738826a211171b42f8de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
HeapFree
GetCommandLineA
HeapAlloc
RaiseException
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
SetFilePointer
GetCurrentProcess
GetProcessVersion
GlobalFlags
lstrcmpiW
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpW
GetProcAddress
GetCurrentThread
lstrcpynW
MulDiv
WideCharToMultiByte
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
lstrlenA
MultiByteToWideChar
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
SetEvent
ResetEvent
FormatMessageW
LocalFree
GetModuleHandleW
GetModuleFileNameW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
LoadResource
SizeofResource
LockResource
SetLastError
QueryDosDeviceW
CreateEventW
CreateThread
SetThreadPriority
ResumeThread
CreateEventA
WriteFile
ReadFile
GetLastError
WaitForSingleObject
GetOverlappedResult
CreateFileA
PurgeComm
SetCommState
SetCommTimeouts
CloseHandle
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
FreeLibrary
LoadLibraryW
SetHandleCount

user32

ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutW
DrawTextW
GrayStringW
PostQuitMessage
LoadStringW
CreateDialogIndirectParamW
GetActiveWindow
EndDialog
SetCursor
GetCursorPos
ValidateRect
TranslateMessage
GetMessageW
UnregisterClassW
GetClassNameW
PtInRect
LoadCursorW
GetSysColorBrush
DestroyMenu
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
CheckDlgButton
LoadIconW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
DispatchMessageW
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
GetMenuCheckMarkDimensions
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxW
GetParent
GetCapture
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextW
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongW
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetSystemMetrics
PostMessageW
PeekMessageW
GetWindowRect
IsWindow
InvalidateRect
PostThreadMessageW
EnableWindow
LoadBitmapW
GetMenuState
GetClientRect
GetSysColor
SendMessageW
GetWindowTextLengthW

gdi32

SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetStockObject
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateDIBSection
DeleteObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

comctl32

ord17

ole32

CreateStreamOnHGlobal

gdiplus

GdipDeleteStringFormat
GdipDeletePath
GdipDeleteBrush
GdipFillPath
GdipCreateSolidFill
GdipDeleteMatrix
GdipAddPathString
GdipCreatePath
GdipSetStringFormatFlags
GdipCreateStringFormat
GdipCreateFontFamilyFromName
GdipCreateLineBrushFromRect
GdipSetPageUnit
GdipDeleteFontFamily
GdipSetInterpolationMode
GdipCreateFromHDC
GdipDeletePathIter
GdipFree
GdipTransformPath
GdipInvertMatrix
GdipFlattenPath
GdipScaleMatrix
GdipCreateMatrix
GdipAlloc
GdipClonePath
GdipPathIterHasCurve
GdipCreatePathIter
GdipTranslateMatrix
GdipSetSmoothingMode
GdipCloneBrush
GdipFillRectangle
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGetImageHeight
GdipResetPath
GdipPathIterGetSubpathCount
GdipClosePathFigure
GdipStartPathFigure
GdipAddPathLine
GdipAddPathBezier
GdipGetPathData
GdipGetPointCount
GdipPathIterNextSubpathPath
GdipDisposeImage
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipDeletePen
GdipSetPenStartCap
GdipSetPenEndCap
GdipSetPenLineCap197819
GdipSetPenLineJoin
GdipSetPenDashStyle
GdipCreatePen1
GdipFillRectangleI
GdipCreateHatchBrush
GdipAddPathPath
GdipDrawLine
GdipDrawBezier
GdipDrawPath
GdipDeleteGraphics
GdipGetPathWorldBounds

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

OnPluginCutPath
OnPluginGetInfo

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/USCMHLPlugin.dll
.dll windows:4 windows x86 arch:x86

ddb98d3fb6b1bf7d4a512f008ed3d8c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
HeapFree
GetCommandLineA
HeapAlloc
RaiseException
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentProcess
GetProcessVersion
GlobalFlags
lstrcmpiW
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcmpW
GetCurrentThread
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcpynW
MulDiv
GetModuleHandleA
LoadLibraryA
GetVersion
lstrcatW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
lstrlenW
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
GetProcAddress
FreeLibrary
QueryDosDeviceW
GetModuleHandleW
GetModuleFileNameW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
LoadResource
SizeofResource
LockResource
FormatMessageW
LocalFree
SetLastError
CreateEventW
WriteFile
GetOverlappedResult
CreateFileW
PurgeComm
SetupComm
SetCommState
SetCommTimeouts
GetLastError
Sleep
CloseHandle
CreateThread
SetThreadPriority
ResumeThread
GetFileType
WaitForSingleObject

user32

GetMenuCheckMarkDimensions
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutW
DrawTextW
GrayStringW
CreateDialogIndirectParamW
GetActiveWindow
EndDialog
LoadStringW
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
TranslateMessage
GetMessageW
UnregisterClassW
GetClassNameW
PtInRect
LoadCursorW
GetSysColorBrush
DestroyMenu
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
CheckDlgButton
LoadIconW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
DispatchMessageW
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxW
GetParent
GetCapture
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongW
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
InvalidateRect
EnableWindow
GetClientRect
GetSysColor
SendMessageW
PeekMessageW
IsWindow
PostMessageW
PostThreadMessageW

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetDeviceCaps
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateCompatibleDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DeleteObject
GetObjectW
BitBlt
CreateCompatibleBitmap
CreateFontIndirectW

winspool.drv

OpenPrinterW
EndPagePrinter
StartPagePrinter
ClosePrinter
WritePrinter
DocumentPropertiesW
StartDocPrinterW
EndDocPrinter

advapi32

RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

comctl32

ord17

ole32

CreateStreamOnHGlobal

gdiplus

GdipFree
GdipDeletePath
GdipDeletePathIter
GdipResetPath
GdipGetPathData
GdipPathIterNextSubpathPath
GdipCreatePath
GdipCreatePathIter
GdipGetPointCount
GdipClonePath
GdipDeleteFontFamily
GdipDeleteStringFormat
GdipDeleteBrush
GdipFillPath
GdipCreateSolidFill
GdipDeleteMatrix
GdipAddPathString
GdipSetStringFormatFlags
GdipCreateStringFormat
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipSetPageUnit
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipCreateFromHDC
GdipTransformPath
GdipInvertMatrix
GdipFlattenPath
GdipScaleMatrix
GdipCreateMatrix
GdipPathIterHasCurve
GdipTranslateMatrix
GdipGetPathWorldBounds
GdipCloneBrush
GdipFillRectangle
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipClearPathMarkers
GdipSetPathMarker
GdipCreateMatrix2
GdipAddPathRectangle
GdipAddPathPath
GdipPathIterNextMarkerPath
GdipAlloc
GdipCreateLineBrushFromRect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

OnPluginCutPath
OnPluginGetInfo

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.rtf
.rtf
README.txt
Uninstall.exe.nsis
aeroglass.dll
.dll windows:4 windows x86 arch:x86

e4edd6c6f7c14b297ea18cfb540db3d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

avifil32

AVIStreamRelease
AVIStreamGetFrameClose
AVIStreamInfoW
AVIStreamSampleToTime
AVIStreamStart
AVIStreamLength
AVIStreamGetFrameOpen
AVIStreamOpenFromFileW
AVIStreamGetFrame
AVIFileInit
AVIFileExit

msvfw32

DrawDibClose
DrawDibOpen
DrawDibDraw

msvcrt

_read
_adjust_fdiv
malloc
_initterm
_close
wcsrchr
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
wcscmp
_beginthreadex
free
wcsncpy
_wsopen
_lseeki64
_wcsicmp

gdiplus

GdipDrawLineI
GdipSetPenDashStyle
GdipCreateBitmapFromHICON
GdipCreatePen1
GdipDrawRectangleI
GdipDeletePen
GdipCloneImage
GdipDeleteCachedBitmap
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipGetImageHeight
GdipGetImageWidth
GdipCloneBitmapAreaI
GdipBitmapGetPixel
GdipDisposeImage
GdipBitmapSetPixel
GdipCreateFromHDC
GdipCreateCachedBitmap
GdipDrawCachedBitmap
GdipDeleteGraphics
GdipFree
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI

user32

IntersectRect
GetCapture
GetFocus
PtInRect
GetCursorPos
GetWindowRect
GetWindowTextW
GetWindowTextLengthW
InflateRect
DrawTextW
GetClassNameW
EnumChildWindows
ShowCaret
HideCaret
FillRect
UpdateWindow
InvalidateRect
InvalidateRgn
GetPropW
ScreenToClient
OffsetRect
GetSysColor
FrameRect
RemovePropW
SetWindowLongW
SetPropW
IsIconic
RegisterWindowMessageW
IsWindow
ClientToScreen
GetDC
GetWindowLongW
ReleaseDC
BeginPaint
EndPaint
PostMessageW
GetClientRect
CallWindowProcW
MapWindowPoints
SendMessageW
GetParent

gdi32

DeleteObject
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetObjectW
GetBitmapDimensionEx
PatBlt
GetTextMetricsW
SetPixel
GetStockObject
DeleteDC

kernel32

LocalAlloc
GetFileAttributesW
DisableThreadLibraryCalls
GetModuleFileNameW
WaitForSingleObject
DeleteFileW
CreateEventW
CloseHandle
WriteFile
LockResource
GetLongPathNameW
GetProcAddress
GetLastError
FreeLibrary
SetLastError
LoadLibraryW
SetEvent
GetTempPathW
GetTempFileNameW
CreateFileW
LocalFree
FindResourceW
LoadResource
SizeofResource

Exports

Exports

AeroAutoSubclass
AeroSubClassCtrl
AeroSubClassWnd

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libexpat.dll
.dll windows:4 windows x86 arch:x86

727518929ac61e1912d18bb38178c42d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
HeapFree
HeapReAlloc
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
RtlUnwind
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

XML_DefaultCurrent
XML_ErrorString
XML_ExpatVersion
XML_ExpatVersionInfo
XML_ExternalEntityParserCreate
XML_FreeContentModel
XML_GetBase
XML_GetBuffer
XML_GetCurrentByteCount
XML_GetCurrentByteIndex
XML_GetCurrentColumnNumber
XML_GetCurrentLineNumber
XML_GetErrorCode
XML_GetFeatureList
XML_GetIdAttributeIndex
XML_GetInputContext
XML_GetParsingStatus
XML_GetSpecifiedAttributeCount
XML_MemFree
XML_MemMalloc
XML_MemRealloc
XML_Parse
XML_ParseBuffer
XML_ParserCreate
XML_ParserCreateNS
XML_ParserCreate_MM
XML_ParserFree
XML_ParserReset
XML_ResumeParser
XML_SetAttlistDeclHandler
XML_SetBase
XML_SetCdataSectionHandler
XML_SetCharacterDataHandler
XML_SetCommentHandler
XML_SetDefaultHandler
XML_SetDefaultHandlerExpand
XML_SetDoctypeDeclHandler
XML_SetElementDeclHandler
XML_SetElementHandler
XML_SetEncoding
XML_SetEndCdataSectionHandler
XML_SetEndDoctypeDeclHandler
XML_SetEndElementHandler
XML_SetEndNamespaceDeclHandler
XML_SetEntityDeclHandler
XML_SetExternalEntityRefHandler
XML_SetExternalEntityRefHandlerArg
XML_SetNamespaceDeclHandler
XML_SetNotStandaloneHandler
XML_SetNotationDeclHandler
XML_SetParamEntityParsing
XML_SetProcessingInstructionHandler
XML_SetReturnNSTriplet
XML_SetSkippedEntityHandler
XML_SetStartCdataSectionHandler
XML_SetStartDoctypeDeclHandler
XML_SetStartElementHandler
XML_SetStartNamespaceDeclHandler
XML_SetUnknownEncodingHandler
XML_SetUnparsedEntityDeclHandler
XML_SetUserData
XML_SetXmlDeclHandler
XML_StopParser
XML_UseForeignDTD
XML_UseParserAsHandlerArg

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zlib1.dll
.dll windows:4 windows x86 arch:x86

7e3560e4dd2deaa398fa039458dd4b4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
malloc
strerror
fflush
_errno
fopen
fread
fprintf
_vsnprintf
sprintf
ftell
fseek
fclose
clearerr
_fdopen
_initterm
_adjust_fdiv
fwrite
fputc

kernel32

DisableThreadLibraryCalls

Exports

Exports

adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:beCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

68:69:4b:29:97:eb:bc:b6:c2:cd:62:5a:73:f2:30:5cCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

33:cb:73:8f:9e:9e:2b:01:e5:ce:94:89:26:a2:72:fb:26:1e:bb:bcSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 17KB - Virtual size: 17KB

ece2b832ae3aa99a45ca93ff22cca4fa

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:beCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

68:69:4b:29:97:eb:bc:b6:c2:cd:62:5a:73:f2:30:5cCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

8d:2c:b9:3c:48:24:2a:9a:cf:98:a1:f9:5f:d3:b9:28:0b:1c:12:b9Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

gdiplus

version

wininet

zlib1

libexpat

Sections

.text Size: 1.1MB - Virtual size: 2.6MB

.rsrc Size: 173KB - Virtual size: 176KB

11304899b1dbdadeed579faae449254a

Headers

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

68:69:4b:29:97:eb:bc:b6:c2:cd:62:5a:73:f2:30:5c
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

33:cb:73:8f:9e:9e:2b:01:e5:ce:94:89:26:a2:72:fb:26:1e:bb:bc
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 17KB - Virtual size: 17KB

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

68:69:4b:29:97:eb:bc:b6:c2:cd:62:5a:73:f2:30:5c
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

8d:2c:b9:3c:48:24:2a:9a:cf:98:a1:f9:5f:d3:b9:28:0b:1c:12:b9
Signer

.text
Size: 1.1MB - Virtual size: 2.6MB

.rsrc
Size: 173KB - Virtual size: 176KB

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 20KB - Virtual size: 17KB