aaaa0c5dd02119654d2876c17a61c72e5966a9bb3de1d7f52397c362cbf450e4

Sharing

Copy URL Twitter E-mail

General

Target

aaaa0c5dd02119654d2876c17a61c72e5966a9bb3de1d7f52397c362cbf450e4
Size

1.7MB
MD5

43572c1597423b75d76dfbbb9cb4d5ad
SHA1

df03351b24d32193b85a0bd4fab8eda48e2dbb0f
SHA256

aaaa0c5dd02119654d2876c17a61c72e5966a9bb3de1d7f52397c362cbf450e4
SHA512

b302a57818fe8a17fdc45137b27f480b4c4421ad493f7e024017523f01bce45eef81d6467d7027aa045fe564e77ef48f8789c814e3beac6db56a8bfbac90b68d
SSDEEP

49152:rvZ/rCs92jQmuNz5jztyrdSXo720TmtkacNqmI:LZDk8miz5/e8o72w3N1I

Score

1^/10

Malware Config

Signatures

Files

aaaa0c5dd02119654d2876c17a61c72e5966a9bb3de1d7f52397c362cbf450e4
.zip
小工具/DesktopOK.zip
.zip
DesktopOK.exe
.exe windows:4 windows x86 arch:x86

d7efd1e12b8a47bb227a7dff52a7c2fe

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/07/2023, 09:33

Not After

27/07/2024, 09:33

Subject

SERIALNUMBER=15.06.2017,CN=Nenad Hrg,O=Nenad Hrg,STREET=Edelweissstrasse 104,L=Taufkirchen,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c16737570706f727440736f6674776172656f6b2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130b546175666b69726368656e,1.3.6.1.4.1.311.60.2.1.2=#130642617965726e,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

82:dd:f9:46:64:6a:f6:f7:79:ea:bc:18:de:bd:9f:dc:71:93:16:0a:e2:ee:10:96:10:14:3c:a4:7c:6b:4b:29
Signer

Actual PE Digest

82:dd:f9:46:64:6a:f6:f7:79:ea:bc:18:de:bd:9f:dc:71:93:16:0a:e2:ee:10:96:10:14:3c:a4:7c:6b:4b:29

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
VirtualAlloc
VirtualFree
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
ReadProcessMemory
CreateProcessW
FindFirstFileW
lstrcpynW
GetExitCodeProcess
ExitProcess
WaitForSingleObject
FormatMessageW
InterlockedExchange
GetStartupInfoW
LocalFree
GlobalSize
GetCurrentDirectoryW
GetFileAttributesW
GetLogicalDriveStringsW
GetDriveTypeW
RemoveDirectoryW
SetFileAttributesW
GlobalMemoryStatus
lstrcmpiW
OpenProcess
GetWindowsDirectoryW
GetComputerNameW
CreateDirectoryW
GetUserDefaultLangID
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTimeFormatW
GetDateFormatW
GetUserDefaultLCID
EnumDateFormatsW
EnumTimeFormatsW
GetLocaleInfoW
SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime
DeleteFileW
GetFileSize
ReadFile
lstrcatW
CopyFileW
CreateFileW
WriteFile
WideCharToMultiByte
GetModuleFileNameW
GlobalReAlloc
SizeofResource
FreeLibrary
GetModuleHandleW
OutputDebugStringW
HeapDestroy
CreateMutexW
GetLastError
CloseHandle
LoadLibraryW
GetProcAddress
GetLocalTime
CreateThread
Sleep
TerminateThread
GetVersionExW
GetCurrentProcessId
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSection
DeleteCriticalSection
lstrcmpW
GetCurrentThreadId
GlobalLock
GlobalUnlock
EnterCriticalSection
LeaveCriticalSection
GlobalAlloc
FindResourceW
LoadResource
LockResource
GlobalHandle
GlobalFree
FreeResource
lstrcpyW
MultiByteToWideChar
lstrlenA
InterlockedDecrement
lstrlenW
GetTempPathW
InterlockedIncrement

user32

SetForegroundWindow
CascadeWindows
TileWindows
GetCursor
GetAsyncKeyState
DialogBoxParamW
LoadMenuW
EnumDisplaySettingsW
FindWindowW
CopyIcon
SetCursor
keybd_event
SendDlgItemMessageW
SetDlgItemTextW
EnumDisplayMonitors
SetPropW
CopyRect
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
ClientToScreen
SetActiveWindow
GetWindowPlacement
FindWindowExW
GetDlgItem
GetParent
EndDialog
EnumChildWindows
CreatePopupMenu
AppendMenuW
GetCursorPos
TrackPopupMenu
CreateDialogParamW
EnumWindows
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
SetRect
SendMessageTimeoutW
LoadStringW
MonitorFromPoint
GetMonitorInfoW
TrackPopupMenuEx
EnableWindow
CheckMenuItem
DeleteMenu
InsertMenuW
GetSystemMenu
GetClassLongW
DrawIconEx
EnableMenuItem
SetWindowPlacement
IsZoomed
GetForegroundWindow
LoadIconW
MoveWindow
EmptyClipboard
RegisterClipboardFormatW
SetDlgItemInt
IsRectEmpty
GetDlgItemInt
GetDlgItemTextW
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetWindowLongW
SendMessageW
ReleaseDC
GetDC
LoadBitmapW
ShowWindow
KillTimer
RedrawWindow
SetTimer
SwitchDesktop
DrawAnimatedRects
GetKeyboardState
SetCursorPos
GetThreadDesktop
GetUserObjectInformationW
OpenDesktopW
CreateDesktopW
ModifyMenuW
OffsetRect
GetSysColorBrush
GetSubMenu
PeekMessageW
PtInRect
CallNextHookEx
GetSystemMetrics
GetWindowDC
DrawTextW
GetMessagePos
WindowFromPoint
ScreenToClient
UpdateWindow
GetKeyState
GetActiveWindow
GetWindowThreadProcessId
CharLowerW
CharNextW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
MessageBeep
PostMessageW
UnhookWindowsHookEx
SetWindowsHookExW
IsWindowVisible
DestroyMenu
CreateWindowExW
wsprintfW
GetClassNameW
DestroyWindow
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableW
GetDesktopWindow
IsWindow
BeginPaint
FillRect
EndPaint
CallWindowProcW
SetFocus
GetSysColor
GetWindowTextLengthW
GetWindowTextW
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateDialogIndirectParamW
GetFocus
IsChild
IsDialogMessageW
PostQuitMessage
LoadImageW
SetWindowTextW
SetParent
SetWindowLongW

gdi32

RestoreDC
SaveDC
GetTextExtentPointW
Ellipse
OffsetWindowOrgEx
SetROP2
MoveToEx
LineTo
CreateDCW
CreateEnhMetaFileW
CloseEnhMetaFile
SelectPalette
RealizePalette
GetClipBox
GetDIBits
SetPixel
PatBlt
CreateBitmap
CreatePatternBrush
SetTextColor
SetBkMode
GetStockObject
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
GetObjectW
CreateDIBSection
CreateCompatibleDC
SelectObject
SetBkColor
ExtTextOutW
CreatePen
GetPixel
GetCurrentObject
Rectangle
StretchBlt
SetStretchBltMode
SetDIBitsToDevice
CreateFontIndirectW
BitBlt
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameW
ChooseFontW
ChooseColorW
GetSaveFileNameW

advapi32

RegOpenKeyW
GetTokenInformation
RegEnumKeyExW
RegDeleteKeyW
GetUserNameW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptAcquireContextW
CryptCreateHash
RegQueryValueExW

shell32

SHAppBarMessage
SHGetMalloc
SHGetFileInfoW
ord25
SHFileOperationW
SHGetDesktopFolder
SHGetSpecialFolderLocation
ord155
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetSettings
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW

ole32

CLSIDFromString
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoSetProxyBlanket
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
ReleaseStgMedium
CoInitializeSecurity
CoInitializeEx

oleaut32

SysFreeString
VarRound
DispCallFunc
SafeArrayDestroy
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
VariantClear
SysAllocString
SysAllocStringLen

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
memmove
wcsstr
free
memset
malloc
_purecall
memcmp
realloc
_ftol
_wcsicmp
wcsncpy
wcsrchr
wcscmp
vswprintf
wcslen
swprintf
iswdigit
_wtoi
iswspace
abs
strlen
sprintf
time
wcscat
wcschr
__CxxFrameHandler
fmod
mktime
_wsetlocale
wcscpy
wcsftime
localtime
exit
putc
getc
fwrite
fread
fclose
_wfopen
clock
_wcsicoll
rand
_vsnwprintf
_exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_memicmp
_CxxThrowException
_XcptFilter
??1type_info@@UAE@XZ

comctl32

ImageList_LoadImageW
ImageList_Create
ImageList_GetIcon
ImageList_ReplaceIcon
ord17
InitCommonControlsEx
ImageList_Draw
ImageList_GetImageCount

gdiplus

GdipDeleteGraphics
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdiplusStartup
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipDisposeImage
GdipFree
GdipCloneImage
GdipGetImageWidth
GdipAlloc
GdipCreateHICONFromBitmap

winmm

mixerOpen
mixerGetLineInfoW
mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails
mixerClose
mixerGetNumDevs
waveOutOpen
mixerGetID
waveOutClose
PlaySoundW
timeGetTime

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lisez-moi.txt
leggimi.txt
liesmich.txt
readme.txt
ПрочтиМеня.txt
ЧитайМеня.txt
прочетиме.txt
읽어보기.txt
小工具/DontSleep_Portable.zip
.zip
DontSleep_p.exe
.exe windows:4 windows x86 arch:x86

19a37690df81c82a9cb46bd9c976a7d0

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cd
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:20

Not After

29/12/2040, 23:59

Subject

CN=Entrust Code Signing CA - OVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:da:c2:fc:9b:dd:20:f4:76:91:88:4c:b3:93:89:88
Certificate

Issuer

CN=Entrust Code Signing CA - OVCS2,O=Entrust\, Inc.,C=US

Not Before

29/07/2023, 17:50

Not After

29/07/2025, 17:50

Subject

CN=Nenad Hrg,O=Nenad Hrg,L=Taufkirchen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:22

Not After

29/12/2040, 23:59

Subject

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:14:dd:b8:91:ab:9c:0f:99:f1:25:ed:c5:9a:b6:d5
Certificate

Issuer

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Not Before

04/10/2022, 17:22

Not After

01/01/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA2,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:35:68:18:1d:d8:9d:c5:78:de:29:3e:eb:5b:70:29:95:6f:08:c7:8b:8c:d3:08:6c:7a:66:71:e5:36:05:ca
Signer

Actual PE Digest

1d:35:68:18:1d:d8:9d:c5:78:de:29:3e:eb:5b:70:29:95:6f:08:c7:8b:8c:d3:08:6c:7a:66:71:e5:36:05:ca

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord6278
ord6279
ord2078
ord2613
ord1131
ord6211
ord5296
ord1143
ord4155
ord2858
ord4282
ord6777
ord1644
ord942
ord5949
ord3871
ord2859
ord2634
ord6632
ord3341
ord1941
ord4029
ord755
ord470
ord6330
ord6398
ord6399
ord2579
ord4400
ord3724
ord804
ord4262
ord1197
ord859
ord4270
ord3568
ord3621
ord2406
ord1634
ord3658
ord3566
ord3614
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord823
ord765
ord3693
ord4197
ord2756
ord4219
ord5679
ord2755
ord4124
ord4272
ord860
ord6654
ord2680
ord1594
ord940
ord2372
ord6193
ord1565
ord922
ord818
ord2127
ord2855
ord2637
ord3716
ord3087
ord925
ord5568
ord795
ord2910
ord1165
ord2371
ord537
ord927
ord858
ord538
ord535
ord540
ord2810
ord861
ord6195
ord6868
ord800
ord4704
ord4229
ord2294
ord825
ord324
ord567
ord641
ord656
ord609
ord616
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3605
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord3569
ord4418
ord3397
ord5286
ord4390
ord1768
ord6051
ord2567
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord6597
ord1569

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp
_memicmp
__CxxFrameHandler
clock
_ftol
_CIfmod
time
_wtoi
wcsrchr
free
sprintf
malloc
fclose
fwrite
_wfopen
wcscmp
wcscat
wcsstr
realloc
_except_handler3
_wcsicmp
_errno
_beginthreadex
fread
strftime
localtime
wcslen
_CxxThrowException
memset
memcpy
sin
cos
exit
putc
getc
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr

kernel32

GetTempPathW
DeleteFileW
CreateFileW
WriteFile
CloseHandle
CopyFileW
WideCharToMultiByte
GetModuleFileNameW
lstrcpynW
SetProcessShutdownParameters
lstrcmpiW
lstrcmpW
GetProcAddress
lstrlenW
GetTickCount
GetModuleHandleA
OutputDebugStringA
GetEnvironmentVariableW
lstrlenA
OutputDebugStringW
CreateThread
GetStartupInfoW
lstrcatW
GetModuleHandleW
GetVersionExW
lstrcpyW
InterlockedDecrement
CreateMutexW
GetLocalTime
GetLastError
GetUserDefaultLangID
LoadLibraryW
GetCurrentProcess
GetSystemDirectoryW
GetFileAttributesW
EnterCriticalSection
InterlockedIncrement
WaitForSingleObject
ResetEvent
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
Sleep
TerminateThread
WaitForMultipleObjects
SetEvent
GetCurrentThreadId
LocalFree
GetNumberFormatW
GetLocaleInfoW
SetSystemPowerState
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FreeLibrary
CreateDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTimeZoneInformation
LockResource
LoadResource
SetThreadExecutionState
LeaveCriticalSection
FindResourceW

user32

CreateIconIndirect
GetIconInfo
DestroyMenu
GetMessagePos
TrackPopupMenuEx
LoadBitmapW
InvalidateRect
keybd_event
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetDlgCtrlID
IsIconic
DrawIcon
GetWindowTextW
SendDlgItemMessageW
SetParent
ScreenToClient
ExitWindowsEx
GetKeyboardState
GetParent
CallNextHookEx
GetKeyState
UnhookWindowsHookEx
SetWindowsHookExW
ClientToScreen
SetForegroundWindow
SetActiveWindow
ReleaseDC
GetMenu
GetMenuItemCount
DeleteMenu
GetForegroundWindow
EnableMenuItem
SetWindowPos
PostMessageW
RedrawWindow
InsertMenuW
IsWindowVisible
GetSystemMenu
GetSubMenu
DrawAnimatedRects
FindWindowExW
DestroyIcon
SetMenuItemInfoW
CopyRect
GetSysColorBrush
GetWindowLongW
SetWindowLongW
CallWindowProcW
GetClassNameW
MapWindowPoints
SetMenu
SystemParametersInfoW
TranslateAcceleratorW
RegisterWindowMessageW
LoadAcceleratorsW
EnumWindows
GetSysColor
SendMessageW
GetMenuItemInfoW
FillRect
DrawTextW
OffsetRect
SetPropW
GetDC
SetTimer
KillTimer
EnableWindow
LoadImageW
SendMessageTimeoutW
GetActiveWindow
MessageBoxW
GetClientRect
PostQuitMessage
LoadIconW
SetDlgItemTextW
CreatePopupMenu
GetWindowRect
AppendMenuW
TrackPopupMenu
CheckMenuItem
GetAsyncKeyState
GetCursorPos
ShowWindow
SetWindowTextW
GetDlgItem
wsprintfW
GetSystemMetrics
IsWindow

gdi32

GetTextExtentPoint32W
CreateCompatibleBitmap
SetGraphicsMode
SetWorldTransform
StretchBlt
GetPixel
GetCurrentObject
SetPixel
CreateBitmap
CreatePatternBrush
OffsetWindowOrgEx
GetClipBox
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
CreateCompatibleDC
CreateSolidBrush
DeleteDC
GetStockObject
DeleteObject
SelectObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps

comdlg32

GetOpenFileNameW

advapi32

OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyW
RegSetValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHAppBarMessage
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ExtractIconExW
ShellExecuteExW
ShellExecuteW

comctl32

ImageList_Create
ImageList_Draw
ImageList_ReplaceIcon
ImageList_DrawEx

ole32

CoInitialize

oleaut32

SysAllocString
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
VariantClear

winmm

joyGetNumDevs
joyGetPos
joyGetPosEx

msvcp60

??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1_Lockit@std@@QAE@XZ

ws2_32

WSACleanup
WSAAccept
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
listen
bind
WSAGetLastError
WSACloseEvent
WSAStartup
htons
WSASend
WSARecv
inet_addr
htonl
closesocket
WSASocketW

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
小工具/Office.Files.Images.zip
.zip
Office.Files.Images.exe
.exe windows:4 windows x86 arch:x86

0e81ef117b0b40e12080e37cf59835b7

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:60:89:6b:93:1c:3c:5a:e1:ad:84:cf:da:71:06:b0
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

14/06/2021, 00:00

Not After

14/06/2023, 23:59

Subject

CN=Nenad Hrg,O=Nenad Hrg,L=Srima,C=HR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:ca:6a:fe:04:2a:ff:1b:d1:3f:6f:98:b9:00:24:47:a1:04:e8:39:d0:33:9d:84:23:93:b9:d2:79:db:19:4f
Signer

Actual PE Digest

f3:ca:6a:fe:04:2a:ff:1b:d1:3f:6f:98:b9:00:24:47:a1:04:e8:39:d0:33:9d:84:23:93:b9:d2:79:db:19:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumTimeFormatsW
EnumDateFormatsW
GetUserDefaultLCID
GetDateFormatW
GetTimeFormatW
Sleep
CreateThread
SystemTimeToFileTime
SetFileTime
GetNumberFormatW
GetLocaleInfoW
FreeLibrary
lstrcpynW
LoadResource
FindResourceW
EnterCriticalSection
LeaveCriticalSection
CopyFileW
InterlockedExchange
GetStartupInfoW
DosDateTimeToFileTime
GetCurrentDirectoryW
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
OutputDebugStringA
GetVersionExW
GetLocalTime
GetCurrentThreadId
lstrcmpW
GetTimeZoneInformation
CreateMutexW
GetLastError
GetModuleFileNameW
CreateDirectoryW
GetUserDefaultLangID
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFileSize
ReadFile
CloseHandle
WriteFile
DeleteFileW
DeleteCriticalSection
GetFileAttributesW
CreateFileW
SetFileAttributesW
GlobalSize
GetTempPathW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
InitializeCriticalSection
GetModuleHandleW
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
lstrcatW
lstrcpyW
WideCharToMultiByte
InterlockedDecrement
OutputDebugStringW
DebugBreak
MultiByteToWideChar
lstrlenA
InterlockedIncrement
lstrlenW
LoadLibraryW
GetProcAddress
GetWindowsDirectoryW
LockResource

user32

OpenClipboard
MessageBoxW
GetDlgItem
GetDC
EndDialog
CreateDialogParamW
SetWindowPos
GetWindowRect
keybd_event
SetForegroundWindow
EnumWindows
DrawTextW
GetAsyncKeyState
IsWindow
DestroyWindow
SetWindowLongW
LoadIconW
GetSystemMetrics
GetComboBoxInfo
SendMessageW
CallWindowProcW
GetWindowLongW
wsprintfW
GetCursorPos
EndPaint
BeginPaint
KillTimer
SetTimer
InvalidateRect
GetSysColor
PtInRect
ClientToScreen
ScreenToClient
CopyImage
RegisterWindowMessageW
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
GetMessageW
LoadAcceleratorsW
RegisterClassExW
LoadCursorW
ShowWindow
CreateWindowExW
UpdateWindow
SetMenu
SetMenuItemInfoW
GetSysColorBrush
GetSubMenu
TrackPopupMenuEx
UnhookWindowsHookEx
GetMessagePos
DestroyMenu
GetMenuItemCount
GetMenuStringW
GetWindowPlacement
SetRect
MoveWindow
CheckMenuItem
SetParent
EnableWindow
IsWindowVisible
InsertMenuW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
LoadImageW
GetFocus
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
RedrawWindow
ExitWindowsEx
DialogBoxParamW
SetDlgItemTextW
GetParent
GetDlgCtrlID
SetWindowsHookExW
CallNextHookEx
GetClassNameW
MapWindowPoints
ReleaseDC
GetMenuItemInfoW
SetPropW
SystemParametersInfoW
GetActiveWindow
PostMessageW
GetClientRect
DefWindowProcW
GetWindowTextW
CopyRect
OffsetRect
CharLowerW
CharNextW
wvsprintfW
LoadStringW
SetWindowTextW
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage

gdi32

GetClipBox
GetDeviceCaps
EnumFontsW
GetStockObject
SetPixel
GetCurrentObject
GetObjectW
CreateFontIndirectW
GetTextExtentPoint32W
SelectObject
SetBkColor
SetBkMode
SetTextColor
CreateSolidBrush
CreateBitmap
ExtTextOutW
DeleteObject

comdlg32

ChooseColorW
GetOpenFileNameW

advapi32

RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW

shell32

ord18
ord17
ord16
ord155
ShellExecuteExW
ord25
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFileInfoW
SHChangeNotify
DragQueryFileW
DragFinish
ord190
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteW

ole32

OleInitialize
CreateStreamOnHGlobal
CoInitializeEx
CoTaskMemRealloc
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
CoCreateInstance
OleGetClipboard
CoInitialize

oleaut32

SysAllocStringLen

msvcrt

_purecall
memcpy
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
strlen
??0exception@@QAE@ABV0@@Z
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
fputc
_errno
_fdopen
fprintf
gmtime
calloc
_waccess
_filelength
isspace
strtoul
_CIfmod
clock
rand
wcsncpy
fopen
getc
putc
exit
wcscat
sprintf
fwrite
time
_wcsicmp
swprintf
_ftol
_wfopen
fseek
ftell
rewind
fread
fclose
realloc
_wopen
_write
_wcreat
_close
wcscpy
??1type_info@@UAE@XZ
malloc
free
??2@YAPAXI@Z
_wtoi
wcslen
wcsrchr
wcschr
memmove
iswctype
wcscmp
wcsstr
??3@YAXPAX@Z
__CxxFrameHandler

gdiplus

GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipGraphicsClear
GdipCreateBitmapFromFileICM
GdipDeleteStringFormat
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipSetStringFormatLineAlign
GdipCreateStringFormat
GdipDeleteBrush
GdipDrawImageRectI
GdipCreateSolidFill
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipResetWorldTransform
GdipCloneBrush
GdipDrawString
GdipRotateWorldTransform
GdipDeleteFont
GdipMeasureString
GdipCreateFont
GdipSetStringFormatAlign
GdipGetGenericFontFamilySansSerif
GdipGetPropertySize
GdipGetAllPropertyItems
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromStreamICM
GdiplusStartup
GdipDeleteGraphics
GdipTranslateWorldTransform
GdipCreateBitmapFromFile

comctl32

ImageList_DrawEx
InitCommonControlsEx
ImageList_GetIcon
ImageList_Create
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Replace
ImageList_SetBkColor
ImageList_Destroy
ImageList_Add
ImageList_LoadImageW
ord17
ImageList_Draw

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
小工具/Q-Dir_Portable.zip
.zip
Q-Dir/Q-Dir.exe
.exe windows:4 windows x86 arch:x86

2c25e10e9670aa114561ead67f6e6771

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cd
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:20

Not After

29/12/2040, 23:59

Subject

CN=Entrust Code Signing CA - OVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:da:c2:fc:9b:dd:20:f4:76:91:88:4c:b3:93:89:88
Certificate

Issuer

CN=Entrust Code Signing CA - OVCS2,O=Entrust\, Inc.,C=US

Not Before

29/07/2023, 17:50

Not After

29/07/2025, 17:50

Subject

CN=Nenad Hrg,O=Nenad Hrg,L=Taufkirchen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:22

Not After

29/12/2040, 23:59

Subject

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:14:dd:b8:91:ab:9c:0f:99:f1:25:ed:c5:9a:b6:d5
Certificate

Issuer

CN=Entrust Time Stamping CA - TS2,O=Entrust\, Inc.,C=US

Not Before

04/10/2022, 17:22

Not After

01/01/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA2,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:17:f2:d3:d6:ab:b3:0c:68:00:51:3d:bd:23:31:a7:28:a1:dd:09:25:59:b6:3a:8d:68:5d:53:91:36:b2:64
Signer

Actual PE Digest

01:17:f2:d3:d6:ab:b3:0c:68:00:51:3d:bd:23:31:a7:28:a1:dd:09:25:59:b6:3a:8d:68:5d:53:91:36:b2:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
GetDriveTypeA
GetCPInfo
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LoadLibraryA
RaiseException
CompareStringA
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
IsBadCodePtr
TlsAlloc
TlsSetValue
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetSystemTime
RtlUnwind
GetSystemTimeAsFileTime
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
HeapFree
HeapAlloc
HeapReAlloc
GetVersion
GetStartupInfoW
GetModuleHandleA
SetEndOfFile
GetACP
GetOEMCP
SetEnvironmentVariableA
GetTempFileNameW
SetVolumeLabelW
HeapDestroy
CreateMutexW
GetProfileStringW
GetLocaleInfoW
GetNumberFormatW
GetEnvironmentVariableW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetFullPathNameW
GetDiskFreeSpaceW
GetUserDefaultLangID
GetSystemDirectoryW
TerminateProcess
GetTimeFormatW
GetDateFormatW
GetUserDefaultLCID
EnumDateFormatsW
EnumTimeFormatsW
GetShortPathNameW
GetPrivateProfileStringW
SizeofResource
GetLocalTime
GetFileSize
SetFilePointer
SetFileTime
ReadFile
TerminateThread
GetLastError
GetCurrentProcessId
MoveFileW
MulDiv
GetTimeZoneInformation
lstrcpynA
GetLogicalDrives
InitializeCriticalSection
DeleteCriticalSection
GlobalHandle
FreeResource
Sleep
CreateThread
ExitProcess
OutputDebugStringA
GetCurrentProcess
FlushInstructionCache
CompareStringW
SetLastError
lstrcpyW
FindResourceW
LoadResource
LockResource
GetLogicalDriveStringsW
GetDriveTypeW
GetFileAttributesW
lstrcmpiW
lstrcmpW
lstrcatW
FindFirstFileW
FindNextFileW
FindClose
CopyFileW
CreateDirectoryW
GetModuleFileNameW
CreateFileW
WideCharToMultiByte
WriteFile
CloseHandle
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
GetTempPathW
FreeLibrary
GetVersionExW
MultiByteToWideChar
lstrlenA
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetProcAddress
GetWindowsDirectoryW
GetModuleHandleW
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
lstrcpynW
lstrlenW
LoadLibraryW
TlsGetValue
InterlockedExchange

user32

GetScrollPos
MoveWindow
SetScrollInfo
IsRectEmpty
IntersectRect
SetScrollPos
GetMenuDefaultItem
GetSystemMenu
SetRect
LoadBitmapW
TrackPopupMenuEx
DrawEdge
GetSysColorBrush
PeekMessageW
CallNextHookEx
IsMenu
WindowFromPoint
GetWindowThreadProcessId
SetMenuItemInfoW
SetWindowLongW
SendMessageW
CallWindowProcW
GetWindowLongW
wsprintfW
SetWindowTextW
SetTimer
ShowWindow
GetDlgItem
GetParent
LoadImageW
MessageBeep
UnhookWindowsHookEx
SetWindowsHookExW
InsertMenuW
CheckMenuItem
EnableMenuItem
GetWindowDC
TranslateAcceleratorW
IsDialogMessageW
GetDoubleClickTime
GetMessagePos
CreatePopupMenu
TrackPopupMenu
EqualRect
CreateDialogParamW
FrameRect
InflateRect
PostMessageW
CopyRect
IsWindowVisible
GetKeyState
SetClassLongW
ClientToScreen
SetMenu
LoadAcceleratorsW
DeleteMenu
LoadIconW
GetMenuStringW
LoadStringA
RemoveMenu
IsDlgButtonChecked
CheckDlgButton
CreateDialogIndirectParamW
GetClipboardData
SetPropW
GetWindowPlacement
EnumWindows
mouse_event
MenuItemFromPoint
GetMenu
SetWindowPlacement
SetActiveWindow
GetMenuState
InsertMenuItemW
DispatchMessageW
GetSystemMetrics
GetFocus
FindWindowExW
KillTimer
PostQuitMessage
EndDialog
GetClientRect
SetWindowPos
GetAsyncKeyState
EnumChildWindows
MessageBoxW
MapWindowPoints
SystemParametersInfoW
GetWindowRect
GetWindow
CharNextW
CloseClipboard
DestroyIcon
SetClipboardData
EmptyClipboard
OpenClipboard
EnableWindow
ScreenToClient
SetDlgItemTextW
TranslateMessage
SetMenuItemBitmaps
SendMessageA
keybd_event
MapVirtualKeyW
GetScrollInfo
DrawIcon
ScrollWindowEx
IsZoomed
SendMessageTimeoutW
GetMessageW
GetMenuItemID
GetPropW
RemovePropW
ShowCaret
AppendMenuW
SetParent
InvalidateRgn
CreateAcceleratorTableW
GetDesktopWindow
RedrawWindow
IsChild
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
DialogBoxIndirectParamW
MessageBoxA
LoadStringW
IsWindowEnabled
GetSysColor
DrawFocusRect
FillRect
DrawTextW
OffsetRect
GetClassNameW
CreateCursor
GetWindowTextLengthW
GetCursorPos
DrawAnimatedRects
GetWindowTextW
GetDlgCtrlID
DialogBoxParamW
GetActiveWindow
CharLowerW
ReleaseDC
GetDC
DestroyMenu
GetMenuItemInfoW
GetMenuItemCount
GetSubMenu
CreateWindowExW
SetRectEmpty
DefWindowProcW
DestroyCursor
UpdateWindow
ReleaseCapture
GetCapture
SetCapture
SetFocus
PtInRect
InvalidateRect
DestroyWindow
IsWindow
LoadMenuW
BeginPaint
EndPaint
SetCursor
SetMenuDefaultItem
CharUpperW
GetIconInfo
RegisterClipboardFormatW
SetForegroundWindow

gdi32

GetBkColor
DPtoLP
LPtoDP
SetPixel
Rectangle
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetViewportExtEx
GetWindowExtEx
OffsetViewportOrgEx
SelectClipRgn
GetEnhMetaFileHeader
EndDoc
AbortDoc
EndPage
StartPage
ResetDCW
StartDocW
SetStretchBltMode
StretchBlt
GetCurrentObject
GetPixel
SetDIBitsToDevice
CreateEnhMetaFileW
CloseEnhMetaFile
CreateDCW
GetDIBits
GetClipBox
SetViewportOrgEx
CreateBitmap
CreatePatternBrush
PatBlt
GetTextExtentPoint32W
SaveDC
ExtTextOutW
RestoreDC
ExcludeClipRect
OffsetWindowOrgEx
SetWindowOrgEx
CreatePen
MoveToEx
LineTo
IntersectClipRect
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
SetBkMode
DeleteDC
DeleteObject
GetObjectW
CreateDIBSection
CreateCompatibleDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
DeleteEnhMetaFile
CreateFontIndirectW
CreateSolidBrush

winspool.drv

GetPrinterW
ClosePrinter
OpenPrinterW

comdlg32

GetOpenFileNameW
ChooseColorW
PageSetupDlgW
GetSaveFileNameW
PrintDlgW

advapi32

RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
GetUserNameW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptCreateHash
CryptAcquireContextW
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptGetHashParam
GetTokenInformation
RegCloseKey

shell32

SHAppBarMessage
Shell_NotifyIconW
ord21
DragFinish
SHBrowseForFolderW
ord88
ExtractIconExW
ord68
SHGetSettings
ord25
DragQueryFileW
ord17
ord16
SHGetFileInfoW
SHFileOperationW
DragAcceptFiles
ord155
ord18
SHGetDesktopFolder
ord4
ord2
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
ord190

ole32

DoDragDrop
RegisterDragDrop
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
ReleaseStgMedium
CoCreateInstance
OleDuplicateData
CoInitialize
CoUninitialize
OleGetClipboard
RevokeDragDrop
CoSetProxyBlanket
OleSetClipboard

oleaut32

VariantChangeType
OleCreatePictureIndirect
DispCallFunc
SafeArrayDestroy
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString

comctl32

ImageList_LoadImageW
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetIconSize
ImageList_GetIcon
ImageList_SetBkColor
InitCommonControlsEx
ImageList_Remove
ImageList_Destroy
ImageList_GetImageCount
ImageList_DrawEx
ImageList_Draw
ImageList_AddMasked
ImageList_GetImageInfo
CreateStatusWindowW
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

msimg32

AlphaBlend

gdiplus

GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipDisposeImageAttributes
GdipSetImageAttributesGamma
GdipCreateHICONFromBitmap
GdipCreateFromHDC
GdipGetImageThumbnail
GdipGetPropertyItemSize
GdipGetImagePixelFormat
GdipCreateBitmapFromHBITMAP
GdipGetImageGraphicsContext
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipCreateImageAttributes
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdiplusStartup
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipImageSelectActiveFrame
GdipSetCompositingMode
GdipCreateBitmapFromFile
GdipSetInterpolationMode
GdipCreateBitmapFromStreamICM

winmm

PlaySoundW
timeGetTime

shlwapi

PathRelativePathToW
StrCpyW

Sections

.text
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Q-Dir/Q-Dir.ini

Sharing

General

Malware Config

Signatures

Files

d7efd1e12b8a47bb227a7dff52a7c2fe

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

82:dd:f9:46:64:6a:f6:f7:79:ea:bc:18:de:bd:9f:dc:71:93:16:0a:e2:ee:10:96:10:14:3c:a4:7c:6b:4b:29Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcrt

comctl32

gdiplus

winmm

Sections

.text Size: 264KB - Virtual size: 260KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 276KB - Virtual size: 457KB

.rsrc Size: 196KB - Virtual size: 195KB

19a37690df81c82a9cb46bd9c976a7d0

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cdCertificate

Extended Key Usages

Key Usages

10:da:c2:fc:9b:dd:20:f4:76:91:88:4c:b3:93:89:88Certificate

Extended Key Usages

Key Usages

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3bCertificate

Extended Key Usages

Key Usages

4a:14:dd:b8:91:ab:9c:0f:99:f1:25:ed:c5:9a:b6:d5Certificate

Extended Key Usages

Key Usages

1d:35:68:18:1d:d8:9d:c5:78:de:29:3e:eb:5b:70:29:95:6f:08:c7:8b:8c:d3:08:6c:7a:66:71:e5:36:05:caSigner

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

oleaut32

winmm

msvcp60

ws2_32

Sections

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

82:dd:f9:46:64:6a:f6:f7:79:ea:bc:18:de:bd:9f:dc:71:93:16:0a:e2:ee:10:96:10:14:3c:a4:7c:6b:4b:29
Signer

.text
Size: 264KB - Virtual size: 260KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 276KB - Virtual size: 457KB

.rsrc
Size: 196KB - Virtual size: 195KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cd
Certificate

10:da:c2:fc:9b:dd:20:f4:76:91:88:4c:b3:93:89:88
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

4a:14:dd:b8:91:ab:9c:0f:99:f1:25:ed:c5:9a:b6:d5
Certificate

1d:35:68:18:1d:d8:9d:c5:78:de:29:3e:eb:5b:70:29:95:6f:08:c7:8b:8c:d3:08:6c:7a:66:71:e5:36:05:ca
Signer

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 84KB - Virtual size: 177KB

.rsrc
Size: 60KB - Virtual size: 56KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

0a:60:89:6b:93:1c:3c:5a:e1:ad:84:cf:da:71:06:b0
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f3:ca:6a:fe:04:2a:ff:1b:d1:3f:6f:98:b9:00:24:47:a1:04:e8:39:d0:33:9d:84:23:93:b9:d2:79:db:19:4f
Signer

.text
Size: 216KB - Virtual size: 212KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 48KB - Virtual size: 94KB

.rsrc
Size: 28KB - Virtual size: 25KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cd
Certificate

10:da:c2:fc:9b:dd:20:f4:76:91:88:4c:b3:93:89:88
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

25:bc:2b:f3:29:ca:10:7f:1e:a9:ba:88:85:d4:9d:3b
Certificate

4a:14:dd:b8:91:ab:9c:0f:99:f1:25:ed:c5:9a:b6:d5
Certificate

01:17:f2:d3:d6:ab:b3:0c:68:00:51:3d:bd:23:31:a7:28:a1:dd:09:25:59:b6:3a:8d:68:5d:53:91:36:b2:64
Signer