E:\Task\XiuXiu2015\setup\Setup\Bin\SkinEngine.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e048aa2fd571ea9be2ea61b160cda931.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
e048aa2fd571ea9be2ea61b160cda931.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
e048aa2fd571ea9be2ea61b160cda931
-
Size
1.3MB
-
MD5
e048aa2fd571ea9be2ea61b160cda931
-
SHA1
484ad27946cb65ca5493ed6438fe1332ef0471c8
-
SHA256
0f53473f4039f3793ffcd6235c4ab261c4acf8022e45ec5d53c13600484c47b0
-
SHA512
97a093f95f81034f6da8574fea95038de65be9adcb08f25756f7404d3259741801c2f2e9c7b2ba06694df3546ff0c0d01c7a69d56d89696c928e17847c2f82b3
-
SSDEEP
24576:dBMH4wIUY56p14xblJaIMp7Vnocf6JR82HgDHlILkjiE+J20a+jA8MLV3nlEC/cb:r67MblJGT0t+ldlcZjaV14
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource e048aa2fd571ea9be2ea61b160cda931
Files
-
e048aa2fd571ea9be2ea61b160cda931.dll windows:5 windows x86 arch:x86
03d91bc254afad27868a74b947833ba6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
mfc120u
ord12736
ord8206
ord5262
ord2444
ord12412
ord12413
ord14448
ord7806
ord14454
ord9279
ord4109
ord4047
ord12818
ord8268
ord1992
ord11857
ord11858
ord14326
ord12402
ord7884
ord14526
ord6251
ord14528
ord6253
ord14527
ord6252
ord3809
ord5821
ord12114
ord12122
ord4546
ord8099
ord10314
ord12126
ord12094
ord12799
ord5157
ord5454
ord5664
ord9231
ord5430
ord5667
ord5160
ord5316
ord5137
ord7609
ord7610
ord7600
ord5314
ord8101
ord10131
ord9090
ord6758
ord2204
ord1049
ord324
ord12403
ord7881
ord1467
ord8352
ord265
ord266
ord498
ord1139
ord296
ord1042
ord4772
ord2332
ord2226
ord485
ord2368
ord2334
ord2369
ord2366
ord2323
ord1050
ord325
ord1509
ord3806
ord992
ord7542
ord2142
ord2258
ord2357
ord1506
ord7825
ord1508
msvcr120
_get_osfhandle
_close
towlower
towupper
calloc
iswcntrl
memcpy
malloc
realloc
wcslen
wcscpy
wcscat
wcsncpy
strlen
wcscmp
_wcslwr
wcsstr
wcsrchr
_except1
toupper
isdigit
wcstol
fprintf
__iob_func
exit
ldiv
memcmp
wcstoul
_wtof
abs
wcsncmp
iswalnum
sqrt
_gmtime64
strcpy
strcmp
labs
_wtoll
_lrotl
_wsopen_s
_wgetdcwd
_wmkdir
_wgetenv
_wrename
fgetwc
_wremove
atoi
ungetwc
fputwc
_get_heap_handle
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_localtime64
wcsftime
_errno
_gmtime64_s
_mktime64
_wstat64i32
__clean_type_info_names_internal
_except_handler4_common
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
__CxxFrameHandler3
memset
free
_vsnwprintf_s
fclose
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
fwrite
_unlock_file
_lock_file
_beginthreadex
_wtol
_wtoi
_wcsicmp
ungetc
fgetc
memcpy_s
wcscpy_s
?terminate@@YAXXZ
_purecall
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
_CxxThrowException
_CIfmod
_vsnwprintf
kernel32
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
LocalFree
LocalAlloc
LoadLibraryW
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
DecodePointer
FindResourceW
GetFileType
GetConsoleScreenBufferInfo
GetStdHandle
WriteConsoleW
GetConsoleMode
WriteFile
SetConsoleTextAttribute
AllocConsole
GetCurrentProcess
LockFileEx
UnlockFile
SwitchToThread
Sleep
WaitForSingleObject
GetCurrentDirectoryW
TlsFree
TlsAlloc
QueueUserAPC
TlsSetValue
GetCurrentThread
TlsGetValue
GetLocalTime
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
DuplicateHandle
SystemTimeToFileTime
SetFilePointer
DosDateTimeToFileTime
ReadFile
GetFileSize
FreeLibrary
MulDiv
GetTickCount
LockResource
SizeofResource
FreeResource
LoadResource
OutputDebugStringW
MultiByteToWideChar
AreFileApisANSI
WideCharToMultiByte
GetModuleFileNameW
WinExec
ExitProcess
lstrcpynW
CloseHandle
CreateFileW
GetLastError
GlobalAlloc
GlobalFree
lstrcpyW
InitializeCriticalSectionAndSpinCount
user32
HideCaret
SetCaretPos
CharNextW
UpdateLayeredWindow
FillRect
DrawTextW
SetRect
CharPrevW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
PostMessageW
GetPropW
SetPropW
RegisterClassExW
GetClassInfoExW
RegisterClassW
GetSystemMetrics
LoadImageW
GetParent
PostQuitMessage
EnableWindow
GetWindow
IsWindow
CreateWindowExW
DefWindowProcW
LoadCursorW
SetCursor
wvsprintfW
IntersectRect
IsRectEmpty
InflateRect
ShowCaret
MessageBoxW
SetWindowPos
GetWindowLongW
ScreenToClient
MonitorFromWindow
GetMonitorInfoW
IsIconic
EndPaint
BeginPaint
GetUpdateRect
GetDC
GetClientRect
ClientToScreen
MoveWindow
ShowWindow
InvalidateRect
SendMessageW
SetTimer
KillTimer
CallWindowProcW
SetWindowLongW
FindWindowExW
SetCapture
SwitchToThisWindow
BringWindowToTop
SetFocus
ReleaseCapture
GetMessageW
TranslateMessage
DispatchMessageW
wsprintfW
GetWindowRect
SetWindowRgn
IsZoomed
CreateCaret
PtInRect
GetFocus
GetCursorPos
GetSysColor
OffsetRect
MapWindowPoints
ReleaseDC
DestroyWindow
GetKeyState
gdi32
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
SetBkMode
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GdiFlush
GetObjectA
GetDeviceCaps
CreateRectRgn
GetPixel
CombineRgn
PtInRegion
CreateDIBSection
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
StretchBlt
CreateFontIndirectW
SetStretchBltMode
GetObjectW
GetStockObject
ExtTextOutW
DeleteObject
CreateRoundRectRgn
CreatePen
SetBkColor
shell32
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
shlwapi
PathRemoveFileSpecW
ole32
CoCreateInstance
DoDragDrop
RegisterDragDrop
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
OleLockRunning
CoTaskMemFree
CLSIDFromProgID
OleDuplicateData
oleaut32
VariantInit
SysAllocString
SysFreeString
VariantClear
msvcp120
_Cnd_init
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Xtime_get_ticks
_Cnd_destroy
_Mtx_destroy
_Mtx_unlock
_Cnd_broadcast
_Cnd_wait
_Mtx_lock
_Mtx_current_owns
_Cnd_timedwait
_Mtx_init
??0_Locinfo@std@@QAE@HPBD@Z
??1_Locinfo@std@@QAE@XZ
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?unshift@?$codecvt@_WDH@std@@QBEHAAHPAD1AAPAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?pubsetbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEPAV12@PA_W_J@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
?seekp@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?tellp@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@H@2@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_Xruntime_error@std@@YAXPBD@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??Bid@locale@std@@QAEIXZ
?_BADOFF@std@@3_JB
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?classic@locale@std@@SAABV12@XZ
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
ws2_32
shutdown
setsockopt
WSACleanup
recv
closesocket
htons
gethostbyname
send
WSAStringToAddressW
gethostname
connect
WSAGetLastError
WSASocketW
htonl
WSAStartup
wininet
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetOpenW
advapi32
GetLengthSid
OpenProcessToken
GetTokenInformation
CopySid
RegSetValueExW
RegCloseKey
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegCreateKeyExW
comctl32
_TrackMouseEvent
ord17
gdiplus
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipDrawString
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdiplusShutdown
GdiplusStartup
Exports
Exports
ExitMTSkinEngine
FindControl
GetControlData
InitMTMessageBox
InitMTSkinEngine
MTCreateThread
MTCreateTimer
MTInstallReport
MTKillTimer
MTLoge
MTMessageBox
MTOpenSuccessUrl
MTPathIsValid
MTSelectedPage
MTSendMessage
MTUninstall
MTUninstallReport
OnControlBindNSISScript
SelectFolderDialog
SetControlData
SetMsgLoopFlg
SetSysCommand
ShowLicense
ShowPage
StartInstall
StartUninstall
Sections
.text Size: 463KB - Virtual size: 462KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 2B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 630KB - Virtual size: 630KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ