e3170cf4802f864ccbc80dfc85a53d09c122f7b25b2ac8bf1300a682fdfb77a3

Sharing

Copy URL Twitter E-mail

General

Target

e3170cf4802f864ccbc80dfc85a53d09c122f7b25b2ac8bf1300a682fdfb77a3
Size

1.9MB
MD5

6f434144018f429378f7bdf0a1ef34d3
SHA1

baca70649f42450f787a2ded0d701e6429c27327
SHA256

e3170cf4802f864ccbc80dfc85a53d09c122f7b25b2ac8bf1300a682fdfb77a3
SHA512

6cef3632277be827bc897341726cc42e228c20f409f45d8403a1b1d84efb9064b5496b2ddd8123ced2809e45e7b79ff7e224e6588be69cc883fabc3465051f88
SSDEEP

12288:E6uLK9SlajRiNPffH7nF65PYS7cNHV1GHBbXc3ydRCYeeSIwCmo7JmJVFT:E6u9laA0TcmBbM3+hebdf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e3170cf4802f864ccbc80dfc85a53d09c122f7b25b2ac8bf1300a682fdfb77a3

Files

e3170cf4802f864ccbc80dfc85a53d09c122f7b25b2ac8bf1300a682fdfb77a3
.exe windows:5 windows x64 arch:x64

3c3659d28510c576c60622a414460cab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\jenkins\workspace\Client\Client\Windows\release\Bin\X64\Release\zTscoder.pdb

Imports

cmmlib

?length@?$CStringT@D@Cmm@@QEBA_KXZ
?size@?$CStringT@D@Cmm@@QEBA_KXZ
??0?$CStringT@D@Cmm@@QEAA@XZ
??0?$CStringT@D@Cmm@@QEAA@PEBD@Z
??1?$CStringT@D@Cmm@@UEAA@XZ
??4?$CStringT@D@Cmm@@QEAAAEAV01@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?c_str@?$CStringT@D@Cmm@@QEBAPEBDXZ
?GetBuffer@?$CStringT@D@Cmm@@QEAAPEAD_K@Z
?GetBufferSetLength@?$CStringT@D@Cmm@@QEAAPEAD_K@Z
?ReleaseBuffer@?$CStringT@D@Cmm@@QEAAXXZ
?size@?$CStringT@_W@Cmm@@QEBA_KXZ
??0?$CStringT@_W@Cmm@@QEAA@V?$CRangeT@PEB_W@1@@Z
??H?$CStringT@_W@Cmm@@QEBA?AV01@AEBV01@@Z
??4?$CStringT@_W@Cmm@@QEAAAEAV01@AEBV01@@Z
??4?$CStringT@_W@Cmm@@QEAAAEAV01@V?$CRangeT@PEB_W@1@@Z
??A?$CStringT@_W@Cmm@@QEBA_W_K@Z
?GetBuffer@?$CStringT@_W@Cmm@@QEAAPEA_W_K@Z
?AssignOther@?$CStringT@_W@Cmm@@QEAAAEAV12@AEBV?$CStringT@D@2@@Z
?CompareNoCase@?$CStringT@_W@Cmm@@QEBAHPEB_W@Z
?CompareNoCase@?$CStringT@_W@Cmm@@QEBAHAEBV12@@Z
?GetLength@?$CStringT@_W@Cmm@@QEBA_KXZ
?SetLength@?$CStringT@_W@Cmm@@QEAAX_K@Z
?Replace@?$CStringT@_W@Cmm@@QEAAXPEB_W0@Z
?Left@?$CStringT@_W@Cmm@@QEBA?AV?$CRangeT@PEB_W@2@_K@Z
?Right@?$CStringT@_W@Cmm@@QEBA?AV?$CRangeT@PEB_W@2@_K@Z
??4?$CStringT@_W@Cmm@@QEAAAEAV01@$$QEAV01@@Z
??0?$CStringT@_W@Cmm@@QEAA@$$QEAV01@@Z
?GetSize@CFile@Cmm@@QEBA_KXZ
?Close@CFile@Cmm@@QEAAXXZ
?Write@CFile@Cmm@@QEAA_KPEBX_K@Z
?SetLength@?$CStringT@D@Cmm@@QEAAX_K@Z
?OpenExisting@CFile@Cmm@@QEAAXPEB_WW4EAccess@12@H@Z
?CreateAlways@CFile@Cmm@@QEAAXPEB_WW4EAccess@12@@Z
??1CFile@Cmm@@QEAA@XZ
??0CFileName@Cmm@@QEAA@XZ
?BaseInitLoggingImpl_built_with_NDEBUG@logging@@YA_NPEB_WW4LoggingDestination@1@W4LogLockingState@1@W4OldFileDeletionState@1@W4LogEncryptPolicy@1@K@Z
cmm_fs_find_first
?StringToInt64@Cmm@@YAHAEBV?$CStringT@D@1@AEA_J@Z
?CreateAppContext@Cmm@@YAPEAVISSBAppContext@1@AEBV?$CStringT@_W@1@HH@Z
?DestroyAppContext@Cmm@@YAXPEAVISSBAppContext@1@@Z
?AssignOther@?$CStringT@D@Cmm@@QEAAAEAV12@PEB_W@Z
?find@?$CStringT@_W@Cmm@@QEBA_KAEBV12@_K@Z
?compare@?$CStringT@_W@Cmm@@QEBAHAEBV12@@Z
??H?$CStringT@_W@Cmm@@QEBA?AV01@PEB_W@Z
??8?$CStringT@_W@Cmm@@QEBA_NPEB_W@Z
??8?$CStringT@_W@Cmm@@QEBA_NAEBV01@@Z
?AssignOther@?$CStringT@_W@Cmm@@QEAAAEAV12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Pos@?$CStringT@_W@Cmm@@QEBAHPEB_W@Z
?Mid@?$CStringT@_W@Cmm@@QEBA?AV?$CRangeT@PEB_W@2@_K0@Z
?Trim@?$CStringT@_W@Cmm@@QEAAXXZ
?MakeLower@?$CStringT@_W@Cmm@@QEAAXXZ
?GetPath@CFileName@Cmm@@QEBA?AV?$CFnRangeT@_W@2@H@Z
?GetSecond@CTime@Cmm@@QEBAHXZ
?GetMinute@CTime@Cmm@@QEBAHXZ
?GetHour@CTime@Cmm@@QEBAHXZ
?GetDay@CTime@Cmm@@QEBAHXZ
?GetMonth@CTime@Cmm@@QEBAHXZ
?GetYear@CTime@Cmm@@QEBAHXZ
?GetTickCount@CTime@Cmm@@SA?AV12@XZ
?length@?$CStringT@_W@Cmm@@QEBA_KXZ
??M?$CStringT@_W@Cmm@@QEBA_NAEBV01@@Z
?IntToString@Cmm@@YAXHAEAV?$CStringT@_W@1@@Z
?GetSpecialDirectory@CFileName@Cmm@@QEAAXW4SpecialFolder@12@H@Z
?Int64ToString@Cmm@@YAH_JAEAV?$CStringT@D@1@@Z
?cmm_str_convert@@YA_KHPEAD_KPEB_W1@Z
?cmm_str_convert@@YA_KHPEA_W_KPEBD1@Z
??0CmmFunctionLogger@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CmmFunctionLogger@@QEAA@XZ
?Format@?$CStringT@_W@Cmm@@QEAAXPEB_WZZ
?MakeSlash@CFileName@Cmm@@QEAAXXZ
??1CFileName@Cmm@@UEAA@XZ
??0?$CStringT@_W@Cmm@@QEAA@AEBV01@@Z
?IsExists@CFileName@Cmm@@QEBAHXZ
??_7CFileName@Cmm@@6B@
?IsEmpty@?$CStringT@_W@Cmm@@QEBAHXZ
?c_str@?$CStringT@_W@Cmm@@QEBAPEB_WXZ
??Y?$CStringT@_W@Cmm@@QEAAAEAV01@AEBV01@@Z
??Y?$CStringT@_W@Cmm@@QEAAAEAV01@PEB_W@Z
??4?$CStringT@_W@Cmm@@QEAAAEAV01@PEB_W@Z
??1?$CStringT@_W@Cmm@@UEAA@XZ
??0?$CStringT@_W@Cmm@@QEAA@PEB_W@Z
??0?$CStringT@_W@Cmm@@QEAA@XZ
?Read@CFile@Cmm@@QEAA_KPEAX_K@Z
?empty@?$CStringT@_W@Cmm@@QEBA_NXZ

duilib

?SetShowHtml@CLabelUI@DuiLib@@QEAAX_N@Z
?IsAccSupportEnabled@DuiLib@@YAHXZ
?HandleMessage@CWindowWnd@DuiLib@@MEAA_JI_K_J@Z
?GetSuperClassName@CWindowWnd@DuiLib@@MEBAPEB_WXZ
?GetHwnd@CWindowWnd@DuiLib@@UEAAPEAUHWND__@@XZ
?ResizeClient@CWindowWnd@DuiLib@@QEAAXHH@Z
?PostMessageW@CWindowWnd@DuiLib@@QEAA_JI_K_J@Z
?CreateDuiWindow@CWindowWnd@DuiLib@@UEAAPEAUHWND__@@PEAU3@PEB_WKKI0_N@Z
?Create@CWindowWnd@DuiLib@@UEAAPEAUHWND__@@PEAU3@PEB_WKKUtagRECT@@PEAUHMENU__@@I0_N@Z
?Create@CWindowWnd@DuiLib@@UEAAPEAUHWND__@@PEAU3@PEB_WKKHHHHPEAUHMENU__@@I0_N@Z
?SetValue@CProgressUI@DuiLib@@QEAAXH@Z
??8CDuiString@DuiLib@@QEBA_NPEB_W@Z
??4CDuiString@DuiLib@@QEAAAEBV01@PEB_W@Z
??1CDuiString@DuiLib@@QEAA@XZ
??0CDuiString@DuiLib@@QEAA@XZ
?CreateControlEx@IDialogBuilderCallback@DuiLib@@UEAAPEAVCControlUI@2@PEB_WPEAVCPaintManagerUI@2@@Z
?ProcessWindowMessage@CDropObjectWnd@DuiLib@@QEAAHPEAUHWND__@@I_K_JAEA_JK@Z
?ProcessWindowMessage@CHighDpiWnd@DuiLib@@QEAAHPEAUHWND__@@I_K_JAEA_JK@Z
?SetSupportHighContrast@CHighContrast@DuiLib@@QEAAX_N@Z
?Instance@CHighContrast@DuiLib@@SAPEAV12@XZ
?SetResourcePath@CPaintManagerUI@DuiLib@@SAXPEB_W@Z
?SetResourceDll@CPaintManagerUI@DuiLib@@SAXPEAUHINSTANCE__@@@Z
?SetInstance@CPaintManagerUI@DuiLib@@SAXPEAUHINSTANCE__@@@Z
?GetInstancePath@CPaintManagerUI@DuiLib@@SA?AVCDuiString@2@XZ
?GetAppUseLightTheme@DuiLib@@YA_NAEA_N@Z
?LoadIconHighDpi@CHighDpi@DuiLib@@SAPEAUHICON__@@PEAUHINSTANCE__@@I_NI@Z
?SetAwarenessMode@CHighDpi@DuiLib@@SA_NW4DPIAwareMode@CDpiAwarenessMode@2@@Z
?UnInitHdpi@CHighDpi@DuiLib@@SAXXZ
?InitHdpi@CHighDpi@DuiLib@@SAHXZ
?Init@CResManager@DuiLib@@SAXVSTRINGorID@2@PEAUHINSTANCE__@@PEB_W@Z
?IsSysSupportDarkMode@DuiLib@@YA_NXZ
?SetSkinType@CSkinManager@DuiLib@@QEAAXW4emSkinType@2@@Z
?SetFollowSysDarkSetting@CUIlibApp@DuiLib@@QEAAX_N@Z
?GetHWND@CWindowWnd@DuiLib@@QEBAPEAUHWND__@@XZ
??BCDuiString@DuiLib@@QEBAPEB_WXZ
?GetInstance@?$TSingleton@VCSkinManager@DuiLib@@@DuiLib@@SAPEAVCSkinManager@2@XZ
?GetInstance@?$TSingleton@VCUIlibApp@DuiLib@@@DuiLib@@SAPEAVCUIlibApp@2@XZ
?ToPixel@CHighDpi@DuiLib@@SAHHPEAVIScalable@2@@Z
?GetCustomScaleFactor@CScalable@DuiLib@@UEAAIXZ
?SetLabelProxyType@CAccLabelProxy@DuiLib@@QEAAXW4ACC_LABEL_PROXY_TYPE@12@@Z
?FindControl@CPaintManagerUI@DuiLib@@QEBAPEAVCControlUI@2@PEB_W@Z
?TranslateMessage@CPaintManagerUI@DuiLib@@SA_NQEAUtagMSG@@@Z
?MessageHandler@CPaintManagerUI@DuiLib@@QEAA_NI_K_JAEA_J@Z
?AccNotifyEvent@DuiLib@@YAXKPEAUHWND__@@_JJ@Z
?ProcessWindowMessage@CCustomTitleWnd@DuiLib@@QEAAHPEAUHWND__@@I_K_JAEA_J@Z
?EnableCustomTitle@CCustomTitleWnd@DuiLib@@UEAAX_N@Z
?RemoveDpiChildWnd@CHighDpiWnd@DuiLib@@UEAAXPEAUHWND__@@@Z
?AddDpiChildWnd@CHighDpiWnd@DuiLib@@UEAAXPEAUHWND__@@@Z
?IsCustomTitleEnabled@CCustomTitleWnd@DuiLib@@UEAA_NXZ
?PaintTitle@CCustomTitleWnd@DuiLib@@UEAAXPEAUHDC__@@AEBUtagRECT@@@Z
?SetNonClientRect@CCustomTitleWnd@DuiLib@@UEAAXAEBUtagRECT@@_N@Z
?GetNonClientRect@CCustomTitleWnd@DuiLib@@UEAA?AUtagRECT@@_N@Z
?GetTitleRect@CCustomTitleWnd@DuiLib@@UEAA?AUtagRECT@@_N@Z
?GetCurTitleTextColor@CCustomTitleWnd@DuiLib@@UEAAKXZ
?GetActiveTitleTextColor@CCustomTitleWnd@DuiLib@@UEAAKXZ
?ChangeDpiParent@CHighDpiWnd@DuiLib@@UEAAXPEAUHWND__@@I@Z
?SetDpiParentWnd@CHighDpiWnd@DuiLib@@UEAAXPEAUHWND__@@@Z
?SetCustomTitleButtonRect@CCustomTitleWnd@DuiLib@@UEAAXUtagRECT@@@Z
?PreHandleCustomTitleMsg@CCustomTitleWnd@DuiLib@@UEAAHPEAUHWND__@@I_K_JAEA_J@Z
?IsApplyColorToTitle@CCustomTitleWnd@DuiLib@@UEAAHXZ
?GetCustomTitleColor@CCustomTitleWnd@DuiLib@@UEAAKXZ
?NotifyCustomTitleSkinChanged@CCustomTitleWnd@DuiLib@@UEAAXXZ
?GetInActiveTitleTextColor@CCustomTitleWnd@DuiLib@@UEAAKXZ

reslib

LoadStringFromRes
??0CResIniter@@QEAA@XZ
??1CResIniter@@QEAA@XZ
?InitResModule@CResIniter@@QEAAXPEAUHINSTANCE__@@I@Z

uibase

?OnParentDpiChanged@CZUIWindowBaseImpl@UIBase@@UEAAXI@Z
?KillTimer@CZUIWindowBaseImpl@UIBase@@QEAAH_K@Z
?SetTimer@CZUIWindowBaseImpl@UIBase@@QEAA_K_KIP6AXPEAUHWND__@@I0K@Z@Z
?GetSimpleRepositionFlag@CZUIWindowBaseImpl@UIBase@@UEAA_NXZ
?DestroyWindow@CZUIWindowBaseImpl@UIBase@@QEAAHXZ
?IsWindow@CZUIWindowBaseImpl@UIBase@@QEBAHXZ
?CreateControl@CZUIWindowBaseImpl@UIBase@@UEAAPEAVCControlUI@DuiLib@@PEB_W@Z
?OnDefaultCancel@CZUIWindowBaseImpl@UIBase@@UEAAXXZ
?SetScaleFactor@CZUIWindowBaseImpl@UIBase@@UEAAXI@Z
?Notify@CZUIWindowBaseImpl@UIBase@@UEAAXAEAUtagTNotifyUI@DuiLib@@@Z
?OnFinalMessage@CZUIWindowBaseImpl@UIBase@@UEAAXPEAUHWND__@@@Z
??1CZUIWindowBaseImpl@UIBase@@UEAA@XZ
??0CZUIWindowBaseImpl@UIBase@@QEAA@XZ
?ActiveWindowToTop@UIBase@@YAXPEAUHWND__@@H@Z
?CenterWindow@CZUIWindowBaseImpl@UIBase@@QEAAHPEAUHWND__@@@Z
?ShowWindow@CZUIWindowBaseImpl@UIBase@@QEAAHH@Z
?SetSimpleRepositionFlag@CZUIWindowBaseImpl@UIBase@@UEAAX_N@Z
?GetDropWnd@CZUIWindowBaseImpl@UIBase@@UEAAPEAUHWND__@@XZ
?GetCustomTitleWnd@CZUIWindowBaseImpl@UIBase@@UEAAPEAUHWND__@@XZ
?GetSmallIcon@CZUIWindowBaseImpl@UIBase@@UEAAPEAUHICON__@@XZ
?LoadResStringEx@UIBase@@YA?AV?$CStringT@_W@Cmm@@I@Z
?DoCreate@CZUIWindowBaseImpl@UIBase@@IEAAXAEBVSTRINGorID@DuiLib@@PEAUHINSTANCE__@@@Z
?GetCurrentSkinType@CZUIWindowBaseImpl@UIBase@@UEAA?AW4emSkinType@DuiLib@@XZ
?GetCurrentScaleFactor@CZUIWindowBaseImpl@UIBase@@UEAAIXZ
?GetCurrentDpi@CZUIWindowBaseImpl@UIBase@@UEAAIXZ
?GetScaleFactor@CZUIWindowBaseImpl@UIBase@@UEAAIXZ
?GetDpi@CZUIWindowBaseImpl@UIBase@@UEAAIXZ
?SetDpi@CZUIWindowBaseImpl@UIBase@@UEAAXI@Z
?GetRepositionFlag@CZUIWindowBaseImpl@UIBase@@UEAA_NXZ
?OnDefalutOK@CZUIWindowBaseImpl@UIBase@@UEAAXXZ
?SetRepositionFlag@CZUIWindowBaseImpl@UIBase@@UEAAX_N@Z
?SetWindowTextW@CZUIWindowBaseImpl@UIBase@@QEAAHPEB_W@Z

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
CreateToolhelp32Snapshot
CreateEventW
GetLastError
Process32NextW
Process32FirstW
CloseHandle
RaiseException
DecodePointer
DeleteCriticalSection
GetCurrentProcessId
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
GetProcAddress
GetModuleHandleW
WritePrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryW
FreeLibrary
GetTickCount
SetEvent
CreateDirectoryW
SizeofResource
HeapFree
EnterCriticalSection
lstrcpynW
GetModuleFileNameW
GetUserDefaultUILanguage
LeaveCriticalSection
GetFileAttributesW
GetCurrentThreadId
IsProcessorFeaturePresent
Sleep
LoadResource
FindResourceW
HeapAlloc
GetProcessHeap
GetTempFileNameW
lstrcmpiW
LoadLibraryExW
VirtualProtect
GetCurrentProcess
ReleaseSemaphore
WriteFile
TerminateProcess
WaitForMultipleObjects
InitializeCriticalSection
SetFilePointer
ResumeThread
GetModuleHandleA
OpenProcess
CreateFileA
CreateThread
GetWindowsDirectoryW
VerSetConditionMask
CreateSemaphoreW
FlushInstructionCache
VerifyVersionInfoW
CreateDirectoryA
SetDllDirectoryW
VirtualQuery
FlushFileBuffers
SetErrorMode
GetPrivateProfileStringW
CreateFileW
InitializeCriticalSectionEx
IsDebuggerPresent
MultiByteToWideChar

user32

PostMessageW
PostQuitMessage
FindWindowW
SendMessageW
GetDesktopWindow
LoadIconW
TranslateMessage
CharNextW
PeekMessageW
DispatchMessageW
DestroyWindow
GetMessageW
IsWindow
MessageBoxW
GetUserObjectInformationA
EnumWindows
GetWindowThreadProcessId
GetProcessWindowStation

advapi32

GetUserNameW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
GetTokenInformation
RegGetValueW
OpenProcessToken
DuplicateTokenEx
FreeSid
CreateRestrictedToken
ImpersonateLoggedOnUser
CreateWellKnownSid
AllocateAndInitializeSid
SetTokenInformation
RevertToSelf
CheckTokenMembership

shell32

SHGetSpecialFolderPathA
SHFileOperationW
SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetPathFromIDListW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoInitialize

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear
VarUI4FromStr

msvcp140

??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

shlwapi

PathFileExistsW
PathIsRelativeW
PathAppendW
StrCmpNIW
PathIsDirectoryW

comctl32

InitCommonControlsEx

gdiplus

GdiplusStartup
GdiplusShutdown

psapi

GetModuleFileNameExW
GetModuleInformation
EnumProcessModules

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust

crypt32

CertGetNameStringW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memmove
memcpy
memcmp
memset
memchr
__current_exception_context
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
wcschr
wcsstr
__C_specific_handler
__current_exception

api-ms-win-crt-string-l1-1-0

wcscat_s
strcat_s
_wcsicmp
towupper
wmemcpy_s
towlower
wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

abort
_invalid_parameter_noinfo_noreturn
_errno
_register_thread_local_exe_atexit_callback
_c_exit
_exit
_invalid_parameter_noinfo
exit
_initterm_e
terminate
_initterm
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_get_wide_winmain_command_line
_configure_wide_argv
_initialize_wide_environment

api-ms-win-crt-math-l1-1-0

_dclass
modf
__setusermatherr
_finite
_isnan

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc
_recalloc

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

zcrashreport64

ord16
ord9
ord7

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3c3659d28510c576c60622a414460cab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cmmlib

duilib

reslib

uibase

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

shlwapi

comctl32

gdiplus

psapi

wintrust

crypt32

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

zcrashreport64

Sections

.text Size: 131KB - Virtual size: 131KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 20KB - Virtual size: 22KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 1.5MB - Virtual size: 2.5MB

.text
Size: 131KB - Virtual size: 131KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 20KB - Virtual size: 22KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 1.5MB - Virtual size: 2.5MB