019012480938120907201¬lookup[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

019012480938120907201¬lookup.zip
Size

15.0MB
MD5

cfc19d3c0917b8b7d833c1a0f0c7dac4
SHA1

42c3ed828e09230e94aec7901c0cbbc3f75ef393
SHA256

98d45db0661b264e8077e89f323bfeca7fd8b7a93416c6373d1ac82ef5281621
SHA512

144f94d5a451098d7d7cdd2ff47529943b5c3f639059e878f252532118a80dbbfbba167d695d31ab53bdb96652746fd4078ede44ae602a7a43e51a64ec74f27a
SSDEEP

393216:XiP920ZdtPn9GxOHqYI6oJ2HPPqRkLh4aD+KCG86nDTZNRa:yhH4MKYeYvPzLwgjY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/019012480938120907201¬lookup.exe

Files

019012480938120907201¬lookup.zip
.zip
019012480938120907201¬lookup.exe
.exe windows:6 windows x86 arch:x86

e6f4169f2a5c3a8f93171d9f593bd22a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb

Imports

kernel32

LoadResource
FindResourceW
lstrlenW
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
GetTempPathW
GetLastError
GetTempFileNameW
MoveFileW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
DeleteFileW
GetModuleFileNameW
GetCurrentProcess
LoadLibraryW
FreeLibrary
InitializeCriticalSectionEx
GetFileAttributesW
CreateFileW
SetFilePointer
ReadFile
VerSetConditionMask
GetCurrentDirectoryW
MultiByteToWideChar
LocalFileTimeToFileTime
WideCharToMultiByte
CreateDirectoryW
WriteFile
SetFileTime
FreeResource
SizeofResource
LockResource
CreateProcessW
GetSystemDirectoryW
SetDefaultDllDirectories
GetCurrentThreadId
DecodePointer
RaiseException
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
LoadLibraryExW
GetConsoleMode
GetConsoleCP
SystemTimeToFileTime
VerifyVersionInfoW
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
HeapSize
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
WriteConsoleW

shlwapi

PathIsUNCW

comctl32

InitCommonControlsEx

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13.7MB - Virtual size: 13.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
____
.exe windows:6 windows x64 arch:x64

10e5e522373c837962bf89f9069f40c2

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/07/2014, 20:32

Not After

01/10/2015, 20:32

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:af:cc:14:84:66:cd:99:31:75:b9:96:22:7b:b1:d7:e8:82:41:31:6b:f9:f0:78:a9:59:6a:64:c0:e6:54:11
Signer

Actual PE Digest

22:af:cc:14:84:66:cd:99:31:75:b9:96:22:7b:b1:d7:e8:82:41:31:6b:f9:f0:78:a9:59:6a:64:c0:e6:54:11

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

explorer.pdb

Imports

msvcrt

_wtoi
wcsrchr
strchr
wcschr
memset
memcpy
memcmp
_wcsicmp
bsearch
memcpy_s
wcsncpy_s
_vsnwprintf
_errno
??1type_info@@UEAA@XZ
_CxxThrowException
ceil
cosf
sqrt
__CxxFrameHandler3
_onexit
_snwprintf_s
_vsnwprintf_s
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
malloc
realloc
wcsstr
free
wcscmp

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
VarUI4FromStr
VariantInit
SysAllocStringByteLen

api-ms-win-core-com-l1-1-1

CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoSetProxyBlanket
CoGetApartmentType
CoTaskMemRealloc
CoInitializeEx
PropVariantClear
CoUninitialize
RoGetAgileReference
StringFromGUID2
CoFreeUnusedLibraries
CoWaitForMultipleHandles
CreateStreamOnHGlobal
CoEnableCallCancellation
CoCancelCall
CoDisableCallCancellation
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CLSIDFromString
CoTaskMemAlloc
CoGetMalloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegGetValueW
RegEnumValueW
RegOpenCurrentUser
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventEnabled
EventWrite

api-ms-win-core-processthreads-l1-1-2

GetThreadPriority
GetCurrentProcess
GetCurrentThread
TlsGetValue
TlsFree
SetThreadPriority
ExitProcess
ResumeThread
GetExitCodeProcess
GetPriorityClass
SetProcessShutdownParameters
TerminateThread
GetStartupInfoW
GetCurrentThreadId
TerminateProcess
TlsAlloc
CreateProcessW
GetCurrentProcessId
SetThreadPriorityBoost
OpenThread
OpenThreadToken
OpenProcess
SetPriorityClass
GetProcessId
OpenProcessToken
QueueUserAPC
TlsSetValue
CreateThread
FlushInstructionCache

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
SetErrorMode
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

InitializeSRWLock
ReleaseMutex
WaitForMultipleObjectsEx
SetEvent
AcquireSRWLockShared
EnterCriticalSection
SleepEx
LeaveCriticalSection
CreateEventW
ReleaseSRWLockShared
ReleaseSemaphore
CreateMutexW
InitializeCriticalSection
Sleep
ReleaseSRWLockExclusive
OpenEventW
OpenMutexW
DeleteCriticalSection
AcquireSRWLockExclusive
CreateEventExW
OpenSemaphoreW
WaitForSingleObject
InitOnceExecuteOnce
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionEx

api-ms-win-core-string-l2-1-0

IsCharAlphaNumericW
CharNextW
CharLowerW
CharUpperW
CharPrevW

api-ms-win-core-heap-l1-2-0

HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW
CompareStringOrdinal

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
GetModuleHandleExW
LoadStringW
GetProcAddress
FreeLibraryAndExitThread
FreeLibrary
GetModuleHandleW
LoadResource
SizeofResource
LockResource
GetModuleFileNameW
LoadLibraryExA
LoadLibraryExW
FindResourceExW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CallbackMayRunLong
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SetThreadpoolWait
TrySubmitThreadpoolCallback
CreateThreadpoolWait
CreateThreadpoolTimer
SubmitThreadpoolWork

api-ms-win-core-sysinfo-l1-2-1

GetLocalTime
GetProductInfo
GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryW
GetSystemDirectoryW
GetTickCount64
GetVersionExW
GetOsSafeBootMode
GetSystemTime

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-processenvironment-l1-2-0

GetCurrentDirectoryW
GetCommandLineW
ExpandEnvironmentStringsW
SearchPathW

api-ms-win-security-base-l1-2-0

CreateWellKnownSid
CopySid
IsValidSid
GetTokenInformation
GetLengthSid
CheckTokenMembership

api-ms-win-power-base-l1-1-0

GetPwrCapabilities
PowerDeterminePlatformRoleEx
CallNtPowerInformation

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
GetTimeZoneInformation
GetDynamicTimeZoneInformation

api-ms-win-core-file-l1-2-1

FindFirstFileW
CompareFileTime
GetFileAttributesW
WriteFile
FindFirstFileExW
RemoveDirectoryW
GetLongPathNameW
FindClose
FindNextFileW
DeleteFileW
CreateDirectoryW
SetFileTime
CreateFileW

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx
GetDateFormatW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-memory-l1-1-2

VirtualFree
VirtualAlloc
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-interlocked-l1-2-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

NtQueryInformationProcess
NtQueryWnfStateData
NtOpenProcessToken
NtClose
NtOpenThreadToken
NtQueryInformationToken
RtlNtStatusToDosError
RtlFlushHeaps
WinSqmEventEnabled
WinSqmAddToStream
NtSetSystemInformation
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
WinSqmAddToStreamEx
WinSqmSetString
WinSqmSetDWORD
WinSqmIsOptedIn
NtSetInformationProcess

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrRChrW
StrCmpNICW
QISearch
StrRStrIW
StrChrIW
StrToIntW
StrChrW
StrCmpICW
StrCmpNIW
StrCmpIW
SHLoadIndirectString
StrCmpW
StrCmpICA

api-ms-win-core-heap-obsolete-l1-1-0

LocalReAlloc
LocalAlloc
GlobalLock
GlobalFree
GlobalUnlock
LocalFree
GlobalAlloc

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-job-l2-1-0

AssignProcessToJobObject
SetInformationJobObject
CreateJobObjectW
QueryInformationJobObject

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-com-private-l1-1-0

CoRevokeInitializeSpy
CoRegisterInitializeSpy
CoRegisterMessageFilter

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetArgsW
PathQuoteSpacesW
PathFindExtensionW
PathCombineW
PathParseIconLocationW
PathRemoveFileSpecW
PathIsFileSpecW
PathStripPathW
PathFindFileNameW
PathRemoveBlanksW
PathFileExistsW
SHExpandEnvironmentStringsW
PathCommonPrefixW
PathRemoveExtensionW
PathGetDriveNumberW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
ChangeTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerCreateRequest
MoveFileW
RaiseFailFastException
MulDiv
LoadLibraryW
RegisterWaitForSingleObject
CopyFileW
CreateSemaphoreW

api-ms-win-core-registry-l2-1-0

RegCreateKeyW
RegDeleteKeyW

kernel32

RegisterApplicationRestart
SetTermsrvAppInstallMode
SetThreadExecutionState

user32

MsgWaitForMultipleObjects
RegisterClassExW
SetWindowLongPtrW
GetWindowLongPtrW
LoadImageW
GetDlgItem
EnableWindow
GetDlgItemInt
SetDlgItemInt
IsDlgButtonChecked
CheckDlgButton
IsWindowEnabled
CallWindowProcW
SetCapture
ReleaseCapture
DrawTextW
AdjustWindowRect
CalculatePopupWindowPosition
GetMessageExtraInfo
GetCapture
SetGestureConfig
DrawIconEx
RemoveMenu
SetMenuDefaultItem
LoadMenuW
GetSubMenu
AllowSetForegroundWindow
GetSysColorBrush
GetPropW
GetClassNameW
InSendMessage
GetCursorInfo
GetPhysicalCursorPos
WindowFromPhysicalPoint
ord2005
FindWindowExW
CreateIconIndirect
RemovePropW
ReplyMessage
SetCoalescableTimer
GetLastInputInfo
SetForegroundWindow
GetWindowPlacement
KillTimer
GetWindowRgnBox
SetWindowRgn
SendMessageTimeoutW
SendNotifyMessageW
OffsetRect
InvalidateRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetCursorPos
RedrawWindow
SubtractRect
TrackPopupMenuEx
MapWindowPoints
GetClientRect
GetWindowTextW
UpdateWindow
ord2530
TranslateAcceleratorW
IsWindow
GetParent
EnumWindows
IsWindowVisible
IntersectRect
SetWindowCompositionAttribute
ChangeWindowMessageFilterEx
LoadAcceleratorsW
SetTimer
ShowWindow
InflateRect
EnumDisplayMonitors
SetRectEmpty
IsRectEmpty
SetWindowPlacement
CopyRect
SetRect
GetWindowBand
GetForegroundWindow
SetPropW
MonitorFromRect
MonitorFromPoint
GetMonitorInfoW
RegisterWindowMessageW
SetWindowPos
EqualRect
PostQuitMessage
SetCursor
LoadCursorW
UnhookWinEvent
SetWinEventHook
EnableMouseInPointer
RegisterClassW
DefWindowProcW
DestroyWindow
CloseDesktop
GetUserObjectInformationW
GetThreadDesktop
FindWindowW
SystemParametersInfoW
DestroyMenu
GetMenuDefaultItem
CreatePopupMenu
PeekMessageW
DrawFocusRect
GetSysColor
ValidateRect
NotifyWinEvent
SetWindowTextW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetAncestor
GetCurrentInputMessageSource
CopyIcon
LockWorkStation
TileWindows
CascadeWindows
GetWindowThreadProcessId
HungWindowFromGhostWindow
IsHungAppWindow
GetWindowRgn
WindowFromPoint
ModifyMenuW
CheckMenuItem
DeleteMenu
MsgWaitForMultipleObjectsEx
ReleaseDC
GetDC
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
GetWindow
PtInRect
GetWindowRect
GetSystemMetrics
SendMessageW
EnumChildWindows
GetWindowLongW
IsIconic
DestroyIcon
LoadIconW
GetKeyState
ExitWindowsEx
GetFocus
EnableMenuItem
GetSystemMenu
EndPaint
DrawEdge
FillRect
BeginPaint
TrackMouseEvent
GetDoubleClickTime
ClientToScreen
GetMessagePos
SetCursorPos
ChildWindowFromPoint
GetAsyncKeyState
GetDesktopWindow
EndDialog
SendDlgItemMessageW
UnregisterClassA
ord2522
UpdateLayeredWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetUpdateRect
GetLayeredWindowAttributes
SetLayeredWindowAttributes
UnionRect
GetCaretBlinkTime
EnumDisplayDevicesW
CreateWindowInBand
GetMenuStringW
GetWindowInfo
InternalGetWindowText
SetScrollPos
GetScrollInfo
SetScrollInfo
IsZoomed
GetMenuState
IsTopLevelWindow
OpenInputDesktop
EndTask
SetThreadDesktop
GhostWindowFromHungWindow
GetShellWindow
GetIconInfo
SwitchToThisWindow
GetLastActivePopup
UnregisterHotKey
RegisterHotKey
MonitorFromWindow
GetProcessWindowStation
MoveWindow
GetNextDlgTabItem
GetNextDlgGroupItem
GetGUIThreadInfo
SetMenuItemInfoW
CreateWindowExW
GetClassInfoW
GetClassLongPtrW
GetClassInfoExW
GetMenuItemCount
GetMenuItemInfoW
DefWindowProcA
SendMessageCallbackW
GetClassWord
BringWindowToTop
ShowWindowAsync
WindowFromDC
InsertMenuW
GetDlgCtrlID
ScreenToClient
AdjustWindowRectEx
AppendMenuW
FrameRect
UnregisterClassW
IsWindowUnicode
GetClassLongW
IsChild
RegisterClipboardFormatW
IsProcessDPIAware
GetWindowDC
SetFocus

gdi32

GetDeviceCaps
GetTextColor
ExtCreateRegion
GetRegionData
GdiFlush
Polyline
GetTextExtentPoint32W
GetDIBits
GetObjectW
GetStockObject
ExtTextOutW
GetTextMetricsW
SetTextAlign
GetRgnBox
SetLayout
GetLayout
LPtoDP
OffsetViewportOrgEx
GdiAlphaBlend
CreateRectRgnIndirect
GetClipBox
CreateRectRgn
SetRectRgn
OffsetRgn
CombineRgn
CreateSolidBrush
DeleteObject
CreateFontIndirectW
CreatePen
GetTextExtentPointW
CreateCompatibleDC
CreateDIBSection
CreateCompatibleBitmap
SelectObject
OffsetWindowOrgEx
DeleteDC
SetBkColor
SetTextColor
BitBlt
SetBkMode
CreateBitmap
PatBlt
GetBkColor
GetClipRgn
IntersectClipRect
GetViewportOrgEx
SetViewportOrgEx
SelectClipRgn
StretchDIBits
Rectangle

shcore

ord130
ord145
ord126
ord162
ord213
ord120
SHQueryInfoKeyW
SHCreateStreamOnFileW
ord183
IsOS
SHStrDupW
IUnknown_Set
IUnknown_QueryService
ord200
SHAnsiToUnicode
ord186
ord187
SHGetThreadRef
SetProcessReference
SHCreateThreadRef
SHSetThreadRef
IUnknown_SetSite
SHRegGetValueW
ord190
SHGetValueW
SHSetValueW
SHDeleteValueW
SHCreateThread
SetCurrentProcessExplicitAppUserModelID
ord191
ord122
ord123
ord121
SHOpenRegStream2W
IStream_Reset
ord170
IStream_Read
SHCreateMemStream
SHQueryValueExW
ord193
ord143
ord142
ord141
SHCreateStreamOnFileEx
SHUnicodeToAnsi
ord184
IStream_Write
SHDeleteKeyW
GetDpiForMonitor
SHEnumKeyExW

shlwapi

ord548
ord172
ord193
AssocCreate
ord236
ord278
ord24
ord225
ord178
ord484
ord509
AssocQueryKeyW
ChrCmpIW
PathRemoveArgsW
ord635
ord163
ord571
ord467
AssocQueryStringW
ord433
ord279
ord413
ord478
ord204
ord165
ord197
ord292
PathIsDirectoryW
ord479
ord388
ord164

shell32

SHCreateItemWithParent
SHEvaluateSystemCommandTemplate
SHOpenWithDialog
ord137
ExtractIconExW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHAddToRecentDocs
ord893
SHCreateItemFromIDList
ord132
ord91
ShellExecuteW
ord254
ord54
SHEnableServiceObject
ord61
ord64
ord896
ord60
SHUpdateRecycleBinIcon
ord2
SHGetKnownFolderIDList
SHGetFolderPathEx
SHFileOperationW
ord244
ord711
ord4
ord731
SHGetPathFromIDListW
SHGetNameFromIDList
ord644
ord753
ord733
ord21
ord25
ord17
ord16
ord19
SHChangeNotifyRegisterThread
ord67
SHGetIDListFromObject
SHCreateItemInKnownFolder
SHCreateShellItem
ord892
ord206
ord201
ord904
ord188
ord899
DragQueryFileW
SHGetKnownFolderPath
ShellExecuteExW
ord68
ord200
ord245
ord89
SHBindToObject
SHGetSpecialFolderPathW
ord723
SHGetFolderLocation
ord190
ord155
SHParseDisplayName
ord18
ord85
ord100
ord905
ord526
ord23
ord134
ord22
SHGetKnownFolderItem
ord764
SHChangeNotify
ord727
ord850
ord95
SHBindToFolderIDListParentEx
SHBindToFolderIDListParent
SHBindToParent
ord152
ord840
ord680
SHCreateItemFromParsingName
ord165
ord885
SHCreateDataObject
SHGetLocalizedName
ord787
ord193
ord88
ord895
Shell_GetCachedImageIndexW
ord74
ord792
ord790
SHCreateAssociationRegistration
ord906
ord181
SHGetPropertyStoreForWindow
ord894
ord162
SHAppBarMessage
ord645

uxtheme

GetCurrentThemeName
ord122
IsThemePartDefined
GetThemeColor
GetThemeFont
IsThemeActive
BufferedPaintUnInit
BufferedPaintInit
GetThemeMargins
EndBufferedPaint
DrawThemeTextEx
BeginBufferedPaint
SetWindowTheme
GetThemeBackgroundContentRect
GetThemeBackgroundRegion
DrawThemeParentBackground
GetThemeBackgroundExtent
DrawThemeText
GetThemeTextExtent
ord86
OpenThemeData
DrawThemeBackground
CloseThemeData
GetThemeMetric
ord106
ord104
ord121
ord120
ord118
ord98
IsCompositionActive
IsAppThemed
GetThemeRect
GetThemeBool
BufferedPaintClear
GetWindowTheme
GetThemePartSize
GetBufferedPaintBits

dwmapi

ord138
ord141
ord113
DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmRegisterThumbnail
ord127
ord114
DwmUnregisterThumbnail
DwmUpdateThumbnailProperties
ord124
DwmQueryThumbnailSourceSize
ord140

twinapi

ord9

d3d11

D3D11CreateDevice

dcomp

ord1017

api-ms-win-core-localization-l1-2-1

GetLocaleInfoW
GetUserPreferredUILanguages
FormatMessageW
IsValidLocaleName
GetThreadUILanguage

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend
PathCchAddExtension

sspicli

GetUserNameExW

api-ms-win-core-io-l1-1-1

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
StopTraceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
NotifyServiceStatusChangeW

userenv

GetProfileType

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ReleaseActCtx
DeactivateActCtx
ActivateActCtx

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

propsys

PSPropertyBag_WriteDWORD
PropVariantToString
InitVariantFromResource
PropVariantToBoolean
PSCreateMemoryPropertyStore
PropVariantToUInt32
PropVariantToStringAlloc

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

rpcrt4

RpcStringFreeW
RpcBindingFree
NdrClientCall3
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
I_RpcExceptionFilter

slc

SLUnregisterWindowsEvent
SLRegisterWindowsEvent

profapi

ord104

api-ms-win-security-lsalookup-l1-1-1

EnumerateIdentityProviders
ReleaseIdentityProviderEnumContext
GetIdentityProviderInfoByGUID
GetDefaultIdentityProvider

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 819KB - Virtual size: 819KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6f4169f2a5c3a8f93171d9f593bd22a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

comctl32

Sections

.text Size: 117KB - Virtual size: 116KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 13.7MB - Virtual size: 13.7MB

.reloc Size: 6KB - Virtual size: 6KB

10e5e522373c837962bf89f9069f40c2

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4eCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

22:af:cc:14:84:66:cd:99:31:75:b9:96:22:7b:b1:d7:e8:82:41:31:6b:f9:f0:78:a9:59:6a:64:c0:e6:54:11Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

api-ms-win-core-com-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-security-base-l1-2-0

api-ms-win-power-base-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-interlocked-l1-2-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-profile-l1-1-0

ntdll

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-job-l2-1-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-com-private-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-registry-l2-1-0

kernel32

user32

gdi32

shcore

shlwapi

shell32

.text
Size: 117KB - Virtual size: 116KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 13.7MB - Virtual size: 13.7MB

.reloc
Size: 6KB - Virtual size: 6KB

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

22:af:cc:14:84:66:cd:99:31:75:b9:96:22:7b:b1:d7:e8:82:41:31:6b:f9:f0:78:a9:59:6a:64:c0:e6:54:11
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 11KB - Virtual size: 12KB

.pdata
Size: 71KB - Virtual size: 71KB

.idata
Size: 33KB - Virtual size: 33KB

.didat
Size: 1024B - Virtual size: 664B

.rsrc
Size: 819KB - Virtual size: 819KB

.reloc
Size: 10KB - Virtual size: 9KB