Uninstall_Tool_3[.]5[.]2(1)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Uninstall_Tool_3.5.2(1).zip
Size

7.4MB
MD5

d10e8350808474d6ab8050ece7656c7f
SHA1

8fc71384746f4729d2c6cf992409908626206fcd
SHA256

0a260c0a5d2afe9a4a484fe4c6fe9dcc78bf11593d86637ebaf06b5086617a97
SHA512

3fcc89f6b12605177108e5eea54796d7c9169cb115387458993964681c4ca2d21b3c58cb6e53180800d93b6cc9be7454a37244ba19d809c075d5538daebfe825
SSDEEP

196608:TNEKmc7hW8VeQqIXLFAnhhbYLSInRthsRgLMEaCG:B9PAvZhb6Sm7hLMEBG

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Uninstall_Tool_3.5.2(1)/crack/x64/UninstallTool.exe
unpack001/Uninstall_Tool_3.5.2(1)/crack/x86/UninstallTool.exe

Files

Uninstall_Tool_3.5.2(1).zip
.zip

Password: infected
Uninstall_Tool_3.5.2(1)/crack/x64/UninstallTool.exe
.exe windows:5 windows x64 arch:x64

378d1650c33f7229270e5b30e185a305

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\Projects\uninstall-tool\Ready\UninstallTool.pdb

Imports

shlwapi

UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathMatchSpecW
PathStripPathW
SHStrDupW
StrFormatByteSizeW
PathCompactPathW
ord487
PathParseIconLocationW
PathGetArgsW
PathUnquoteSpacesW
PathRemoveArgsW
PathIsRelativeW
PathIsDirectoryW
PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW
SHDeleteKeyW

kernel32

TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalGetAtomNameW
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetFileAttributesW
SetErrorMode
FindResourceExW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
CreateThread
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
AreFileApisANSI
SetStdHandle
GetFileType
HeapQueryInformation
VirtualQuery
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlVirtualUnwind
UnhandledExceptionFilter
GetCPInfo
IsValidCodePage
GetOEMCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetTimeZoneInformation
GetConsoleMode
ReadConsoleW
GetConsoleCP
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
CreateFileW
CloseHandle
SetLastError
DeviceIoControl
SetEvent
ResetEvent
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
WaitForSingleObject
CreateEventW
TerminateThread
WaitForMultipleObjects
GetModuleHandleW
GetFullPathNameW
FlushFileBuffers
GetThreadLocale
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
SuspendThread
SetThreadPriority
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryExW
FreeResource
GetSystemDirectoryW
EncodePointer
GlobalFree
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
GetACP
lstrlenA
ExitProcess
LocalUnlock
LocalLock
GetVersionExW
ExpandEnvironmentStringsW
FormatMessageA
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
GetPrivateProfileSectionNamesW
CreateDirectoryW
GetModuleHandleA
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
GetUserDefaultUILanguage
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
MulDiv
GetLastError
TerminateProcess
OpenProcess
lstrlenW
GetFileSize
ReadFile
GetCurrentProcess
GetSystemTime
GetExitCodeProcess
CreateProcessW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpynW
GetCurrentDirectoryW
Sleep
GetLocalTime
GetModuleFileNameW
lstrcatW
DeleteFileW
GetComputerNameW
SearchPathW
lstrcmpW
DecodePointer
RaiseException
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
WinExec
GetTickCount
WriteFile
GetExitCodeThread
GetLongPathNameW
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
ResumeThread
VirtualProtect
GetNativeSystemInfo
GetVersion
GetCurrentProcessId
SetUnhandledExceptionFilter
RtlCaptureContext
CreateWaitableTimerW
lstrcmpiW
GetFileAttributesExW
GetFileTime
LoadLibraryW
SystemTimeToFileTime
MoveFileExW
IsBadReadPtr
IsBadWritePtr
RemoveDirectoryW
SetFileAttributesW
LocalAlloc
LocalFree
FormatMessageW
CreateMutexW
OpenMutexW
VirtualUnlock
VirtualLock
VirtualFree
VirtualAlloc
GetSystemInfo
GetSystemTimeAsFileTime
SignalObjectAndWait
CancelWaitableTimer
SetWaitableTimer
WaitForMultipleObjectsEx
OutputDebugStringW
OutputDebugStringA
WriteFileEx
SetFilePointerEx
GetFileSizeEx
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetProcessTimes
CompareFileTime
GlobalUnlock
GlobalLock
GlobalAlloc
GetTempPathW
QueryDosDeviceW
GetTempFileNameW
GetLogicalDriveStringsW
FindNextFileW
FindFirstFileW
FindClose
GetWindowsDirectoryW
lstrcpyW
GetCommandLineW
OpenEventW

user32

PostThreadMessageW
RegisterClipboardFormatW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
ReleaseCapture
SetCapture
IsIconic
RealChildWindowFromPoint
GetSysColorBrush
MapDialogRect
SetWindowContextHelpId
CharUpperW
GetMenuItemInfoW
DestroyMenu
MapVirtualKeyW
GetKeyNameTextW
IntersectRect
CharNextW
GetWindowDC
ShowOwnedPopups
LoadMenuW
GetNextDlgTabItem
EndDialog
SendMessageW
EnableWindow
DestroyIcon
IsWindowVisible
IsWindowEnabled
SetDlgItemTextW
GetMonitorInfoW
MonitorFromWindow
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetTopWindow
GetClassLongPtrW
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
ValidateRect
SetActiveWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetMessageTime
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
SendDlgItemMessageA
SetClassLongPtrW
SystemParametersInfoW
GetActiveWindow
GetWindowTextW
SetMenuDefaultItem
GetForegroundWindow
SetRectEmpty
IsRectEmpty
EqualRect
DefWindowProcW
GetClassInfoW
MessageBoxW
GetDesktopWindow
EnumWindows
GetDC
ReleaseDC
RegisterWindowMessageW
PostMessageW
IsWindow
GetFocus
GetKeyState
DrawTextW
InvalidateRect
GetClientRect
SetCursor
GetCursorPos
ScreenToClient
GetSysColor
SetRect
OffsetRect
PtInRect
GetParent
LoadCursorW
LoadImageW
DrawIconEx
GetIconInfo
GetSystemMetrics
GetWindowRect
SendMessageTimeoutW
GetWindowThreadProcessId
DrawFrameControl
GetMessagePos
WindowFromPoint
ShowScrollBar
GetUpdateRect
WinHelpW
IsDialogMessageW
GetLastActivePopup
SetWindowLongPtrW
GetWindowLongPtrW
MessageBeep
EndPaint
BeginPaint
DrawIcon
EnableMenuItem
GetSystemMenu
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
CreateDialogIndirectParamW
DestroyWindow
PostQuitMessage
WaitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
CreateIconIndirect
LoadStringW
SetLayeredWindowAttributes
CreateWindowExW
RegisterClassExW
ExitWindowsEx
GetMessageW
SetWindowLongW
GetWindowLongW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
AttachThreadInput
CharLowerBuffW
CharLowerBuffA
EnumDisplaySettingsW
FindWindowExW
FindWindowW
SetFocus
ShowWindow
WaitForInputIdle
CreatePopupMenu
AppendMenuW
DrawTextExW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
DrawStateW
GetWindow
RedrawWindow
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateMDISysAccel
DefFrameProcW
DrawMenuBar
GetTabbedTextExtentA
SetWindowLongPtrA
GetWindowLongPtrA
IsWindowUnicode
GetClassLongW
SetCursorPos
GetDoubleClickTime
DrawEdge
LookupIconIdFromDirectoryEx
UnionRect
ShowCaret
HideCaret
GetWindowRgn
IsMenu
GetCursor
IsClipboardFormatAvailable
IsZoomed
MapVirtualKeyExW
GetKeyboardState
IsCharLowerW
GetKeyboardLayout
GetKeyboardLayoutList
DrawFocusRect
CopyRect
SetWindowPlacement
GetWindowPlacement
MoveWindow
FillRect
MapWindowPoints
SetWindowTextW
GetDlgItem
CharLowerW
LoadIconW
DeleteMenu
GetMenuItemCount
SetWindowPos
CopyIcon
GetClassNameW
KillTimer
SetTimer
SetForegroundWindow
GetMenuDefaultItem
TrackPopupMenu
UnregisterClassW
ClientToScreen
InsertMenuW
TabbedTextOutW
GrayStringW
CreateIconFromResourceEx
GetDCEx
LockWindowUpdate
InvertRect
wsprintfW
SetParent
SetWindowRgn
ToUnicodeEx
InflateRect

gdi32

GetClipBox
CreateRectRgnIndirect
CreateBitmap
GetBitmapBits
CreateDIBSection
DeleteDC
GetTextColor
ExtTextOutW
RectVisible
PtVisible
GetBkColor
Escape
BitBlt
RoundRect
Rectangle
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
CreateSolidBrush
GetDeviceCaps
MoveToEx
PolyBezierTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
GetDIBits
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
SetRectRgn
DPtoLP
GetTextMetricsW
GetRgnBox
EnumFontFamiliesExW
PatBlt
RestoreDC
RealizePalette
SaveDC
ExtSelectClipRgn
SetBkColor
SetBkMode
SetDIBitsToDevice
StretchBlt
StretchDIBits
SetStretchBltMode
SetTextColor
CreateDCW
CombineRgn
CreateRectRgn
CreateRoundRectRgn
GetPixel
CreatePatternBrush
ExcludeClipRect
GetClipRgn
GetCurrentPositionEx
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
SelectClipRgn
SetMapMode
SetPixel
Polygon
GetCurrentObject
ExtCreateRegion
PtInRegion
GetViewportOrgEx
CreateFontW
Polyline
Ellipse
GetCharWidthW
GetTextAlign
GetTextExtentPoint32A
BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
CreatePolygonRgn
GetWindowOrgEx
SetPixelV
FillRgn
FrameRgn
SetTextAlign
TextOutW

msimg32

AlphaBlend
GradientFill

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

IsValidSid
RegOpenKeyExW
RegCreateKeyW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
CloseServiceHandle
ControlService
EnumServicesStatusExW
OpenSCManagerW
OpenServiceW
RegQueryValueW
RegEnumKeyW
RegEnumValueW
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyExW
RegDeleteKeyW
StartServiceW
QueryServiceStatus
QueryServiceConfigW

shell32

SHChangeNotify
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
DragQueryFileW
DragAcceptFiles
ExtractIconExW
SHGetFileInfoW
CommandLineToArgvW
DragFinish
Shell_NotifyIconW
SHGetMalloc
SHGetSpecialFolderLocation
SHAppBarMessage

comctl32

ImageList_Draw
ImageList_AddMasked
_TrackMouseEvent
ImageList_Destroy
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_GetIconSize

uxtheme

DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoTaskMemAlloc
CoInitializeSecurity
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

OleLoadPicturePath
VariantChangeTypeEx
VarUdateFromDate
VarBstrFromDate
SysAllocString
SysAllocStringLen
SysFreeString
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
VariantInit
VariantClear
SysStringLen
SysAllocStringByteLen
VariantCopy
VariantChangeType
OleCreateFontIndirect
LoadTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayGetDim
SafeArrayGetElemsize
VarDateFromStr
SysStringByteLen

oledlg

OleUIBusyW
OleUIAddVerbMenuW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

oleacc

CreateStdAccessibleObject
LresultFromObject

wininet

InternetSetStatusCallbackW
InternetSetOptionExW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetLastResponseInfoW

winmm

PlaySoundW

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall_Tool_3.5.2(1)/crack/x64/license.dat
Uninstall_Tool_3.5.2(1)/crack/x86/UninstallTool.exe
.exe windows:5 windows x86 arch:x86

fc12254045aea03036a8a79c88c41b58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Projects\uninstall-tool\Ready\UninstallTool-x86.pdb

Imports

shlwapi

UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathMatchSpecW
PathStripPathW
SHStrDupW
StrFormatByteSizeW
PathCompactPathW
ord487
PathParseIconLocationW
PathGetArgsW
PathUnquoteSpacesW
PathRemoveArgsW
PathIsRelativeW
PathIsDirectoryW
PathRemoveFileSpecW
PathFileExistsW
PathAddBackslashW
SHDeleteKeyW

kernel32

GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetFileAttributesW
SetErrorMode
FindResourceExW
RtlUnwind
CreateThread
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleExW
AreFileApisANSI
SetStdHandle
GetFileType
HeapQueryInformation
VirtualQuery
GetStdHandle
GetStartupInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetCPInfo
IsValidCodePage
GetOEMCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetTimeZoneInformation
GetConsoleMode
ReadConsoleW
GetConsoleCP
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
CreateFileW
CloseHandle
SetLastError
DeviceIoControl
SetEvent
ResetEvent
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
WaitForSingleObject
CreateEventW
TerminateThread
WaitForMultipleObjects
GetModuleHandleW
TlsAlloc
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
GetThreadLocale
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
SuspendThread
SetThreadPriority
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryExW
FreeResource
GetSystemDirectoryW
EncodePointer
GlobalFree
GetModuleHandleA
GetACP
lstrlenA
ExitProcess
LocalUnlock
FormatMessageA
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
GetPrivateProfileSectionNamesW
CreateDirectoryW
InterlockedDecrement
InterlockedIncrement
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
GetCurrentProcess
VerifyVersionInfoW
GetUserDefaultUILanguage
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
MulDiv
GetLastError
TerminateProcess
OpenProcess
lstrlenW
FileTimeToLocalFileTime
GetFileSize
ReadFile
GetSystemTime
GetSystemTimeAsFileTime
GetProcAddress
FileTimeToDosDateTime
GetExitCodeProcess
CreateProcessW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
LoadLibraryA
lstrcpynW
GetCurrentDirectoryW
Sleep
GetLocalTime
GetModuleFileNameW
lstrcatW
DeleteFileW
GetComputerNameW
SearchPathW
lstrcmpW
DecodePointer
RaiseException
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
WinExec
GetTickCount
WriteFile
GetExitCodeThread
GetLongPathNameW
SetFilePointer
LocalLock
GetVersionExW
ExpandEnvironmentStringsW
VirtualProtect
GetNativeSystemInfo
GetVersion
FileTimeToSystemTime
ResumeThread
lstrcmpiW
GetFileAttributesExW
GetFileTime
SystemTimeToFileTime
MoveFileExW
IsBadReadPtr
IsBadWritePtr
RemoveDirectoryW
SetFileAttributesW
LoadLibraryW
LocalAlloc
LocalFree
FormatMessageW
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateWaitableTimerW
VirtualUnlock
VirtualLock
VirtualFree
VirtualAlloc
GetSystemInfo
SignalObjectAndWait
CancelWaitableTimer
SetWaitableTimer
WaitForMultipleObjectsEx
OutputDebugStringW
OutputDebugStringA
WriteFileEx
SetFilePointerEx
GetFileSizeEx
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetProcessTimes
CompareFileTime
GlobalUnlock
GlobalLock
GlobalAlloc
GetTempPathW
QueryDosDeviceW
GetTempFileNameW
GetLogicalDriveStringsW
FindNextFileW
FindFirstFileW
FindClose
lstrcpyW
GetWindowsDirectoryW
OpenEventW
OpenMutexW
CreateMutexW
GetCommandLineW

user32

PostThreadMessageW
RegisterClipboardFormatW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
ReleaseCapture
SetCapture
IsIconic
RealChildWindowFromPoint
GetSysColorBrush
MapDialogRect
SetWindowContextHelpId
CharUpperW
GetMenuItemInfoW
DestroyMenu
MapVirtualKeyW
GetKeyNameTextW
IntersectRect
SendMessageW
EnableWindow
DestroyIcon
IsWindowVisible
CharNextW
GetWindowDC
ShowOwnedPopups
LoadMenuW
GetNextDlgTabItem
EndDialog
IsWindowEnabled
SetDlgItemTextW
GetMonitorInfoW
MonitorFromWindow
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetTopWindow
GetClassLongW
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
ValidateRect
SetActiveWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
GetClassInfoExW
RegisterClassW
CallWindowProcW
GetMessageTime
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
InflateRect
SetClassLongW
GetActiveWindow
GetWindowTextW
SystemParametersInfoW
SetMenuDefaultItem
GetForegroundWindow
SetRectEmpty
IsRectEmpty
EqualRect
DefWindowProcW
MessageBoxW
GetDesktopWindow
EnumWindows
GetDC
ReleaseDC
RegisterWindowMessageW
PostMessageW
IsWindow
GetFocus
GetKeyState
DrawTextW
InvalidateRect
GetClientRect
SetCursor
GetCursorPos
ScreenToClient
GetSysColor
SetRect
OffsetRect
PtInRect
GetParent
LoadCursorW
LoadImageW
DrawIconEx
GetIconInfo
GetSystemMetrics
GetWindowRect
SendMessageTimeoutW
GetWindowThreadProcessId
MessageBoxA
DrawFrameControl
SendDlgItemMessageA
WindowFromPoint
ShowScrollBar
GetUpdateRect
WinHelpW
IsDialogMessageW
GetLastActivePopup
MessageBeep
EndPaint
BeginPaint
DrawIcon
EnableMenuItem
GetSystemMenu
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
CreateDialogIndirectParamW
DestroyWindow
PostQuitMessage
WaitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
CreateIconIndirect
LoadStringW
SetLayeredWindowAttributes
CreateWindowExW
RegisterClassExW
ExitWindowsEx
GetMessageW
SetWindowLongW
GetWindowLongW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
AttachThreadInput
CharLowerBuffW
CharLowerBuffA
EnumDisplaySettingsW
FindWindowExW
FindWindowW
SetFocus
ShowWindow
WaitForInputIdle
GetMessagePos
CreatePopupMenu
GetClassInfoW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
DrawStateW
GetWindow
RedrawWindow
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateMDISysAccel
DefFrameProcW
DrawMenuBar
GetTabbedTextExtentA
SetWindowLongA
GetWindowLongA
IsWindowUnicode
SetCursorPos
GetDoubleClickTime
DrawEdge
LookupIconIdFromDirectoryEx
UnionRect
ShowCaret
HideCaret
GetWindowRgn
IsMenu
GetCursor
IsClipboardFormatAvailable
IsZoomed
MapVirtualKeyExW
GetKeyboardState
IsCharLowerW
GetKeyboardLayout
GetKeyboardLayoutList
ToUnicodeEx
SetWindowRgn
AppendMenuW
DrawFocusRect
SetWindowPlacement
GetWindowPlacement
MoveWindow
FillRect
MapWindowPoints
SetWindowTextW
GetDlgItem
CharLowerW
LoadIconW
DeleteMenu
GetMenuItemCount
SetWindowPos
CopyIcon
GetClassNameW
KillTimer
SetTimer
SetForegroundWindow
GetMenuDefaultItem
TrackPopupMenu
UnregisterClassW
ClientToScreen
InsertMenuW
TabbedTextOutW
GrayStringW
DrawTextExW
CreateIconFromResourceEx
GetDCEx
LockWindowUpdate
InvertRect
wsprintfW
SetParent
CopyRect

gdi32

RestoreDC
PatBlt
GetDIBits
GetClipBox
CreateRectRgnIndirect
GetBitmapBits
CreateDIBSection
DeleteDC
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetBkColor
Escape
BitBlt
RoundRect
Rectangle
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
CreateSolidBrush
GetDeviceCaps
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
RealizePalette
GetMapMode
SetRectRgn
DPtoLP
GetTextMetricsW
GetRgnBox
EnumFontFamiliesExW
SaveDC
ExtSelectClipRgn
SetBkColor
SetBkMode
SetDIBitsToDevice
StretchBlt
StretchDIBits
SetStretchBltMode
SetTextColor
CreateDCW
CombineRgn
CreateRectRgn
CreateRoundRectRgn
GetPixel
CreatePatternBrush
ExcludeClipRect
GetClipRgn
GetCurrentPositionEx
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
SelectClipRgn
SetMapMode
SetTextAlign
SetPixel
Polygon
GetCurrentObject
ExtCreateRegion
PtInRegion
GetViewportOrgEx
CreateFontW
Polyline
Ellipse
GetCharWidthW
GetTextAlign
GetTextExtentPoint32A
BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
CreatePolygonRgn
GetWindowOrgEx
SetPixelV
FillRgn
FrameRgn
MoveToEx
GetTextColor
CreateBitmap
PolyBezierTo

msimg32

AlphaBlend
GradientFill

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyExW
RegCreateKeyW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegQueryInfoKeyW
CloseServiceHandle
RegQueryValueW
RegEnumKeyW
RegEnumValueW
ConvertSidToStringSidW
LookupPrivilegeValueW
IsValidSid
GetTokenInformation
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyExW
RegDeleteKeyW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumServicesStatusExW
ControlService

shell32

SHChangeNotify
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
DragQueryFileW
DragAcceptFiles
ExtractIconExW
SHGetFileInfoW
CommandLineToArgvW
DragFinish
Shell_NotifyIconW
SHGetMalloc
SHGetSpecialFolderLocation
SHAppBarMessage

comctl32

ImageList_Draw
ImageList_AddMasked
_TrackMouseEvent
ImageList_Destroy
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_GetIconSize

uxtheme

DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoTaskMemAlloc
CoInitializeSecurity
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

OleLoadPicturePath
VariantChangeTypeEx
VarUdateFromDate
VarBstrFromDate
SysAllocString
SysAllocStringLen
SysFreeString
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayCreateVector
VariantInit
VariantClear
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantCopy
VariantChangeType
OleCreateFontIndirect
LoadTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayGetDim
SafeArrayGetElemsize
VarDateFromStr
SafeArrayAccessData

oledlg

OleUIBusyW
OleUIAddVerbMenuW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

oleacc

CreateStdAccessibleObject
LresultFromObject

wininet

InternetSetStatusCallbackW
InternetSetOptionExW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetLastResponseInfoW

winmm

PlaySoundW

Exports

Exports

_EXECryptor_AntiDebug@0
_EXECryptor_DecodeSerialNumber@16
_EXECryptor_DecodeSerialNumberW@16
_EXECryptor_DecryptStr@8
_EXECryptor_DecryptStrW@8
_EXECryptor_EncryptStr@8
_EXECryptor_EncryptStrW@8
_EXECryptor_GetDate@0
_EXECryptor_GetEXECryptorVersion@0
_EXECryptor_GetHardwareID@0
_EXECryptor_GetProcAddr@8
_EXECryptor_GetReleaseDate@0
_EXECryptor_GetTrialDaysLeft@4
_EXECryptor_GetTrialRunsLeft@4
_EXECryptor_IsAppProtected@0
_EXECryptor_IsRegistered@0
_EXECryptor_MessageBoxA@16
_EXECryptor_ProtectImport@0
_EXECryptor_RegConst_0@0
_EXECryptor_RegConst_1@0
_EXECryptor_RegConst_2@0
_EXECryptor_RegConst_3@0
_EXECryptor_RegConst_4@0
_EXECryptor_RegConst_5@0
_EXECryptor_RegConst_6@0
_EXECryptor_RegConst_7@0
_EXECryptor_SecureRead@8
_EXECryptor_SecureReadW@8
_EXECryptor_SecureWrite@8
_EXECryptor_SecureWriteW@8
_EXECryptor_VerifySerialNumber@16
_EXECryptor_VerifySerialNumberW@16

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall_Tool_3.5.2(1)/crack/x86/license.dat
Uninstall_Tool_3.5.2(1)/uninstalltool_setup.exe
.exe windows:5 windows x86 arch:x86

20dd26497880c05caed9305b3c8b9109

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

30/12/2025, 23:59

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:c7:a8:bb:13:de:14:b4:88:fe:7c:fc:ee:2f:c2:68
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

23/01/2017, 20:43

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

10/06/2027, 10:46

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:c7:a8:bb:13:de:14:b4:88:fe:7c:fc:ee:2f:c2:68
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

23/01/2017, 20:43

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e1:07:10:5c:24:30:e9:84:f6:25:2d:88:35:74:40:6a:dc:fd:f5:f5:a2:97:3b:82:52:b1:90:ff:1f:c1:25:4f
Signer

Actual PE Digest

e1:07:10:5c:24:30:e9:84:f6:25:2d:88:35:74:40:6a:dc:fd:f5:f5:a2:97:3b:82:52:b1:90:ff:1f:c1:25:4f

Digest Algorithm

sha256

PE Digest Matches

true

9b:af:a3:c7:23:f8:bc:df:3a:4a:30:5a:62:e4:ba:16:ba:37:52:56
Signer

Actual PE Digest

9b:af:a3:c7:23:f8:bc:df:3a:4a:30:5a:62:e4:ba:16:ba:37:52:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

378d1650c33f7229270e5b30e185a305

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

uxtheme

ole32

oleaut32

oledlg

version

psapi

oleacc

wininet

winmm

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 65KB - Virtual size: 104KB

.pdata Size: 150KB - Virtual size: 149KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

fc12254045aea03036a8a79c88c41b58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

uxtheme

ole32

oleaut32

oledlg

version

psapi

oleacc

wininet

winmm

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 616KB - Virtual size: 616KB

.data Size: 50KB - Virtual size: 76KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

20dd26497880c05caed9305b3c8b9109

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1bCertificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 65KB - Virtual size: 104KB

.pdata
Size: 150KB - Virtual size: 149KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 616KB - Virtual size: 616KB

.data
Size: 50KB - Virtual size: 76KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

50:c7:a8:bb:13:de:14:b4:88:fe:7c:fc:ee:2f:c2:68
Certificate

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

50:c7:a8:bb:13:de:14:b4:88:fe:7c:fc:ee:2f:c2:68
Certificate

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

e1:07:10:5c:24:30:e9:84:f6:25:2d:88:35:74:40:6a:dc:fd:f5:f5:a2:97:3b:82:52:b1:90:ff:1f:c1:25:4f
Signer

9b:af:a3:c7:23:f8:bc:df:3a:4a:30:5a:62:e4:ba:16:ba:37:52:56
Signer

.text
Size: 61KB - Virtual size: 60KB

.itext
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 107KB - Virtual size: 107KB