0d8605edd2bb5d5b490bfafa98166cd10e86bcc9365f4b6c1c34111d60a95ac8

Sharing

Copy URL Twitter E-mail

General

Target

0d8605edd2bb5d5b490bfafa98166cd10e86bcc9365f4b6c1c34111d60a95ac8
Size

1.0MB
MD5

678016c3534f85ccc0f2a18f1864c82f
SHA1

5767ccb2c724797db43d0ed356baa4801bd3a244
SHA256

0d8605edd2bb5d5b490bfafa98166cd10e86bcc9365f4b6c1c34111d60a95ac8
SHA512

27d41201897386217b2e1c29ed0432a13646143628cf2fb726c47e53e6203378f5e4715d07222417836d56c2e921549f06af1a940078b0efe0c20c479c409209
SSDEEP

24576:cxTVUhPo2SKM4GUqNeJCpmjxbWkXGgqabsu:cTuh8UzJCpmjxWEGgsu

Score

1^/10

Malware Config

Signatures

Files

0d8605edd2bb5d5b490bfafa98166cd10e86bcc9365f4b6c1c34111d60a95ac8
.exe windows:5 windows x86 arch:x86

662bcaf7bedd139712b70309a7ff0813

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:b5:7e:e8:07:45:95:de:33:f1:ea:d7:df:b3:dd:43
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/08/2022, 00:00

Not After

29/07/2025, 23:59

Subject

SERIALNUMBER=91110108680456115E,CN=Glarysoft Ltd,O=Glarysoft Ltd,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13104861696469616e204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:b5:7e:e8:07:45:95:de:33:f1:ea:d7:df:b3:dd:43
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/08/2022, 00:00

Not After

29/07/2025, 23:59

Subject

SERIALNUMBER=91110108680456115E,CN=Glarysoft Ltd,O=Glarysoft Ltd,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13104861696469616e204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:f8:2d:12:91:69:e7:12:66:be:f0:54:ad:75:ba:10:8a:52:d2:d4:7e:43:d4:d6:60:ba:3f:d6:16:ec:20:4d
Signer

Actual PE Digest

32:f8:2d:12:91:69:e7:12:66:be:f0:54:ad:75:ba:10:8a:52:d2:d4:7e:43:d4:d6:60:ba:3f:d6:16:ec:20:4d

Digest Algorithm

sha256

PE Digest Matches

false

c6:46:5e:98:9c:74:d1:9d:a0:b2:50:b9:c4:5c:1a:a5:c2:e3:11:7d
Signer

Actual PE Digest

c6:46:5e:98:9c:74:d1:9d:a0:b2:50:b9:c4:5c:1a:a5:c2:e3:11:7d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\winapps\gu6\exe\vc\Uninstaller\sourcecode\Release_s\unInstaller.pdb

Imports

register

GoHomePage
ShowDlgWindow
OpenURL

skinsmanager

GetSkinsColor
GetSkinsToInt
GetSkinsOption
GetSkinsFile
GetAllKeyArrBySection
InitializeLibrary
InitializeSkins
UnitializeLibrary

mfc90u

ord3230
ord6379
ord3229
ord5338
ord3232
ord4553
ord5450
ord5447
ord2860
ord2079
ord2445
ord5354
ord4985
ord6687
ord2695
ord3856
ord2469
ord2694
ord783
ord581
ord2100
ord2497
ord406
ord665
ord2490
ord2501
ord3188
ord3015
ord2479
ord5939
ord4234
ord936
ord6311
ord2539
ord3221
ord300
ord305
ord1608
ord6633
ord6689
ord265
ord266
ord293
ord2081
ord5852
ord2696
ord2326
ord3018
ord2057
ord404
ord663
ord5535
ord6813
ord1552
ord4043
ord589
ord794
ord4211
ord6482
ord570
ord996
ord4890
ord2447
ord3670
ord4905
ord3115
ord6018
ord5663
ord5680
ord4996
ord4347
ord5676
ord5674
ord2087
ord4213
ord5830
ord6741
ord5548
ord1048
ord4179
ord6035
ord2206
ord2251
ord4747
ord6803
ord4173
ord6801
ord4423
ord4448
ord3803
ord4004
ord388
ord650
ord5137
ord1144
ord4677
ord4684
ord4906
ord6553
ord6439
ord3035
ord3340
ord4641
ord2090
ord5171
ord5285
ord5945
ord3009
ord5861
ord1492
ord6044
ord5606
ord2239
ord2204
ord6762
ord2867
ord2859
ord4994
ord582
ord784
ord1383
ord2372
ord6205
ord4270
ord6349
ord3146
ord4400
ord2727
ord3167
ord4171
ord3500
ord585
ord788
ord1723
ord3941
ord4037
ord3157
ord5611
ord5403
ord2627
ord1431
ord1425
ord5429
ord1432
ord4616
ord1787
ord6528
ord6529
ord4322
ord587
ord792
ord4451
ord3149
ord6172
ord1166
ord6338
ord5373
ord2431
ord2144
ord2143
ord2708
ord1585
ord5399
ord6197
ord4040
ord3282
ord3665
ord791
ord5938
ord3187
ord6079
ord5770
ord6164
ord339
ord6204
ord2243
ord899
ord3160
ord3158
ord3150
ord2141
ord3685
ord3842
ord4010
ord6527
ord5078
ord5653
ord4682
ord5167
ord3145
ord6355
ord6347
ord4266
ord4262
ord5008
ord4000
ord639
ord374
ord3794
ord693
ord3563
ord3252
ord4658
ord2280
ord1314
ord4405
ord5654
ord3217
ord6807
ord2904
ord1938
ord2706
ord6579
ord6780
ord790
ord586
ord2360
ord2901
ord3654
ord4660
ord1719
ord2283
ord778
ord6577
ord1329
ord911
ord1317
ord1330
ord1316
ord2697
ord3186
ord316
ord306
ord601
ord818
ord821
ord820
ord5979
ord3422
ord6830
ord290
ord6094
ord2097
ord1220
ord6065
ord938
ord1603
ord6659
ord2478
ord4490
ord4518
ord4519
ord2551
ord1607
ord285
ord3220
ord6381
ord4109
ord4866
ord4865
ord5224
ord4622
ord5214
ord4809
ord5418
ord4589
ord4596
ord5209
ord4807
ord4823
ord4820
ord4802
ord4805
ord4800
ord5296
ord5293
ord4378
ord3354
ord6410
ord5601
ord2643
ord2644
ord2647
ord2645
ord2646
ord3681
ord1440
ord5624
ord1680
ord4693
ord4741
ord5371
ord6755
ord1688
ord5016
ord4006
ord4719
ord686
ord436
ord669
ord413
ord3818
ord4543
ord4398
ord3489
ord4652
ord1665
ord2274
ord4044
ord595
ord3286
ord5625
ord5664
ord6800
ord5602
ord4664
ord2139
ord4527
ord3741
ord611
ord6604
ord1063
ord1088
ord525
ord333
ord6096
ord4131
ord2592
ord3736
ord6630
ord286
ord1248
ord1250
ord1254
ord1137
ord2676
ord4324
ord6013
ord2284
ord1784
ord1720
ord6524
ord4615
ord4320
ord5802
ord4396
ord2078
ord2289
ord2297
ord2288
ord2269
ord2265
ord2227
ord1433
ord5428
ord1423
ord1430
ord4661
ord5595
ord6196
ord6517
ord4670
ord2650
ord6051
ord2916
ord645
ord383
ord3481
ord2762
ord3370
ord4127
ord5615
ord4175
ord3225
ord6426
ord4720
ord654
ord3528
ord376
ord750
ord3627
ord1708
ord1779
ord670
ord415
ord4007
ord3819
ord3231
ord2596
ord1357
ord1108
ord2146
ord3577
ord2282
ord4512
ord2130
ord5851
ord6624
ord6622
ord6519
ord2264
ord6664
ord6668
ord3064
ord3109
ord4169
ord2241
ord2240
ord2205
ord984
ord1447
ord6159
ord2655
ord2089
ord2110
ord6616
ord6618
ord2121
ord1876
ord5035
ord5808
ord1888
ord1880
ord1718
ord5153
ord4701
ord777
ord575
ord4034
ord3932
ord935
ord6063
ord6572
ord6060
ord6566
ord4579
ord6569
ord6101
ord5974
ord6040
ord5863
ord5850
ord6418
ord6174
ord3513
ord2726
ord3742
ord3380
ord6416
ord3061
ord6636
ord1868
ord6794
ord5652
ord5622
ord2137
ord6424
ord3637
ord3383
ord3381
ord3156
ord4035
ord779
ord576
ord3934
ord3768
ord744
ord524
ord2069
ord2470
ord6091
ord1353
ord2597
ord4681
ord4910
ord4348
ord2891
ord4071
ord4081
ord4080
ord2764
ord2893
ord2774
ord3140
ord2966
ord4728
ord3112
ord2983
ord2771
ord1727
ord1791
ord1792
ord1442
ord3226
ord6376
ord5404
ord3682
ord6804
ord4174
ord6802

msvcr90

_invalid_parameter_noinfo
_wtoi
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
free
memset
memcpy_s
wcsstr
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcstod
wcsncmp
__wargv
__argc
_strtoi64
strtol
wcsftime
memcmp
wcscat
printf
wcschr
_endthread
_endthreadex
_beginthreadex
_ftime64_s
isalpha
memcpy
fgetws
realloc
fgets
fputs
strstr
strchr
fopen_s
strcpy_s
wcsrchr
fclose
fputws
swprintf_s
_localtime64_s
_wfopen_s
wcscpy
strlen
_difftime64
wcstoul
_time64
_mktime64
abs
_wcsicmp
wcscpy_s
_purecall
calloc
_recalloc
_wcsnicmp
wcstol
labs
memmove_s
_resetstkoflw
malloc
wcslen

kernel32

GetWindowsDirectoryW
MoveFileExA
DeleteFileW
FileTimeToLocalFileTime
GetFileAttributesExA
ExpandEnvironmentStringsW
FileTimeToSystemTime
GetFileAttributesExW
GetLongPathNameW
GetSystemWindowsDirectoryW
GetCurrentProcess
lstrlenA
GetEnvironmentVariableW
MultiByteToWideChar
WaitForSingleObject
GlobalUnlock
GlobalLock
CreateDirectoryW
CloseHandle
GlobalAlloc
GetFileAttributesW
FreeLibrary
GetModuleFileNameW
MulDiv
SetLastError
LoadLibraryW
GetLastError
lstrlenW
LoadLibraryA
GetProcAddress
GetModuleHandleW
InterlockedExchange
LeaveCriticalSection
GetCurrentProcessId
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
OutputDebugStringW
GetFileTime
CreateFileW
LocalFree
WideCharToMultiByte
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
OpenProcess
RemoveDirectoryW
MoveFileExW
MoveFileW
SetFileAttributesW
Sleep
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
GetVersion
QueryDosDeviceW
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
EnterCriticalSection

user32

EnableWindow
GetClientRect
IsWindowVisible
GetParent
SetWindowPos
MessageBoxW
InsertMenuW
CreateMenu
IsWindow
UnionRect
GetMenuBarInfo
ModifyMenuW
GetMenuState
GetMenuItemID
LoadImageW
GetIconInfo
FindWindowExA
WaitForInputIdle
KillTimer
SetTimer
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW
SetForegroundWindow
ShowWindow
IsIconic
GetLastActivePopup
FindWindowW
GetMonitorInfoW
MonitorFromRect
GetWindowThreadProcessId
SendMessageW
GetMenuItemInfoW
DrawIconEx
DeleteMenu
CreatePopupMenu
UpdateWindow
GetDlgItem
SetWindowTextW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SetMenuItemInfoW
LoadBitmapW
AppendMenuW
GetSystemMenu
CheckMenuRadioItem
PostMessageW
GetWindowLongW
SetWindowLongW
GetSystemMetrics
GetSubMenu
CheckMenuItem
EnableMenuItem
GetMenuItemCount
GrayStringW
DrawTextExW
TabbedTextOutW
TrackMouseEvent
DrawTextW
DrawIcon
LoadIconW
DestroyIcon
GetActiveWindow
WindowFromPoint
ClientToScreen
GetClassInfoW
ReleaseCapture
SetCapture
InvalidateRect
RedrawWindow
SetRect
FrameRect
FillRect
GetWindowRect
CopyRect
SetRectEmpty
ReleaseDC
GetDC
InflateRect
OffsetRect
ScreenToClient
GetCursorPos
LoadCursorW
SetCursor
PtInRect

gdi32

ExtTextOutW
Escape
FrameRgn
GetPixel
SetPixel
RoundRect
GetBkMode
GetDeviceCaps
CreateSolidBrush
CreateFontW
GetTextMetricsW
GetTextExtentPoint32W
SetDIBColorTable
RectVisible
SelectObject
GetDIBColorTable
StretchBlt
DeleteObject
CreateDIBSection
DeleteDC
FillRgn
CreateRoundRectRgn
Rectangle
CreatePatternBrush
GetBkColor
DPtoLP
GetMapMode
LPtoDP
TextOutW
GetCurrentObject
GetTextColor
CreateFontIndirectW
CreatePen
CreateCompatibleBitmap
GetObjectW
BitBlt
PtVisible
SetBrushOrgEx
BeginPath
EndPath
FillPath
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend
GradientFill

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCreateKeyExW
DeleteService
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyW
RegEnumKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteKeyA
RegEnumKeyA
RegDeleteKeyW
RegEnumKeyW
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

ShellExecuteW
ExtractIconExW
SHGetFileInfoW
SHGetFolderPathW
SHGetSpecialFolderPathW
ord165
ShellExecuteExW
SHFileOperationW
CommandLineToArgvW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

StrCmpLogicalW
PathMatchSpecW
PathFindExtensionW
ord487
ColorAdjustLuma
SHGetValueW
PathFindOnPathW
PathFindFileNameW
PathFileExistsW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
IIDFromString
CoInitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

gdiplus

GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDrawImageRectI
GdipFillRectangleI
GdipSetSmoothingMode
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateHICONFromBitmap

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

sfc

SRSetRestorePointW

sqlite3

sqlite3_step
sqlite3_bind_text
sqlite3_close
sqlite3_exec
sqlite3_open
sqlite3_prepare
sqlite3_finalize
sqlite3_bind_int
sqlite3_last_insert_rowid
sqlite3_data_count
sqlite3_column_int64
sqlite3_bind_int64
sqlite3_errmsg

uxtheme

CloseThemeData
DrawThemeBackground
OpenThemeData
SetWindowTheme

guwndmanager

WindowsPosHookWnd
WindowsPosInitialize

crashreport

ord1

psapi

EnumProcesses
GetProcessImageFileNameW

zlib1

uncompress

languages

ord8
ord4
ord5
ord3
ord6

config

ord13
ord11
GUCIsSeparate

checkupdate

ord6

Sections

.text
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

662bcaf7bedd139712b70309a7ff0813

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:b5:7e:e8:07:45:95:de:33:f1:ea:d7:df:b3:dd:43Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:b5:7e:e8:07:45:95:de:33:f1:ea:d7:df:b3:dd:43Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

32:f8:2d:12:91:69:e7:12:66:be:f0:54:ad:75:ba:10:8a:52:d2:d4:7e:43:d4:d6:60:ba:3f:d6:16:ec:20:4dSigner

c6:46:5e:98:9c:74:d1:9d:a0:b2:50:b9:c4:5c:1a:a5:c2:e3:11:7dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

register

skinsmanager

mfc90u

msvcr90

kernel32

user32

gdi32

msimg32

comdlg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

msvcp90

sfc

sqlite3

uxtheme

guwndmanager

crashreport

psapi

zlib1

languages

config

checkupdate

Sections

.text Size: 516KB - Virtual size: 516KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 337KB - Virtual size: 337KB

.reloc Size: 48KB - Virtual size: 48KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:b5:7e:e8:07:45:95:de:33:f1:ea:d7:df:b3:dd:43
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:b5:7e:e8:07:45:95:de:33:f1:ea:d7:df:b3:dd:43
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

32:f8:2d:12:91:69:e7:12:66:be:f0:54:ad:75:ba:10:8a:52:d2:d4:7e:43:d4:d6:60:ba:3f:d6:16:ec:20:4d
Signer

c6:46:5e:98:9c:74:d1:9d:a0:b2:50:b9:c4:5c:1a:a5:c2:e3:11:7d
Signer

.text
Size: 516KB - Virtual size: 516KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 337KB - Virtual size: 337KB

.reloc
Size: 48KB - Virtual size: 48KB