TrueMedia-win-4[.]3[.]3_6[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TrueMedia-win-4.3.3_6.exe
Size

54.9MB
MD5

225fcf52e0df4cb47204b9a4b1c09188
SHA1

8508871f36002088451d8289f07151aa1d8523e6
SHA256

b996ee56eebc409ba765bceeb5ec30bdaf4f61a5a4229529881a33259b39129b
SHA512

cf5df6d7de3a005072a175d5eb40d56344ea0df7659609ef84b7eb05704972294f98fa75d8e6b562b5e9c0122953a2cf668a8336b60490b8b6e4e02ac94f7b6c
SSDEEP

786432:oVhnPONZ7ipOV156p8ZgiL2+KyZ2z0Z9Yy66SaMvOMDDcRtVyODH5aFC1hnOobwl:oLm4ujr5jZ99CHc/V1aFC1hjaDKaIja

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
TrueMedia-win-4.3.3_6.exe
unpack001/$PLUGINSDIR/System.dll
unpack001/C:/Program Files/TrueVision Surgical/TrueMedia-win-4.3.3-3.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

TrueMedia-win-4.3.3_6.exe
.exe windows:4 windows x86 arch:x86

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
GetFileAttributesA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
GetFullPathNameA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
GlobalUnlock
GetDiskFreeSpaceA
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C:/Program Files/TrueVision Surgical/TrueMedia-win-4.3.3-3.exe
.exe windows:6 windows x64 arch:x64

89011651d6155d89cdb98439b4924f9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\Repositories\installer-framework\bin\installerbase.pdb

Imports

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd

oleaut32

SysFreeString
VariantCopy
VariantClear
SysAllocStringLen
SysAllocString
SysStringLen
VariantInit
VariantChangeType
SystemTimeToVariantTime
CreateErrorInfo
SetErrorInfo
GetErrorInfo

uxtheme

IsAppThemed
IsThemeActive
SetWindowTheme
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
GetCurrentThemeName
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeMargins
GetThemeEnumValue
GetThemeInt
GetThemeColor
GetThemePartSize
OpenThemeData
DrawThemeBackground
CloseThemeData
DrawThemeTextEx
SetWindowThemeAttribute
GetThemeSysFont

dwmapi

DwmIsCompositionEnabled
DwmDefWindowProc
DwmExtendFrameIntoClientArea
ord102
DwmGetColorizationColor
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

gdi32

CreateBitmap
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
GetGlyphOutlineW
CombineRgn
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
ChoosePixelFormat
SetPixelFormat
DescribePixelFormat
GetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
CreateSolidBrush

winmm

timeKillEvent
PlaySoundW
timeSetEvent

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoLockObjectExternal
RegisterDragDrop
CoUninitialize
OleInitialize
OleUninitialize
CoInitializeEx
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
ReleaseStgMedium
CoGetMalloc
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
RevokeDragDrop

user32

MessageBoxW
SetRect
FillRect
DrawIconEx
ChangeWindowMessageFilterEx
RealGetWindowClassW
GetWindowTextW
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
RegisterClassW
NotifyWinEvent
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
SetCaretPos
HideCaret
DestroyCaret
CreateCaret
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
DestroyIcon
DestroyCursor
SetParent
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
GetSystemMenu
PostMessageW
RemoveMenu
EnumWindows
GetWindowThreadProcessId
SendMessageTimeoutW
CharUpperW
CharToOemW
CharPrevExA
GetSystemMetrics
SystemParametersInfoW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
SetWindowRgn
GetSysColor
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
UpdateLayeredWindow
ShowWindow
SendMessageW
AttachThreadInput
PostThreadMessageW
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
IsChild
CreateWindowExW
DrawMenuBar

advapi32

RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
LookupPrivilegeValueW
SetFileSecurityW
AdjustTokenPrivileges
OpenProcessToken
GetFileSecurityW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
MapGenericMask
DuplicateToken
RegNotifyChangeKeyValue
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SystemFunction036
AccessCheck
CopySid
RegQueryInfoKeyW

ws2_32

getaddrinfo
freeaddrinfo
WSASocketW
WSASendTo
WSASend
WSARecvFrom
getnameinfo
getsockopt
__WSAFDIsSet
bind
WSAGetLastError
getpeername
getsockname
htons
listen
select
setsockopt
ntohl
htonl
WSAAccept
WSAConnect
WSAHtonl
WSANtohl
WSANtohs
WSARecv
closesocket
WSAAsyncSelect
gethostname
WSACleanup
WSAStartup
WSAIoctl

iphlpapi

ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidW
GetAdaptersAddresses
GetNetworkParams
ConvertInterfaceIndexToLuid

mpr

WNetGetUniversalNameA

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

ReadConsoleW
GetConsoleMode
OutputDebugStringA
WriteConsoleW
AreFileApisANSI
ExitThread
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
HeapValidate
HeapSize
GetStringTypeW
GetExitCodeThread
DecodePointer
EncodePointer
CreateMutexW
ReleaseMutex
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlCaptureStackBackTrace
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
HeapFree
HeapReAlloc
HeapQueryInformation
GetModuleFileNameA
GetUserGeoID
GetGeoInfoW
FindNextChangeNotification
GetModuleHandleExW
FindFirstFileExW
SetFilePointerEx
GetFileInformationByHandleEx
TzSpecificLocalTimeToSystemTime
MoveFileExW
CopyFileW
GetLogicalDrives
GetFullPathNameW
GetFileAttributesW
WriteFileEx
SleepEx
CancelIoEx
PeekNamedPipe
ReadFileEx
RegisterWaitForSingleObject
UnregisterWaitEx
LCMapStringW
GetUserPreferredUILanguages
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcessId
GetExitCodeProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
WaitForSingleObjectEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
SwitchToThread
GetConsoleCP
DuplicateHandle
GetLocalTime
GetStartupInfoW
GetUserDefaultLCID
CompareStringW
OutputDebugStringW
GetNativeSystemInfo
SetHandleInformation
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
GlobalFree
WaitNamedPipeW
DisconnectNamedPipe
CreateFileMappingW
VirtualProtect
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemTime
ExitProcess
Sleep
GetVolumeInformationW
lstrlenW
LocalAlloc
GetUserDefaultLangID
GlobalSize
LoadLibraryA
GetLocaleInfoW
GlobalUnlock
GlobalLock
GlobalAlloc
CheckRemoteDebuggerPresent
ExpandEnvironmentStringsW
lstrcmpW
WaitForMultipleObjects
FileTimeToLocalFileTime
GetSystemInfo
GetCurrentProcess
VirtualFree
VirtualAlloc
CreateSemaphoreW
CreateEventW
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
HeapAlloc
GetProcessHeap
SetConsoleCtrlHandler
SetEnvironmentVariableA
SetEnvironmentVariableW
GetFullPathNameA
GetThreadTimes
FreeLibraryAndExitThread
InitializeSListHead
GetVersionExW
SetProcessAffinityMask
CreateProcessA
WaitForMultipleObjectsEx
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
GetLogicalDriveStringsW
FindNextFileW
FindFirstFileW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindClose
GetFileInformationByHandle
MoveFileW
GetModuleHandleW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
SetStdHandle
FatalAppExitA
GetCPInfo
TryEnterCriticalSection
CreateTimerQueue
RaiseException
InterlockedPopEntrySList
SetCurrentDirectoryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
OpenEventW
SetFileTime
SetFilePointer
SetEndOfFile
ReadFile
GetFileSize
GetProcAddress
GetStdHandle
GetFileType
GetLargestConsoleWindowSize
SetConsoleScreenBufferSize
FreeConsole
AttachConsole
AllocConsole
SetConsoleMode
GetConsoleWindow
GetCommandLineW
CloseHandle
CreateProcessW
LocalFree
FormatMessageW
GetFileAttributesExW
GetLongPathNameW
GetShortPathNameW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetEnvironmentVariableW
OpenProcess
GlobalMemoryStatusEx
GetLogicalDriveStringsA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExA
GetDriveTypeA
GetDriveTypeW
GetVolumePathNamesForVolumeNameW
SetErrorMode
WaitForSingleObject
TerminateProcess
GetLastError
FileTimeToSystemTime
CreateFileW
DeviceIoControl
FlushFileBuffers
LockFile
UnlockFile
WriteFile
CompareFileTime
VirtualQuery

shell32

SHGetKnownFolderPath
CommandLineToArgvW
SHParseDisplayName
ord155
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHChangeNotify
SHGetFolderLocation
ShellExecuteExW
SHGetFolderPathW

Sections

.text
Size: 32.7MB - Virtual size: 32.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15.7MB - Virtual size: 15.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 209KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1024B - Virtual size: 889B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 27KB - Virtual size: 27KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 608B

89011651d6155d89cdb98439b4924f9c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

oleaut32

uxtheme

dwmapi

gdi32

winmm

ole32

user32

advapi32

ws2_32

iphlpapi

mpr

netapi32

userenv

version

kernel32

shell32

Sections

.text Size: 32.7MB - Virtual size: 32.7MB

.rdata Size: 15.7MB - Virtual size: 15.7MB

.data Size: 209KB - Virtual size: 418KB

.pdata Size: 1.7MB - Virtual size: 1.7MB

.idata Size: 27KB - Virtual size: 27KB

.qtmetad Size: 1024B - Virtual size: 889B

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 236KB - Virtual size: 236KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: 32.7MB - Virtual size: 32.7MB

.rdata
Size: 15.7MB - Virtual size: 15.7MB

.data
Size: 209KB - Virtual size: 418KB

.pdata
Size: 1.7MB - Virtual size: 1.7MB

.idata
Size: 27KB - Virtual size: 27KB

.qtmetad
Size: 1024B - Virtual size: 889B

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 236KB - Virtual size: 236KB