SSJJ-bz-wd-Installer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SSJJ-bz-wd-Installer.exe
Size

2.3MB
MD5

ae6bcfa1489bcc76e50d2df74b59a317
SHA1

2e78481fc469be8ff11dd51d5ca40a89d59addc2
SHA256

40d529c56d6efc72ee0c2db380722e1e0fa0b6fb0034d1a1d78d370692089253
SHA512

3c4f4cbb7a43da3f19be2d71c0e4512da67c072b07e3ac93494f6a54affd79fd348efa22639e28d7916d35d7a26ce2f61cb3dd3628b76dc9eef0b9af475b030a
SSDEEP

49152:GQao6/+1s31WXgdq671M43oJHEOT/vEZiBEub2jjH8Oggwa:95tsEXgYo1M43oJHptBEub2jIOgFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/INetC.dll
unpack001/$PLUGINSDIR/IpConfig.dll
unpack001/$PLUGINSDIR/StdUtils.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

Files

SSJJ-bz-wd-Installer.exe
.exe windows:4 windows x86 arch:x86

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:f9:e9:ea:01:af:ba:10:0b:a1:31:9c:24:91:32:bb
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05-12-2019 00:00

Not After

23-01-2022 12:00

Subject

SERIALNUMBER=91330106699809363L,CN=Zhejiang Wizard Technology Co.\, Ltd,O=Zhejiang Wizard Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130848616e677a686f75,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:67:ed:0c:51:28:35:12:bd:6c:69:69:49:ee:2b
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21-12-2018 00:00

Not After

23-01-2022 12:00

Subject

SERIALNUMBER=91330106699809363L,CN=Zhejiang Wizard Technology Co.\, Ltd,O=Zhejiang Wizard Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130848616e677a686f75,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:8e:cb:f1:b8:e2:36:d8:2e:f4:e3:4f:19:b7:a8:38:5d:72:cf:00:bf:fc:91:61:c4:9c:5d:f8:4d:9f:d8:2a
Signer

Actual PE Digest

2c:8e:cb:f1:b8:e2:36:d8:2e:f4:e3:4f:19:b7:a8:38:5d:72:cf:00:bf:fc:91:61:c4:9c:5d:f8:4d:9f:d8:2a

Digest Algorithm

sha256

PE Digest Matches

true

6e:ac:77:59:b4:6e:76:54:98:c6:8b:68:f7:42:62:ce:27:fc:5c:75
Signer

Actual PE Digest

6e:ac:77:59:b4:6e:76:54:98:c6:8b:68:f7:42:62:ce:27:fc:5c:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
SetCurrentDirectoryW
GetFileAttributesW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
CopyFileW
GetShortPathNameW
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GetDiskFreeSpaceW
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/INetC.dll
.dll windows:4 windows x86 arch:x86

735e27ae3d7df8c0487e4353d04f6f28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LocalFree
WideCharToMultiByte
TerminateThread
lstrcpyW
LoadLibraryA
CreateThread
WaitForSingleObject
LocalAlloc
lstrcpynW
SleepEx
MulDiv
GetModuleHandleW
ReadFile
GetLastError
CreateFileW
lstrcmpiW
CreateFileA
lstrcatW
GetFileSize
SetFilePointer
lstrcmpW
MultiByteToWideChar
lstrlenA
WriteFile
lstrlenW
CloseHandle
GlobalAlloc
GlobalFree
GetTickCount
DeleteFileW

user32

GetDlgItem
DestroyWindow
GetClientRect
MessageBoxW
wsprintfA
SystemParametersInfoW
GetWindowTextW
GetWindowLongW
FindWindowExW
IsWindow
CreateDialogParamW
GetParent
ShowWindow
KillTimer
DispatchMessageW
LoadIconW
PostMessageW
IsDialogMessageW
GetMessageW
SetWindowPos
SendDlgItemMessageW
SetWindowTextW
TranslateMessage
GetWindowRect
RedrawWindow
SetTimer
EnableWindow
UpdateWindow
SetWindowLongW
wsprintfW
SendMessageW
SetDlgItemTextW
IsWindowVisible

comctl32

ord17

wininet

InternetConnectW
HttpOpenRequestW
InternetQueryOptionW
InternetErrorDlg
HttpSendRequestExW
InternetWriteFile
HttpSendRequestW
InternetSetFilePointer
HttpAddRequestHeadersA
FtpCreateDirectoryW
InternetCrackUrlW
FtpOpenFileW
InternetSetOptionW
InternetOpenW
InternetGetLastResponseInfoW
HttpEndRequestW
InternetReadFile
HttpAddRequestHeadersW
InternetCloseHandle
HttpQueryInfoW

Exports

Exports

get
head
post
put

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IpConfig.dll
.dll windows:5 windows x86 arch:x86

3f0fda09180f619ca116344bede41608

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Visual Studio\NSIS Plugins\IpConfig\Output\Unicode\Plugins\IpConfig.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GlobalAlloc
lstrcpynW
GlobalFree
lstrcpyW
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
HeapFree
GetProcessHeap
GetLastError
GetCurrentThreadId
GetCommandLineA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

wsprintfW

ole32

CoSetProxyBlanket
CoCreateInstance

oleaut32

SafeArrayGetUBound
SysFreeString
SafeArrayGetElement
VariantInit
SysAllocStringByteLen
VariantCopy
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString

Exports

Exports

GetAllNetworkAdaptersIDs
GetAllNetworkAdaptersIDsCB
GetDNSSuffixSearchList
GetEnabledNetworkAdaptersIDs
GetEnabledNetworkAdaptersIDsCB
GetHostName
GetNetworkAdapterConnectionID
GetNetworkAdapterConnectionSpecificDNSSuffix
GetNetworkAdapterDHCPLeaseExpires
GetNetworkAdapterDHCPLeaseObtained
GetNetworkAdapterDHCPServer
GetNetworkAdapterDNSServers
GetNetworkAdapterDNSServersCB
GetNetworkAdapterDefaultIPGateways
GetNetworkAdapterDefaultIPGatewaysCB
GetNetworkAdapterDescription
GetNetworkAdapterIDFromDescription
GetNetworkAdapterIDFromIPAddress
GetNetworkAdapterIDFromMACAddress
GetNetworkAdapterIPAddresses
GetNetworkAdapterIPAddressesCB
GetNetworkAdapterIPSubNets
GetNetworkAdapterIPSubNetsCB
GetNetworkAdapterMACAddress
GetNetworkAdapterPrimaryWINSServer
GetNetworkAdapterSecondaryWINSServer
GetNetworkAdapterType
GetNodeType
GetPrimaryDNSSuffix
IsIPRoutingEnabled
IsNetworkAdapterAutoSense
IsNetworkAdapterDHCPEnabled
IsWINSProxyEnabled

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

7b79709c0d5576549eb261e3410f95f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

iswspace
??3@YAXPAX@Z
_msize
_wsetlocale
_snprintf
iswcntrl
_beginthreadex
time
srand
rand
clock
_getpid
_wsplitpath
iswgraph
__wgetmainargs
wcsncpy
_wcsnicmp
wcschr
calloc
free
_wcsicmp
_snwprintf
swscanf
abort
??2@YAPAXI@Z
memset
memcpy

shlwapi

ord176

crypt32

CryptProtectData
CryptUnprotectData

kernel32

GlobalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
HeapValidate
InterlockedDecrement
InterlockedIncrement
GetSystemTime
OutputDebugStringA
GetExitCodeProcess
InitializeCriticalSection
SystemTimeToFileTime
TerminateThread
WaitForSingleObject
LocalFree
GetFullPathNameW
GetVersion
GetFileAttributesW
LoadLibraryW
FreeLibrary
CloseHandle
lstrcpynW
GlobalAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
Sleep
VerSetConditionMask
GetCurrentProcess
GetModuleHandleW
FatalAppExitW
GetVersionExW
TerminateProcess
GetModuleFileNameW
RaiseException
VerifyVersionInfoW
GetLastError
GetProcAddress
SetFilePointerEx
WriteFile
ReadFile
CreateFileW
GetFileSizeEx
GetCommandLineW

user32

MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
wsprintfW
DestroyWindow
SetTimer
UnregisterClassW
KillTimer
LoadStringW
MessageBoxW
GetWindowThreadProcessId
AllowSetForegroundWindow
CreateWindowExW
RegisterClassW
MessageBoxA

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

Exports

Exports

AppendToFile
ExecShellAsUser
ExecShellWaitEx
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetDirectoryPart
GetDrivePart
GetExtensionPart
GetFileNamePart
GetHours
GetLibVersion
GetMinutes
GetOsEdition
GetOsReleaseId
GetParameter
GetParentPath
GetRealOsBuildNo
GetRealOsName
GetRealOsVersion
HashFile
HashText
InvokeShellVerb
NormalizePath
ParameterCnt
ParameterStr
ProtectStr
Rand
RandBytes
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
SetVerboseMode
SplitPath
StrFromUtf8
StrToUtf8
TestParameter
Time
TimerCreate
TimerDestroy
TrimStr
TrimStrLeft
TrimStrRight
UnprotectStr
ValidDomainName
ValidFileName
ValidPathSpec
VerifyRealOsBuildNo
VerifyRealOsVersion
WaitForProcEx

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

e1c0bd3d5b9f3f5cec7ea773ff66ac6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 694B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

e2ee55bddad4241d619d6a8a38e2d869

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WDlauncher.exe
.exe windows:5 windows x86 arch:x86

51b52e8778db954dda3149403236c0f4

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:f9:e9:ea:01:af:ba:10:0b:a1:31:9c:24:91:32:bb
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05-12-2019 00:00

Not After

23-01-2022 12:00

Subject

SERIALNUMBER=91330106699809363L,CN=Zhejiang Wizard Technology Co.\, Ltd,O=Zhejiang Wizard Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130848616e677a686f75,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:67:ed:0c:51:28:35:12:bd:6c:69:69:49:ee:2b
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21-12-2018 00:00

Not After

23-01-2022 12:00

Subject

SERIALNUMBER=91330106699809363L,CN=Zhejiang Wizard Technology Co.\, Ltd,O=Zhejiang Wizard Technology Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130848616e677a686f75,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:a4:1c:3b:33:08:8f:26:a1:c8:4f:57:2f:c1:21:a4:32:ea:65:85:9f:60:98:e2:84:ef:05:d3:e4:8e:87:dd
Signer

Actual PE Digest

ae:a4:1c:3b:33:08:8f:26:a1:c8:4f:57:2f:c1:21:a4:32:ea:65:85:9f:60:98:e2:84:ef:05:d3:e4:8e:87:dd

Digest Algorithm

sha256

PE Digest Matches

true

bf:fb:ed:4e:8d:71:24:eb:e2:ca:67:94:24:cb:8e:ec:34:b2:41:23
Signer

Actual PE Digest

bf:fb:ed:4e:8d:71:24:eb:e2:ca:67:94:24:cb:8e:ec:34:b2:41:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\microclient_build\build\launcher\bin\Release\WDlauncher.pdb

Imports

ws2_32

htons
ntohs
setsockopt
getsockopt
getaddrinfo
accept
listen
recvfrom
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
__WSAFDIsSet
socket
WSAGetLastError
WSAIoctl
freeaddrinfo
ntohl
htonl
gethostname
ioctlsocket
sendto

psapi

GetProcessImageFileNameW

kernel32

VerifyVersionInfoW
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetFileAttributesA
GetLogicalDriveStringsW
QueryDosDeviceW
InitializeCriticalSection
SleepEx
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
CreateFileA
GetFileSizeEx
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetProcessHeap
SetStdHandle
GetTimeZoneInformation
HeapSize
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
HeapReAlloc
HeapFree
GetFullPathNameW
HeapAlloc
ExitThread
GetDriveTypeW
SetEnvironmentVariableW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
RtlUnwind
VerSetConditionMask
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
OutputDebugStringW
LocalFree
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindFirstFileW
GetVersionExW
SetEnvironmentVariableA
ResetEvent
SetEvent
SetThreadPriority
GetSystemDirectoryW
GetLongPathNameW
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
TlsFree
GetLocalTime
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
DosDateTimeToFileTime
SystemTimeToFileTime
DuplicateHandle
SetFileTime
SetFilePointer
WriteFile
GetFileType
GetCurrentProcess
CreateFileW
ReadFile
GetFileSize
MulDiv
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
ExitProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
GetTickCount
SizeofResource
LoadResource
LockResource
FreeResource
MultiByteToWideChar
GetACP
LoadLibraryW
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
EncodePointer
GetCurrentThread
WaitForSingleObjectEx
GetCurrentThreadId
TryEnterCriticalSection
AreFileApisANSI
CreateHardLinkW
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesExW
lstrcpynA
GetProcAddress
FreeLibrary
MoveFileExW
CopyFileW
LeaveCriticalSection
EnterCriticalSection
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
FindNextFileW
FindFirstFileExW
FindClose
GetStringTypeW
FormatMessageW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetFileAttributesW
Sleep
GetExitCodeThread
TerminateThread
CreateThread
TerminateProcess
GetCurrentProcessId
OpenProcess
DeleteFileW
CloseHandle
WaitForSingleObject
GetLastError
GetProcessId
IsProcessorFeaturePresent
GetExitCodeProcess
InterlockedDecrement
InterlockedIncrement
UnregisterWaitEx

user32

GetClientRect
GetWindowRect
ScreenToClient
SetCursor
IntersectRect
UnionRect
OffsetRect
LoadCursorW
GetMessageW
CreateWindowExW
IsWindow
DestroyWindow
UpdateLayeredWindow
SetWindowPos
IsIconic
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
PeekMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
SetPropW
GetPropW
MonitorFromWindow
GetMonitorInfoW
IsZoomed
SetWindowRgn
MonitorFromPoint
CharNextW
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
GetSysColor
MapWindowPoints
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
DispatchMessageW
TranslateMessage
MessageBoxW
PostMessageW
SendMessageW
FindWindowW
CreateAcceleratorTableW
InvalidateRgn
GetWindowPlacement
SetForegroundWindow
GetWindowThreadProcessId
GetClassNameW
GetWindow
EnumWindows

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
GetDeviceCaps
TextOutW
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
GetObjectW
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
GetStockObject
DeleteObject
DeleteDC
CreatePen
BitBlt

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW

ole32

CoCreateGuid
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString
SysStringLen
SysFreeString

advapi32

CryptCreateHash
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteStringFormat
GdipSetPenDashStyle
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdiplusStartup
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipDrawLineI

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

iphlpapi

GetAdaptersInfo

comctl32

ord17
_TrackMouseEvent

wldap32

ord143
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord46

crypt32

CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertGetNameStringA
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertFreeCertificateChain
CryptStringToBinaryA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
locales/bz
locales/jp
locales/na
locales/nabz
locales/tk
locales/tw
locales/viet
locales/zh-CN
platform.ini
res.zip
.zip
background-4399.png
.png
background-battle.jpg
.png
background.png
.png
bar-bg.png
.png
bar.png
.png
black.png
.png
close.png
.png
close_hover.png
.png
launcher.xml
launcher_4399.xml
launcher_battle.xml
loading_battle.png
.png
min.png
.png
min_c.png
.png
min_hover.png
.png
uninstaller.exe.nsis

Sharing

General

Malware Config

Signatures

Files

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

02:f9:e9:ea:01:af:ba:10:0b:a1:31:9c:24:91:32:bbCertificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

06:0e:67:ed:0c:51:28:35:12:bd:6c:69:69:49:ee:2bCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

2c:8e:cb:f1:b8:e2:36:d8:2e:f4:e3:4f:19:b7:a8:38:5d:72:cf:00:bf:fc:91:61:c4:9c:5d:f8:4d:9f:d8:2aSigner

6e:ac:77:59:b4:6e:76:54:98:c6:8b:68:f7:42:62:ce:27:fc:5c:75Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 164KB

.rsrc Size: 90KB - Virtual size: 89KB

735e27ae3d7df8c0487e4353d04f6f28

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

wininet

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 3KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

3f0fda09180f619ca116344bede41608

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

Exports

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

02:f9:e9:ea:01:af:ba:10:0b:a1:31:9c:24:91:32:bb
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

06:0e:67:ed:0c:51:28:35:12:bd:6c:69:69:49:ee:2b
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

2c:8e:cb:f1:b8:e2:36:d8:2e:f4:e3:4f:19:b7:a8:38:5d:72:cf:00:bf:fc:91:61:c4:9c:5d:f8:4d:9f:d8:2a
Signer

6e:ac:77:59:b4:6e:76:54:98:c6:8b:68:f7:42:62:ce:27:fc:5c:75
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 164KB

.rsrc
Size: 90KB - Virtual size: 89KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 3KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 31KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 1024B - Virtual size: 694B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 144B

.reloc
Size: 512B - Virtual size: 240B