9468e5e1559cf0236547513c569412be6751b394dbb7d7a4a225f8be7af38839

Sharing

Copy URL Twitter E-mail

General

Target

9468e5e1559cf0236547513c569412be6751b394dbb7d7a4a225f8be7af38839
Size

4.8MB
MD5

00fb20029cd4189bd76f2ea64ec6fad8
SHA1

907722617cedb337f08e67a23d318d72b3e6da3a
SHA256

9468e5e1559cf0236547513c569412be6751b394dbb7d7a4a225f8be7af38839
SHA512

bb84960fe44147678ca91de69bfaa5094a31e630a0e24a7e697ae64d0427ba6259b14d7c8ff5a3563d271f6167d156af28220d8421b5e2955e92b7349ae24e1d
SSDEEP

98304:9wvzH6cSUp/Kk9l+8UM4mm3KnLfxREFIG+mzWsKTGJRNoa677ECQDZl+9JNO:VYKk9lQF+mqsKyYMCQmO

Score

10^/10

upx

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
static1/unpack001/VirusTotalUpload.exe	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
static1/unpack001/tweaker.exe	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/tweaker.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
9468e5e1559cf0236547513c569412be6751b394dbb7d7a4a225f8be7af38839
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/VirusTotalUpload.exe
unpack001/reg-organizer-setup.exe
unpack002/out.upx

Files

9468e5e1559cf0236547513c569412be6751b394dbb7d7a4a225f8be7af38839
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/AnVir.exe
.exe windows:5 windows x86 arch:x86

776565b68993666aac0449dc5ad8b43f

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/09/2011, 00:00

Not After

26/09/2014, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:b1:ea:a3:0e:20:69:8c:82:1c:48:aa:1c:13:d0:88:a1:f2:7f:29
Signer

Actual PE Digest

43:b1:ea:a3:0e:20:69:8c:82:1c:48:aa:1c:13:d0:88:a1:f2:7f:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

Shell_NotifyIconA
ord18
ord155
SHGetDesktopFolder
SHOpenFolderAndSelectItems
SHBrowseForFolderA
SHGetMalloc
ord680
ShellExecuteExA
SHGetPathFromIDListA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteA

version

GetFileVersionInfoA
VerQueryValueA

shlwapi

ord8
ord9
ord10
StrFormatByteSizeW
PathFindOnPathA
PathCanonicalizeA

msi

ord216
ord172

kernel32

GetLogicalDriveStringsA
SetErrorMode
GetDateFormatA
GetLocaleInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsAlloc
OpenProcess
SetFilePointer
LockResource
CompareStringA
IsBadStringPtrA
GetCurrentProcessId
MulDiv
SetProcessAffinityMask
GetProcessAffinityMask
GlobalMemoryStatusEx
GlobalFree
GlobalReAlloc
FindNextFileA
FindClose
FindFirstFileA
SetFileTime
MoveFileA
CopyFileA
GetSystemPowerStatus
HeapFree
GetProcessHeap
GetProcessTimes
SetPriorityClass
GetPriorityClass
SuspendThread
SetProcessWorkingSetSize
CreateProcessA
QueryDosDeviceA
DuplicateHandle
GetFileType
VirtualFree
VirtualAlloc
VirtualFreeEx
VirtualAllocEx
GetDriveTypeA
FileTimeToDosDateTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
RemoveDirectoryA
CreateEventA
SetEvent
GetDiskFreeSpaceExA
GetLogicalDrives
DeviceIoControl
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapSize
HeapCreate
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
TlsFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetTimeZoneInformation
HeapReAlloc
CreateThread
ExitThread
DecodePointer
EncodePointer
GetSystemInfo
GetModuleHandleW
VirtualProtect
RtlUnwind
InitializeCriticalSection
InterlockedPopEntrySList
IsProcessorFeaturePresent
HeapAlloc
InterlockedPushEntrySList
InterlockedCompareExchange
GetSystemWow64DirectoryA
GetSystemDirectoryA
SetFileAttributesA
GetFileAttributesA
LoadLibraryA
GetFileSize
TlsSetValue
TlsGetValue
LocalFree
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GlobalAlloc
GlobalLock
GlobalUnlock
SystemTimeToFileTime
DeleteFileA
TerminateThread
SetThreadPriority
ResumeThread
CreateDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStructA
GetPrivateProfileStructA
FormatMessageA
GetSystemTime
GetTickCount
IsBadWritePtr
VirtualQuery
GetLocalTime
CreateFileA
WriteFile
ReadFile
GetFileTime
SetEndOfFile
GetLongPathNameA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcpynA
lstrcatA
lstrcmpA
lstrcpyA
SetLastError
SetUnhandledExceptionFilter
OpenMutexA
WaitForSingleObject
CloseHandle
CreateMutexA
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
lstrcmpiA
InterlockedIncrement
GetModuleHandleA
GetProcAddress
lstrlenW
WideCharToMultiByte
GetCurrentThreadId
lstrlenA
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
Sleep
MultiByteToWideChar
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileW
CompareStringW
SetEnvironmentVariableA
GetTempPathA

user32

SetLayeredWindowAttributes
GetLayeredWindowAttributes
GetScrollPos
GetDialogBaseUnits
GetTopWindow
DrawAnimatedRects
SendDlgItemMessageA
ChildWindowFromPoint
DialogBoxIndirectParamA
EnumWindows
CreateIconIndirect
GetGuiResources
FindWindowExA
SetScrollPos
SetScrollInfo
SetClassLongA
GetScrollRange
ScrollWindowEx
GetKeyboardLayoutList
WaitForInputIdle
FlashWindow
GetMenuStringA
GetNextDlgTabItem
IsChild
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetRect
GetDesktopWindow
LockWindowUpdate
EqualRect
IsRectEmpty
SetParent
GetDCEx
LoadBitmapA
RegisterWindowMessageA
GetMessagePos
WindowFromPoint
GetSysColorBrush
FrameRect
DrawFrameControl
GetWindowThreadProcessId
GetMenuItemID
DrawIconEx
CharUpperBuffA
IsCharAlphaNumericA
SetWindowsHookExA
UnhookWindowsHookEx
SetDlgItemTextA
InflateRect
DestroyIcon
GetWindowPlacement
DrawStateA
OffsetRect
GetCapture
ReleaseCapture
EndPaint
BeginPaint
GetFocus
DrawFocusRect
FillRect
GetDlgCtrlID
SetCapture
IsWindowEnabled
ScreenToClient
GetWindowTextLengthA
CallNextHookEx
SetRectEmpty
CallWindowProcA
PtInRect
GetSysColor
GetWindowDC
CheckMenuRadioItem
GetForegroundWindow
SystemParametersInfoA
AppendMenuA
ModifyMenuA
MonitorFromPoint
DefWindowProcA
LoadStringW
PostQuitMessage
SetMenuDefaultItem
CopyRect
KillTimer
ClientToScreen
TranslateAcceleratorA
IsZoomed
IsIconic
SetMenu
GetMenu
LockWorkStation
ExitWindowsEx
UnregisterHotKey
RegisterHotKey
CharLowerBuffA
GetKeyState
IsMenu
GetMenuItemInfoA
SetMenuItemInfoA
LoadIconA
DeleteMenu
InvalidateRect
UpdateWindow
MoveWindow
GetCursorPos
UnregisterClassA
GetMenuState
GetDlgItemTextA
DragDetect
IntersectRect
GetAsyncKeyState
DrawEdge
CreateDialogParamA
IsDialogMessageA
GetSubMenu
ShowWindowAsync
GetMenuItemCount
SetCursor
SetTimer
RedrawWindow
IsWindowVisible
BringWindowToTop
InsertMenuItemA
RemoveMenu
InsertMenuA
CharLowerA
CharUpperA
CreatePopupMenu
TrackPopupMenuEx
TrackPopupMenu
DestroyMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SendMessageTimeoutA
GetClassLongA
AdjustWindowRectEx
PostMessageA
FindWindowA
GetShellWindow
MessageBeep
SetFocus
EnableWindow
SetDlgItemInt
IsDlgButtonChecked
GetDlgItemInt
CheckDlgButton
EndDialog
wvsprintfA
IsWindow
MessageBoxA
wsprintfA
GetActiveWindow
EnumChildWindows
GetSystemMetrics
DialogBoxParamA
GetWindowTextA
GetClassNameA
ReleaseDC
GetDC
DrawTextA
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
GetWindowLongA
SendMessageA
SetWindowTextA
GetDlgItem
SetForegroundWindow
LoadMenuA
LoadAcceleratorsA
CreateWindowExA
GetClassInfoExA
LoadCursorA
LoadImageA
RegisterClassExA
DestroyWindow
CharNextA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
LoadStringA
ShowWindow
SetWindowLongA
MonitorFromRect

gdi32

MoveToEx
CreateDCA
SetViewportOrgEx
LPtoDP
DPtoLP
GetClipBox
SetWindowOrgEx
RectVisible
CreateDIBSection
CreatePatternBrush
CreateBitmap
PatBlt
SetBrushOrgEx
CreateCompatibleBitmap
GetCurrentObject
RoundRect
ExtTextOutA
ExcludeClipRect
TextOutW
RestoreDC
SaveDC
Polygon
CreatePen
Rectangle
CreateFontIndirectA
GetDeviceCaps
GetObjectA
GetTextExtentPoint32A
GetStockObject
SelectObject
DeleteDC
SetBkColor
CreateSolidBrush
BitBlt
GetTextMetricsA
SetTextColor
SetBkMode
CreateCompatibleDC
DeleteObject
LineTo

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA
FindTextA

advapi32

OpenProcessToken
DeleteService
CreateServiceA
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
GetSecurityInfo
DuplicateTokenEx
LookupAccountSidA
GetSecurityDescriptorSacl
SetSecurityInfo
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegDeleteValueA
ControlService
RegDeleteKeyA
QueryServiceConfigA
QueryServiceConfig2A
GetServiceDisplayNameA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
QueryServiceStatusEx
RegCreateKeyExA
StartServiceA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleaut32

VarUI4FromStr
SysFreeString
VariantClear
SysAllocString
VariantInit

comctl32

ImageList_Draw
ord17
CreatePropertySheetPageA
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
ImageList_LoadImageA
ImageList_Destroy
ImageList_GetImageCount
PropertySheetA
_TrackMouseEvent
ImageList_GetIcon
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_GetIconSize
ImageList_AddMasked

uxtheme

SetWindowTheme
IsAppThemed

psapi

GetModuleFileNameExA

crypt32

CertFindRDNAttr
CertFreeCertificateContext
CryptDecodeObjectEx

Sections

.text
Size: 936KB - Virtual size: 936KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AnVir.exe
.exe windows:5 windows x86 arch:x86

776565b68993666aac0449dc5ad8b43f

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/09/2011, 00:00

Not After

26/09/2014, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:b1:ea:a3:0e:20:69:8c:82:1c:48:aa:1c:13:d0:88:a1:f2:7f:29
Signer

Actual PE Digest

43:b1:ea:a3:0e:20:69:8c:82:1c:48:aa:1c:13:d0:88:a1:f2:7f:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

Shell_NotifyIconA
ord18
ord155
SHGetDesktopFolder
SHOpenFolderAndSelectItems
SHBrowseForFolderA
SHGetMalloc
ord680
ShellExecuteExA
SHGetPathFromIDListA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteA

version

GetFileVersionInfoA
VerQueryValueA

shlwapi

ord8
ord9
ord10
StrFormatByteSizeW
PathFindOnPathA
PathCanonicalizeA

msi

ord216
ord172

kernel32

GetLogicalDriveStringsA
SetErrorMode
GetDateFormatA
GetLocaleInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsAlloc
OpenProcess
SetFilePointer
LockResource
CompareStringA
IsBadStringPtrA
GetCurrentProcessId
MulDiv
SetProcessAffinityMask
GetProcessAffinityMask
GlobalMemoryStatusEx
GlobalFree
GlobalReAlloc
FindNextFileA
FindClose
FindFirstFileA
SetFileTime
MoveFileA
CopyFileA
GetSystemPowerStatus
HeapFree
GetProcessHeap
GetProcessTimes
SetPriorityClass
GetPriorityClass
SuspendThread
SetProcessWorkingSetSize
CreateProcessA
QueryDosDeviceA
DuplicateHandle
GetFileType
VirtualFree
VirtualAlloc
VirtualFreeEx
VirtualAllocEx
GetDriveTypeA
FileTimeToDosDateTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
RemoveDirectoryA
CreateEventA
SetEvent
GetDiskFreeSpaceExA
GetLogicalDrives
DeviceIoControl
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
GetModuleFileNameW
GetStdHandle
ExitProcess
HeapSize
HeapCreate
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
TlsFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetTimeZoneInformation
HeapReAlloc
CreateThread
ExitThread
DecodePointer
EncodePointer
GetSystemInfo
GetModuleHandleW
VirtualProtect
RtlUnwind
InitializeCriticalSection
InterlockedPopEntrySList
IsProcessorFeaturePresent
HeapAlloc
InterlockedPushEntrySList
InterlockedCompareExchange
GetSystemWow64DirectoryA
GetSystemDirectoryA
SetFileAttributesA
GetFileAttributesA
LoadLibraryA
GetFileSize
TlsSetValue
TlsGetValue
LocalFree
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
GlobalAlloc
GlobalLock
GlobalUnlock
SystemTimeToFileTime
DeleteFileA
TerminateThread
SetThreadPriority
ResumeThread
CreateDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStructA
GetPrivateProfileStructA
FormatMessageA
GetSystemTime
GetTickCount
IsBadWritePtr
VirtualQuery
GetLocalTime
CreateFileA
WriteFile
ReadFile
GetFileTime
SetEndOfFile
GetLongPathNameA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcpynA
lstrcatA
lstrcmpA
lstrcpyA
SetLastError
SetUnhandledExceptionFilter
OpenMutexA
WaitForSingleObject
CloseHandle
CreateMutexA
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
lstrcmpiA
InterlockedIncrement
GetModuleHandleA
GetProcAddress
lstrlenW
WideCharToMultiByte
GetCurrentThreadId
lstrlenA
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
Sleep
MultiByteToWideChar
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileW
CompareStringW
SetEnvironmentVariableA
GetTempPathA

user32

SetLayeredWindowAttributes
GetLayeredWindowAttributes
GetScrollPos
GetDialogBaseUnits
GetTopWindow
DrawAnimatedRects
SendDlgItemMessageA
ChildWindowFromPoint
DialogBoxIndirectParamA
EnumWindows
CreateIconIndirect
GetGuiResources
FindWindowExA
SetScrollPos
SetScrollInfo
SetClassLongA
GetScrollRange
ScrollWindowEx
GetKeyboardLayoutList
WaitForInputIdle
FlashWindow
GetMenuStringA
GetNextDlgTabItem
IsChild
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetRect
GetDesktopWindow
LockWindowUpdate
EqualRect
IsRectEmpty
SetParent
GetDCEx
LoadBitmapA
RegisterWindowMessageA
GetMessagePos
WindowFromPoint
GetSysColorBrush
FrameRect
DrawFrameControl
GetWindowThreadProcessId
GetMenuItemID
DrawIconEx
CharUpperBuffA
IsCharAlphaNumericA
SetWindowsHookExA
UnhookWindowsHookEx
SetDlgItemTextA
InflateRect
DestroyIcon
GetWindowPlacement
DrawStateA
OffsetRect
GetCapture
ReleaseCapture
EndPaint
BeginPaint
GetFocus
DrawFocusRect
FillRect
GetDlgCtrlID
SetCapture
IsWindowEnabled
ScreenToClient
GetWindowTextLengthA
CallNextHookEx
SetRectEmpty
CallWindowProcA
PtInRect
GetSysColor
GetWindowDC
CheckMenuRadioItem
GetForegroundWindow
SystemParametersInfoA
AppendMenuA
ModifyMenuA
MonitorFromPoint
DefWindowProcA
LoadStringW
PostQuitMessage
SetMenuDefaultItem
CopyRect
KillTimer
ClientToScreen
TranslateAcceleratorA
IsZoomed
IsIconic
SetMenu
GetMenu
LockWorkStation
ExitWindowsEx
UnregisterHotKey
RegisterHotKey
CharLowerBuffA
GetKeyState
IsMenu
GetMenuItemInfoA
SetMenuItemInfoA
LoadIconA
DeleteMenu
InvalidateRect
UpdateWindow
MoveWindow
GetCursorPos
UnregisterClassA
GetMenuState
GetDlgItemTextA
DragDetect
IntersectRect
GetAsyncKeyState
DrawEdge
CreateDialogParamA
IsDialogMessageA
GetSubMenu
ShowWindowAsync
GetMenuItemCount
SetCursor
SetTimer
RedrawWindow
IsWindowVisible
BringWindowToTop
InsertMenuItemA
RemoveMenu
InsertMenuA
CharLowerA
CharUpperA
CreatePopupMenu
TrackPopupMenuEx
TrackPopupMenu
DestroyMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SendMessageTimeoutA
GetClassLongA
AdjustWindowRectEx
PostMessageA
FindWindowA
GetShellWindow
MessageBeep
SetFocus
EnableWindow
SetDlgItemInt
IsDlgButtonChecked
GetDlgItemInt
CheckDlgButton
EndDialog
wvsprintfA
IsWindow
MessageBoxA
wsprintfA
GetActiveWindow
EnumChildWindows
GetSystemMetrics
DialogBoxParamA
GetWindowTextA
GetClassNameA
ReleaseDC
GetDC
DrawTextA
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
GetWindowLongA
SendMessageA
SetWindowTextA
GetDlgItem
SetForegroundWindow
LoadMenuA
LoadAcceleratorsA
CreateWindowExA
GetClassInfoExA
LoadCursorA
LoadImageA
RegisterClassExA
DestroyWindow
CharNextA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
LoadStringA
ShowWindow
SetWindowLongA
MonitorFromRect

gdi32

MoveToEx
CreateDCA
SetViewportOrgEx
LPtoDP
DPtoLP
GetClipBox
SetWindowOrgEx
RectVisible
CreateDIBSection
CreatePatternBrush
CreateBitmap
PatBlt
SetBrushOrgEx
CreateCompatibleBitmap
GetCurrentObject
RoundRect
ExtTextOutA
ExcludeClipRect
TextOutW
RestoreDC
SaveDC
Polygon
CreatePen
Rectangle
CreateFontIndirectA
GetDeviceCaps
GetObjectA
GetTextExtentPoint32A
GetStockObject
SelectObject
DeleteDC
SetBkColor
CreateSolidBrush
BitBlt
GetTextMetricsA
SetTextColor
SetBkMode
CreateCompatibleDC
DeleteObject
LineTo

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA
FindTextA

advapi32

OpenProcessToken
DeleteService
CreateServiceA
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
GetSecurityInfo
DuplicateTokenEx
LookupAccountSidA
GetSecurityDescriptorSacl
SetSecurityInfo
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegDeleteValueA
ControlService
RegDeleteKeyA
QueryServiceConfigA
QueryServiceConfig2A
GetServiceDisplayNameA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
QueryServiceStatusEx
RegCreateKeyExA
StartServiceA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleaut32

VarUI4FromStr
SysFreeString
VariantClear
SysAllocString
VariantInit

comctl32

ImageList_Draw
ord17
CreatePropertySheetPageA
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
ImageList_LoadImageA
ImageList_Destroy
ImageList_GetImageCount
PropertySheetA
_TrackMouseEvent
ImageList_GetIcon
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_GetIconSize
ImageList_AddMasked

uxtheme

SetWindowTheme
IsAppThemed

psapi

GetModuleFileNameExA

crypt32

CertFindRDNAttr
CertFreeCertificateContext
CryptDecodeObjectEx

Sections

.text
Size: 936KB - Virtual size: 936KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AnvirHook75.dll
.dll windows:5 windows x86 arch:x86

ec3de3b28a50dfce0225085a2253b644

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/09/2011, 00:00

Not After

26/09/2014, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

89:3e:34:4a:9d:fa:b6:a1:88:3c:8c:35:c5:01:12:45:27:31:29:c2
Signer

Actual PE Digest

89:3e:34:4a:9d:fa:b6:a1:88:3c:8c:35:c5:01:12:45:27:31:29:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon

shell32

SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc

msimg32

TransparentBlt

kernel32

lstrcmpA
GetCurrentDirectoryA
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
lstrlenW
GetVersionExA
OpenProcess
GetFileAttributesA
SetPriorityClass
GetPriorityClass
WriteFile
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetTickCount
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
InterlockedDecrement
SetLastError
GetModuleHandleW
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
DecodePointer
EncodePointer
RtlUnwind
HeapFree
GetLastError
lstrcatA
Sleep
GetCurrentProcessId
GetModuleFileNameA
LoadLibraryA
UnmapViewOfFile
lstrlenA
lstrcpyA
OpenFileMappingA
MapViewOfFile
CloseHandle
GetModuleFileNameW
LCMapStringW
GetStringTypeW
SetHandleCount

user32

GetWindowThreadProcessId
GetMenuItemInfoA
SetMenuItemInfoA
CopyRect
CheckMenuItem
RemoveMenu
DeleteMenu
IsMenu
GetMenuState
GetWindowPlacement
GetSystemMenu
GetKeyState
GetSystemMetrics
SendInput
LoadIconA
LoadImageA
SetWindowTextA
SetActiveWindow
TrackPopupMenuEx
RedrawWindow
InsertMenuA
GetLayeredWindowAttributes
LoadBitmapA
DrawFrameControl
GetDC
GetMenuItemID
DrawIconEx
SendMessageTimeoutA
PostMessageA
IsWindow
GetWindowLongA
SendMessageA
PtInRect
OffsetRect
InsertMenuItemA
wsprintfA
AppendMenuA
CheckMenuRadioItem
GetWindowTextA
FindWindowExA
GetDlgCtrlID
GetWindowTextLengthA
GetDlgItem
GetClassNameA
EnumWindows
SetTimer
IsWindowUnicode
SetCapture
ReleaseCapture
ShowWindowAsync
IsWindowVisible
ShowWindow
SetLayeredWindowAttributes
RegisterClassA
KillTimer
FillRect
DefWindowProcA
SetWindowPos
SetWindowLongW
SetWindowLongA
ReleaseDC
GetWindowDC
EndPaint
BeginPaint
GetCursorPos
InvalidateRect
UpdateWindow
CallWindowProcW
CallWindowProcA
CreatePopupMenu
TrackPopupMenu
DestroyMenu
ClientToScreen
GetParent
ScreenToClient
DestroyWindow
CreateWindowExA
GetWindowRect
GetClientRect
InflateRect

gdi32

SelectObject
SetWindowOrgEx
CreateCompatibleBitmap
GetClipBox
BitBlt
DeleteObject
DeleteDC
DPtoLP
LPtoDP
CreateSolidBrush
GetStockObject
Polyline
CreatePen
StretchBlt
GetObjectA
GetPixel
CreateCompatibleDC

ole32

CoTaskMemFree

uxtheme

IsAppThemed
CloseThemeData
OpenThemeData
GetThemeFilename
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeInt
GetThemeEnumValue
GetThemeMargins
DrawThemeBackground

Exports

Exports

AddTitleIcons
ExtendSaveDialogs
ExtendSystemMenu

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AnvirHook75_64.dll
.dll windows:5 windows x64 arch:x64

8ae098b4be43d469b6f6f1428369e6be

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/09/2011, 00:00

Not After

26/09/2014, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c6:3f:81:c3:63:fc:8a:7a:a4:9f:ed:0f:33:7b:85:6c:21:ae:1e:24
Signer

Actual PE Digest

c6:3f:81:c3:63:fc:8a:7a:a4:9f:ed:0f:33:7b:85:6c:21:ae:1e:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon

shell32

SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc

msimg32

TransparentBlt

kernel32

lstrcmpA
GetCurrentDirectoryA
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
lstrlenW
GetVersionExA
OpenProcess
GetFileAttributesA
SetPriorityClass
GetPriorityClass
WriteFile
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
HeapAlloc
IsValidCodePage
GetTickCount
GetACP
GetCPInfo
ExitProcess
GetModuleHandleW
RtlPcToFileHeader
RaiseException
FlsAlloc
SetLastError
FlsFree
FlsGetValue
HeapSize
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
FlsSetValue
GetCurrentThreadId
HeapReAlloc
DecodePointer
EncodePointer
RtlLookupFunctionEntry
HeapFree
GetLastError
RtlUnwindEx
lstrcatA
Sleep
GetCurrentProcessId
GetModuleFileNameA
LoadLibraryA
UnmapViewOfFile
lstrlenA
lstrcpyA
OpenFileMappingA
MapViewOfFile
CloseHandle
GetModuleFileNameW
LCMapStringW
GetStringTypeW
GetOEMCP

user32

GetWindowThreadProcessId
GetMenuItemInfoA
SetMenuItemInfoA
DrawIconEx
InflateRect
CheckMenuItem
RemoveMenu
DeleteMenu
IsMenu
GetWindowPlacement
GetMenuItemID
GetSystemMenu
GetKeyState
GetSystemMetrics
SendInput
LoadIconA
LoadImageA
SetWindowTextA
SetActiveWindow
TrackPopupMenuEx
RedrawWindow
GetLayeredWindowAttributes
SetWindowLongA
GetDC
LoadBitmapA
GetMenuState
DrawFrameControl
SendMessageTimeoutA
PostMessageA
IsWindow
GetWindowLongA
SendMessageA
PtInRect
OffsetRect
InsertMenuA
InsertMenuItemA
wsprintfA
AppendMenuA
CheckMenuRadioItem
GetWindowTextA
GetDlgCtrlID
GetWindowTextLengthA
FindWindowExA
GetDlgItem
GetClassNameA
EnumWindows
SetTimer
IsWindowUnicode
SetCapture
ReleaseCapture
ShowWindowAsync
IsWindowVisible
ShowWindow
SetLayeredWindowAttributes
RegisterClassA
KillTimer
GetWindowLongPtrA
FillRect
DefWindowProcA
SetWindowPos
SetWindowLongPtrW
SetWindowLongPtrA
ReleaseDC
GetWindowDC
EndPaint
BeginPaint
GetCursorPos
InvalidateRect
UpdateWindow
CallWindowProcW
CallWindowProcA
CreatePopupMenu
TrackPopupMenu
DestroyMenu
ClientToScreen
GetParent
ScreenToClient
DestroyWindow
CreateWindowExA
GetWindowRect
GetClientRect
CopyRect

gdi32

SelectObject
SetWindowOrgEx
CreateCompatibleBitmap
GetClipBox
BitBlt
DeleteObject
DeleteDC
DPtoLP
LPtoDP
CreateSolidBrush
GetStockObject
Polyline
CreatePen
StretchBlt
GetObjectA
GetPixel
CreateCompatibleDC

ole32

CoTaskMemFree

uxtheme

IsAppThemed
CloseThemeData
OpenThemeData
GetThemeFilename
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeInt
GetThemeEnumValue
GetThemeMargins
DrawThemeBackground

Exports

Exports

AddTitleIcons
ExtendSaveDialogs
ExtendSystemMenu

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Languages/anvir_Croatian.txt
Languages/anvir_Czech.txt
Languages/anvir_Danish.txt
Languages/anvir_Dutch.txt
Languages/anvir_Finnish.txt
Languages/anvir_French.txt
Languages/anvir_German.txt
Languages/anvir_Greek.txt
Languages/anvir_Italian.txt
Languages/anvir_Japanese.txt
Languages/anvir_Korean.txt
Languages/anvir_Norwegian.txt
Languages/anvir_Polish.txt
Languages/anvir_Portuguese.txt
Languages/anvir_Spanish.txt
Languages/anvir_Vietnamese.txt
Languages/anvir_ru.txt
Languages/anvir_swedish.txt
VirusTotalUpload.exe
.exe windows:5 windows x86 arch:x86

227974be97287d72a0c2564c9510f5b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetCrackUrlW
InternetConnectW
InternetOpenW
HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestW

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW

kernel32

GetTempFileNameW
WriteFile
CreateFileW
GetTempPathW
GetLastError
CloseHandle
LocalFree
ExitProcess
GetModuleFileNameW
GetModuleHandleW
OpenProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateThread
GetFullPathNameW
GetTickCount
GetFileAttributesW
ReadFile
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
FlushFileBuffers
SetStdHandle
LCMapStringW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LoadLibraryA
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
SetEndOfFile
GetDriveTypeA
GetProcessHeap
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileSizeEx
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleHandleA
IsDebuggerPresent
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
HeapFree
HeapAlloc
GetStartupInfoW
RaiseException
RtlUnwind
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetCurrentDirectoryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc

user32

SendMessageW
MessageBoxW
CharToOemW
SendDlgItemMessageW
SetWindowTextW
CheckDlgButton
IsDlgButtonChecked
EnableWindow
SetTimer
GetWindowRect
SetForegroundWindow
DialogBoxParamW
GetDC
LoadImageW
GetDlgItem
EndDialog
GetDlgItemTextW
SetDlgItemTextW
MapWindowPoints
MoveWindow
ReleaseDC

gdi32

SelectObject
GetTextMetricsW

comdlg32

CommDlgExtendedError
GetOpenFileNameW

advapi32

CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData

shell32

DragQueryFileW
DragFinish
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anvir64.exe
.exe windows:5 windows x64 arch:x64

10b1ca48b80bbdf6a160cceb87bf5da9

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/09/2011, 00:00

Not After

26/09/2014, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a8:ae:a7:c4:8d:e4:e4:8a:3c:09:02:15:ce:75:8a:01:2b:97:dd:27
Signer

Actual PE Digest

a8:ae:a7:c4:8d:e4:e4:8a:3c:09:02:15:ce:75:8a:01:2b:97:dd:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExA
GetProcAddress
GetModuleHandleA
TlsGetValue
WriteFile
CloseHandle
LoadLibraryA
GetCurrentProcess
FreeLibrary
LoadLibraryExA
lstrlenW
TlsAlloc
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FlushInstructionCache
GetCurrentThreadId
lstrcmpiA
IsDBCSLeadByte
SetLastError
CreateMutexA
SizeofResource
LoadResource
FindResourceA
GetModuleFileNameA
MapViewOfFile
OpenFileMappingA
OpenMutexA
FlushFileBuffers
CreateFileW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
HeapCreate
GetVersion
HeapSetInformation
GetModuleFileNameW
GetStdHandle
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
Sleep
GetLastError
lstrlenA
lstrcatA
GetModuleHandleW
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetCommandLineA
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualProtect
DecodePointer
EncodePointer
lstrcpyA
WriteConsoleW
InterlockedPushEntrySList
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx

user32

PostQuitMessage
IsDialogMessageA
SetTimer
SetWindowTextA
DefWindowProcA
CreateDialogParamA
DestroyWindow
SetWindowLongPtrA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
CharNextA
UnregisterClassA

advapi32

RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
portable.txt
reg-organizer-setup.exe
.exe windows:5 windows x86 arch:x86

48aa5c8931746a9655524f67b25a47ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tweaker.exe
.exe windows:4 windows x86 arch:x86

Code Sign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/09/2011, 00:00

Not After

26/09/2014, 23:59

Subject

CN=AnVir Software,O=AnVir Software,POSTALCODE=107589,STREET=29 Altaiskaya ul.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

83:4a:a3:92:ea:e5:6b:d2:89:2c:30:f7:94:1b:45:fa:4e:d1:c6:4f
Signer

Actual PE Digest

83:4a:a3:92:ea:e5:6b:d2:89:2c:30:f7:94:1b:45:fa:4e:d1:c6:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 704KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

@$xp$14Jpeg@TJPEGData
@$xp$15Jpeg@TJPEGImage
@$xp$15Jpeg@TJPEGScale
@$xp$21Jpeg@TJPEGPerformance
@$xp$21Jpeg@TJPEGPixelFormat
@$xp$22Jpeg@TJPEGQualityRange
@@Consol@Finalize
@@Consol@Initialize
@@Main@Finalize
@@Main@Initialize
@@Placesbar@Finalize
@@Placesbar@Initialize
@@Psw@Finalize
@@Psw@Initialize
@@Splash@Finalize
@@Splash@Initialize
@@Unlock@Finalize
@@Unlock@Initialize
@Jconsts@Finalization$qqrv
@Jconsts@_sChangeJPGSize
@Jconsts@_sJPEGError
@Jconsts@_sJPEGImageFile
@Jconsts@initialization$qqrv
@Jpeg@Finalization$qqrv
@Jpeg@JPEGDefaults
@Jpeg@TJPEGData@
@Jpeg@TJPEGData@$bdtr$qqrv
@Jpeg@TJPEGData@FreeHandle$qqrv
@Jpeg@TJPEGImage@
@Jpeg@TJPEGImage@$bctr$qqrv
@Jpeg@TJPEGImage@$bdtr$qqrv
@Jpeg@TJPEGImage@Assign$qqrp19Classes@TPersistent
@Jpeg@TJPEGImage@AssignTo$qqrp19Classes@TPersistent
@Jpeg@TJPEGImage@CalcOutputDimensions$qqrv
@Jpeg@TJPEGImage@Changed$qqrp14System@TObject
@Jpeg@TJPEGImage@Compress$qqrv
@Jpeg@TJPEGImage@DIBNeeded$qqrv
@Jpeg@TJPEGImage@Draw$qqrp16Graphics@TCanvasrx11Types@TRect
@Jpeg@TJPEGImage@Equals$qqrp17Graphics@TGraphic
@Jpeg@TJPEGImage@FreeBitmap$qqrv
@Jpeg@TJPEGImage@GetBitmap$qqrv
@Jpeg@TJPEGImage@GetEmpty$qqrv
@Jpeg@TJPEGImage@GetGrayscale$qqrv
@Jpeg@TJPEGImage@GetHeight$qqrv
@Jpeg@TJPEGImage@GetPalette$qqrv
@Jpeg@TJPEGImage@GetWidth$qqrv
@Jpeg@TJPEGImage@JPEGNeeded$qqrv
@Jpeg@TJPEGImage@LoadFromClipboardFormat$qqrusuip10HPALETTE__
@Jpeg@TJPEGImage@LoadFromStream$qqrp15Classes@TStream
@Jpeg@TJPEGImage@NewBitmap$qqrv
@Jpeg@TJPEGImage@NewImage$qqrv
@Jpeg@TJPEGImage@ReadData$qqrp15Classes@TStream
@Jpeg@TJPEGImage@ReadStream$qqrip15Classes@TStream
@Jpeg@TJPEGImage@SaveToClipboardFormat$qqrrusruirp10HPALETTE__
@Jpeg@TJPEGImage@SaveToStream$qqrp15Classes@TStream
@Jpeg@TJPEGImage@SetGrayscale$qqro
@Jpeg@TJPEGImage@SetHeight$qqri
@Jpeg@TJPEGImage@SetPalette$qqrp10HPALETTE__
@Jpeg@TJPEGImage@SetPerformance$qqr21Jpeg@TJPEGPerformance
@Jpeg@TJPEGImage@SetPixelFormat$qqr21Jpeg@TJPEGPixelFormat
@Jpeg@TJPEGImage@SetScale$qqr15Jpeg@TJPEGScale
@Jpeg@TJPEGImage@SetSmoothing$qqro
@Jpeg@TJPEGImage@SetWidth$qqri
@Jpeg@TJPEGImage@WriteData$qqrp15Classes@TStream
@Jpeg@initialization$qqrv
__GetExceptDLLinfo
___CPPdebugHook
_frmConsol
_frmEnterPassword
_frmMain
_frmPlacesBar
_frmSplash
_frmUnlock

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 614KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tweaker_en.lng
tweaker_it.lng
tweaker_ja.lng
tweaker_ko.lng
tweaker_license.txt
tweaker_pl.lng

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.3MB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 48B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 590B

776565b68993666aac0449dc5ad8b43f

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0eCertificate

Extended Key Usages

Key Usages

43:b1:ea:a3:0e:20:69:8c:82:1c:48:aa:1c:13:d0:88:a1:f2:7f:29Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

version

shlwapi

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.3MB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

43:b1:ea:a3:0e:20:69:8c:82:1c:48:aa:1c:13:d0:88:a1:f2:7f:29
Signer

.text
Size: 936KB - Virtual size: 936KB

.rdata
Size: 471KB - Virtual size: 470KB

.data
Size: 115KB - Virtual size: 136KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

43:b1:ea:a3:0e:20:69:8c:82:1c:48:aa:1c:13:d0:88:a1:f2:7f:29
Signer

.text
Size: 936KB - Virtual size: 936KB

.rdata
Size: 471KB - Virtual size: 470KB

.data
Size: 115KB - Virtual size: 136KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

6b:a3:e1:47:8e:3a:2f:89:75:21:24:09:d1:92:88:0e
Certificate

89:3e:34:4a:9d:fa:b6:a1:88:3c:8c:35:c5:01:12:45:27:31:29:c2
Signer