mirc777[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mirc777.exe
Size

3.7MB
MD5

1fcdce5a5853b7c5333bdbadf1ccd11a
SHA1

eec29386bf9b4fb4e7f500de10c9b7958110288b
SHA256

e21839dedc197d568f5cd786bceb4942adf553e9b06e071e21c6ab455c3f53e9
SHA512

b5d5702215ac55352850b1a6746664e81f3403fdd916f0f3c6d1601d7f5758c82159722b66b7a4ef2f8164f5af54caf91cd894bd0c5f3a49dc4b0e2f9056ee56
SSDEEP

98304:fKLnl9qZawy3Rm3Bht+oTUineFsN7cEJFaQcYaXAp0B4jP:fKLnl90VMRC9TUY4e4jQcJXApA

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/AccessControl.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISpcre.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/mIRC.dll
unpack001/$PLUGINSDIR/nsArray.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack002/$PLUGINSDIR/mIRC.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninstall.exe	nsis_installer_1
static1/unpack001/uninstall.exe	nsis_installer_2

Files

mirc777.exe
.exe windows:4 windows x86 arch:x86

7c2c71dfce9a27650634dc8b1ca03bf0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:8b:7f:9d:ec:c1:78:33:b9:a4:6d:c7:1b:98:c1:31
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/11/2022, 00:00

Not After

17/12/2025, 23:59

Subject

CN=mIRC Co. Ltd.,OU=Secure Application Development,O=mIRC Co. Ltd.,L=Stanmore,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:8b:7f:9d:ec:c1:78:33:b9:a4:6d:c7:1b:98:c1:31
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/11/2022, 00:00

Not After

17/12/2025, 23:59

Subject

CN=mIRC Co. Ltd.,OU=Secure Application Development,O=mIRC Co. Ltd.,L=Stanmore,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

28:8f:5a:fa:84:2a:25:2b:6d:7d:8e:1e:d3:b6:83:81:f9:f5:d2:e3:4b:88:e1:90:59:11:f2:d2:b9:47:7f:f1
Signer

Actual PE Digest

28:8f:5a:fa:84:2a:25:2b:6d:7d:8e:1e:d3:b6:83:81:f9:f5:d2:e3:4b:88:e1:90:59:11:f2:d2:b9:47:7f:f1

Digest Algorithm

sha256

PE Digest Matches

true

c8:70:20:de:4b:69:0d:a7:a9:3a:3a:2b:6f:38:6f:d4:e4:d2:58:05
Signer

Actual PE Digest

c8:70:20:de:4b:69:0d:a7:a9:3a:3a:2b:6f:38:6f:d4:e4:d2:58:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetFileAttributesA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileTime
GetFileAttributesA
SetCurrentDirectoryA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MulDiv
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

GetSystemMenu
SetClassLongA
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
LoadImageA
CreateDialogParamA
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
SetWindowLongA
SendMessageTimeoutA
FindWindowExA
IsWindow
AppendMenuA
TrackPopupMenu
CreatePopupMenu
DrawTextA
EndPaint
DestroyWindow
wsprintfA
PostQuitMessage

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AccessControl.dll
.dll windows:4 windows x86 arch:x86

b79de4e8687b3fce7173ec8dc917f685

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpynA
CloseHandle
GetCurrentProcess
LocalAlloc
lstrlenA
LoadLibraryA
GetProcAddress
lstrcmpiA
GetLastError
lstrcatA
GetFileAttributesA
lstrcpyA
LocalFree
GlobalAlloc

user32

wsprintfA

advapi32

LookupPrivilegeValueA
RegCloseKey
LookupAccountNameA
AdjustTokenPrivileges
GetUserNameA
GetSidSubAuthorityCount
RegSetKeySecurity
IsValidSid
SetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSidSubAuthority
OpenProcessToken
SetSecurityDescriptorOwner
GetSidIdentifierAuthority
RegGetKeySecurity
LookupAccountSidA
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA

Exports

Exports

ClearOnFile
ClearOnRegKey
DenyOnFile
DenyOnRegKey
DisableFileInheritance
DisableRegKeyInheritance
EnableFileInheritance
EnableRegKeyInheritance
GetCurrentUserName
GetFileGroup
GetFileOwner
GetRegKeyGroup
GetRegKeyOwner
GrantOnFile
GrantOnRegKey
NameToSid
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner
SidToName

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISpcre.dll
.dll windows:4 windows x86 arch:x86

3efd46aba10b2e88f0bd15c6467e81ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dev\ms_projects\NSISpcre\Release\NSISpcre.pdb

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
SetUnhandledExceptionFilter
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetFilePointer
LoadLibraryA
VirtualQuery
GetACP
GetOEMCP
VirtualProtect
GetSystemInfo
SetStdHandle
FlushFileBuffers
CloseHandle

Exports

Exports

RECheckPattern
REClearAllOptions
REClearOption
REFind
REFindClose
REFindNext
REGetOption
REMatches
REQuoteMeta
REReplace
RESetOption

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

5197e2b5d0b686a43ee5fcfc134f44d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetCommandLineA
CloseHandle
GetCurrentProcessId
CreateThread
OpenProcess
GlobalFree
GlobalAlloc
LoadLibraryA
Sleep
CreateFileMappingA
GetVersionExA
CreateEventA
MapViewOfFile
UnmapViewOfFile
GetExitCodeThread
GetExitCodeProcess
FormatMessageA
LocalFree
GetPrivateProfileIntA
CreateProcessA
lstrcatA
MultiByteToWideChar
GetPrivateProfileStringA
lstrcmpiA
DuplicateHandle
GetCurrentThreadId
SetLastError
GetLastError
SetCurrentDirectoryA
SetEvent
GetModuleHandleA
WaitForSingleObject
lstrlenA
GetModuleFileNameA

user32

DestroyWindow
GetDlgItem
wsprintfA
GetWindowThreadProcessId
PeekMessageA
CallNextHookEx
CreateWindowExA
LoadIconA
GetWindowLongA
CallWindowProcA
SetForegroundWindow
FindWindowExA
IsWindowVisible
MsgWaitForMultipleObjects
UnhookWindowsHookEx
EnableWindow
LoadStringA
SendMessageW
LoadImageA
EndDialog
MessageBoxA
DialogBoxParamA
SetWindowLongA
DefWindowProcA
CharNextA
SetWindowsHookExA
GetClientRect
SendMessageA
SetWindowPos
ShowWindow
GetWindowRect
CreateDialogParamA
PostMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetClassNameA

shell32

ShellExecuteExA

advapi32

QueryServiceStatus
EqualSid
CloseServiceHandle
OpenProcessToken
OpenSCManagerA
GetUserNameA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
OpenServiceA

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/confirm.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/mIRC.dll
.dll windows:5 windows x86 arch:x86

2383cc510c64cc9dc67dc39378657495

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
GetCurrentProcess
GetVersionExA
GetLastError
HeapSize
CloseHandle
MapViewOfFile
UnmapViewOfFile
lstrcpyA
GlobalFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind

user32

wsprintfA
SendMessageA
FindWindowExA

advapi32

GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken

Exports

Exports

IsInAdminGroup
IsmIRCRunning
RandNum
WinVer

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsArray.dll
.dll windows:6 windows x86 arch:x86

ddfc5272f0f38c6d49db71b2dfaa312e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte

user32

CharLowerA
wsprintfA

Exports

Exports

Clear
Get
Iterate
Join
Length
Remove
RemoveList
Set
SetList
Sort
Split

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 585B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/options.ini
$_12_
.exe windows:5 windows x86 arch:x86

d66651eb6e6ccab9998f43ec7a66f89c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:8b:7f:9d:ec:c1:78:33:b9:a4:6d:c7:1b:98:c1:31
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/11/2022, 00:00

Not After

17/12/2025, 23:59

Subject

CN=mIRC Co. Ltd.,OU=Secure Application Development,O=mIRC Co. Ltd.,L=Stanmore,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:8b:7f:9d:ec:c1:78:33:b9:a4:6d:c7:1b:98:c1:31
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/11/2022, 00:00

Not After

17/12/2025, 23:59

Subject

CN=mIRC Co. Ltd.,OU=Secure Application Development,O=mIRC Co. Ltd.,L=Stanmore,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f1:cc:b8:0a:fc:38:97:37:6d:2f:da:89:ae:c7:99:5b:a2:c7:6e:7a:59:2c:ff:1a:98:78:fd:2d:1c:85:56:15
Signer

Actual PE Digest

f1:cc:b8:0a:fc:38:97:37:6d:2f:da:89:ae:c7:99:5b:a2:c7:6e:7a:59:2c:ff:1a:98:78:fd:2d:1c:85:56:15

Digest Algorithm

sha256

PE Digest Matches

true

69:22:68:1e:b4:71:ca:90:28:4e:3c:17:59:cf:99:de:9a:2d:ce:ee
Signer

Actual PE Digest

69:22:68:1e:b4:71:ca:90:28:4e:3c:17:59:cf:99:de:9a:2d:ce:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_GetIconSize
ImageList_Draw
ImageList_Destroy
ord410
ord412
ord413
ord17
InitCommonControlsEx

iphlpapi

GetBestInterface

mpr

WNetGetConnectionW
WNetGetUniversalNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

mixerOpen
timeKillEvent
timeSetEvent
timeGetTime
timeGetDevCaps
timeEndPeriod
mixerGetLineInfoW
PlaySoundW
mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails
mixerClose
timeBeginPeriod

ws2_32

getsockopt
shutdown
bind
recvfrom
getsockname
listen
socket
setsockopt
htons
getpeername
ntohl
ntohs
getaddrinfo
getnameinfo
inet_ntoa
freeaddrinfo
gethostname
WSAGetLastError
connect
accept
WSAAsyncSelect
inet_addr
htonl
sendto
send
recv
WSAStartup
WSACleanup
ioctlsocket
select
gethostbyname
gethostbyaddr
getservbyport
getservbyname
closesocket
WSASetLastError

kernel32

GetModuleFileNameW
OpenFileMappingW
FindFirstChangeNotificationW
FindCloseChangeNotification
WaitForMultipleObjects
FindNextChangeNotification
OpenProcess
GetGeoInfoW
GetUserGeoID
CreateDirectoryW
RemoveDirectoryW
GetPrivateProfileStringW
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
ResetEvent
CreateThread
FreeResource
RaiseException
DecodePointer
GetUserDefaultUILanguage
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
WideCharToMultiByte
LocalFree
CompareStringW
MoveFileW
CopyFileW
DeleteFileW
GetTempPathW
WritePrivateProfileStringW
RtlUnwind
OutputDebugStringW
SetFilePointerEx
GetFileSizeEx
GetSystemTime
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
GetACP
CreateFiber
DeleteFiber
SwitchToFiber
GetEnvironmentVariableW
LoadLibraryA
FormatMessageA
GetSystemDirectoryA
WriteFile
GetStdHandle
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
lstrcmpW
CreateSemaphoreW
VirtualAlloc
ReleaseSemaphore
VirtualFree
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EnumSystemLocalesW
GetLocaleInfoW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
EndUpdateResourceW
BeginUpdateResourceW
UpdateResourceW
FindResourceExW
EnumResourceLanguagesW
SetLastError
TryEnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetVolumeInformationW
SetErrorMode
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceW
ReadFile
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetCPInfoExW
SetEndOfFile
GetFileType
InterlockedDecrement
InterlockedIncrement
SetFileTime
GetFileTime
CreateFileW
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
GetSystemDirectoryW
VirtualQuery
GetSystemInfo
GetLastError
FindClose
FindNextFileW
FindFirstFileW
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
EnumResourceTypesW
LoadLibraryExW
GetFileSize
EnumResourceNamesW
GetFileAttributesExW
GetCurrentThreadId
CreateTimerQueueTimer
DeleteTimerQueueTimer
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
GetVersionExW
MoveFileExW
CopyFileExW
GetFullPathNameW
GetDriveTypeW
CreateProcessW
GetShortPathNameW
GetLongPathNameW
QueryDosDeviceW
SetFileAttributesW
GetFileAttributesW
MulDiv
GetWindowsDirectoryW
GetSystemDefaultLangID
CreateEventW
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentThread
SetThreadPriority
Sleep
SetEvent
CloseHandle
EncodePointer
ExitProcess
ExitThread
FreeLibraryAndExitThread
HeapSize
SetConsoleCtrlHandler
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
IsValidCodePage
GetOEMCP
GetCPInfo
SetStdHandle
GetConsoleCP
PeekNamedPipe
GetDateFormatW
GetTimeFormatW
LCMapStringW
HeapFree
GetStringTypeW
HeapAlloc
HeapReAlloc
GetProcessHeap
FlushFileBuffers
WriteConsoleW
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetLogicalDriveStringsW
GetLocalTime

user32

GetKeyboardLayout
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
CharUpperBuffW
RedrawWindow
ShowScrollBar
FlashWindow
MessageBoxW
InflateRect
ScrollDC
OffsetRect
ToUnicode
SetKeyboardState
GetKeyboardState
GetMessageW
ClipCursor
CreateDialogParamW
DialogBoxParamW
DdeClientTransaction
DdeFreeDataHandle
DdeQueryStringW
DdeUnaccessData
DdeAccessData
DdeCreateDataHandle
DdeDisconnect
DdeConnect
DdeUninitialize
DdeFreeStringHandle
DdeNameService
DdeCreateStringHandleW
DdeInitializeW
GetScrollPos
GetScrollRange
ModifyMenuW
InsertMenuW
GetDoubleClickTime
GetNextDlgTabItem
SetScrollPos
ChildWindowFromPointEx
SetScrollRange
SetMenu
CreateMenu
SetScrollInfo
DrawIconEx
IsChild
ReleaseCapture
SetCapture
SetWindowPlacement
GetWindowPlacement
DestroyIcon
CopyIcon
SetActiveWindow
GetMenuStringW
GetGUIThreadInfo
FindWindowExW
SetClipboardData
EmptyClipboard
GetClipboardData
CloseClipboard
OpenClipboard
TrackMouseEvent
ClientToScreen
ChildWindowFromPoint
WindowFromPoint
GetCursorPos
BringWindowToTop
DestroyWindow
GetScrollInfo
DrawFrameControl
CallWindowProcW
VkKeyScanExW
AdjustWindowRectEx
GetIconInfo
GetSysColorBrush
GetMenuState
SetWindowsHookExW
UnhookWindowsHookEx
SetPropW
RemovePropW
GetPropW
CallNextHookEx
GetCapture
GetClassNameW
SystemParametersInfoW
EqualRect
FindWindowW
MonitorFromWindow
CreateWindowExW
GetMessagePos
GetWindowThreadProcessId
IsHungAppWindow
GetForegroundWindow
GetAsyncKeyState
WinHelpW
LoadStringW
MessageBeep
IsZoomed
GetTopWindow
GetSystemMetrics
IsCharAlphaNumericW
IsWindow
GetActiveWindow
GetMenuBarInfo
GetWindowRgn
FlashWindowEx
CopyImage
RegisterClassW
CreateIconIndirect
IsClipboardFormatAvailable
DrawTextA
HideCaret
ValidateRect
GetMonitorInfoW
MonitorFromRect
MonitorFromPoint
DefWindowProcW
DefFrameProcW
DispatchMessageW
GetUserObjectInformationW
GetProcessWindowStation
EnumChildWindows
TranslateMessage
SetTimer
KillTimer
GetDC
CopyAcceleratorTableW
SendDlgItemMessageW
TranslateMDISysAccel
IsDialogMessageW
RegisterWindowMessageW
RegisterClassExW
TrackPopupMenu
RemoveMenu
SetMenuItemInfoW
InsertMenuItemW
GetMenuItemID
IsMenu
DefMDIChildProcW
SetWindowRgn
IsRectEmpty
GetClassLongW
PrintWindow
GetWindowDC
SetLayeredWindowAttributes
LoadMenuW
GetMenuItemInfoW
DrawIcon
LoadIconW
GetWindowRgnBox
CharLowerBuffW
IsCharLowerW
GetSystemMenu
GetDialogBaseUnits
GetDlgItemInt
SendMessageW
ReleaseDC
GetWindowRect
GetDlgItem
MapWindowPoints
MoveWindow
GetWindowLongW
DrawTextW
MapDialogRect
GetClientRect
CheckMenuItem
GetDesktopWindow
SetDlgItemInt
IsIconic
DestroyMenu
CreatePopupMenu
DrawMenuBar
AppendMenuW
EnableMenuItem
DeleteMenu
GetMenuItemCount
GetSubMenu
GetMenu
FrameRect
GetParent
LoadCursorW
SetCursor
IsCharUpperW
IsCharAlphaW
CreateIconFromResourceEx
MapVirtualKeyW
keybd_event
ScreenToClient
LoadAcceleratorsW
IntersectRect
GetWindowTextW
SetWindowPos
GetWindow
CopyRect
IsWindowVisible
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
MsgWaitForMultipleObjectsEx
PostQuitMessage
PeekMessageW
EndDialog
GetKeyState
IsDlgButtonChecked
SetWindowLongW
PostMessageW
LoadImageW
EndPaint
BeginPaint
FillRect
GetDlgCtrlID
SetForegroundWindow
SetFocus
SetRect
CheckDlgButton
UpdateWindow
PtInRect
SetWindowTextW
InvalidateRect
EnableWindow
ShowWindow

gdi32

GetBkColor
GetTextFaceW
SaveDC
RestoreDC
ExcludeClipRect
ExtTextOutA
GetTextExtentPoint32W
GetTextExtentPoint32A
GetCharABCWidthsW
GetCharABCWidthsA
GetTextExtentExPointW
GetClipBox
IntersectClipRect
CreatePalette
CreateBitmap
Polyline
GetObjectType
Polygon
FrameRgn
CreateRoundRectRgn
ExtSelectClipRgn
GetTextColor
ExtFloodFill
CreatePatternBrush
EnumFontFamiliesExW
RoundRect
Ellipse
SetPixelV
GetStockObject
SetROP2
CreateFontW
GetNearestColor
PtInRegion
CreatePolygonRgn
SelectClipRgn
CombineRgn
CreateRectRgn
SetDIBits
LineTo
MoveToEx
SetBitmapBits
GetBitmapBits
CreateDIBitmap
CreateDIBSection
GetDIBits
RealizePalette
SelectPalette
GetDeviceCaps
StretchBlt
CreateCompatibleBitmap
SetBrushOrgEx
AddFontResourceExW
Rectangle
GetCurrentObject
SetStretchBltMode
DeleteDC
BitBlt
CreateCompatibleDC
CreateHatchBrush
GetTextMetricsW
SetBkMode
ExtTextOutW
CreatePen
GetPixel
DeleteObject
SetBkColor
SetTextColor
CreateSolidBrush
CreateFontIndirectW
GetObjectW
GetTextCharset
SelectObject

comdlg32

GetSaveFileNameW
ChooseFontW
GetOpenFileNameW
CommDlgExtendedError
ChooseColorW

advapi32

CryptGetHashParam
RegOpenKeyW
CryptVerifySignatureW
CryptDestroyKey
RegCreateKeyExW
RegEnumKeyW
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptCreateHash
RegCreateKeyW
RegQueryValueW
RegSetValueW
GetSecurityInfo
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptGenRandom
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExW
CryptAcquireContextW
RegDeleteValueW

shell32

ShellExecuteW
ShellExecuteExW
SHFileOperationW
ExtractIconExW
ExtractIconW
SHAppBarMessage
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
DragQueryFileW
FindExecutableW

ole32

OleUninitialize
ReleaseStgMedium
CoLockObjectExternal
RegisterDragDrop
CoGetInterfaceAndReleaseStream
OleInitialize
RevokeDragDrop
StringFromGUID2
CreateStreamOnHGlobal
StringFromIID
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
ProgIDFromCLSID
CreateBindCtx

oleaut32

VarDateFromR8
SafeArrayCreate
VariantInit
SetErrorInfo
LoadRegTypeLi
SysFreeString
DispGetParam
VariantCopy
VarR8FromDate
VarR8FromCy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SysAllocString
VariantChangeType
SafeArrayDestroy
VarCyFromR8
SafeArrayPutElement
SafeArrayCreateVector
VariantClear

oleacc

AccessibleChildren
AccessibleObjectFromWindow

dnsapi

DnsQuery_W
DnsFree

wininet

InternetCloseHandle
InternetOpenW
InternetConnectW
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersA
HttpOpenRequestW
InternetSetOptionW

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo
CertEnumCertificatesInStore
CertVerifyTimeValidity
CertFreeCertificateContext
CertEnumCRLsInStore
CertVerifyCRLTimeValidity
CertCloseStore
CertNameToStrW
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenSystemStoreW

shlwapi

ord184
ord213
ord214
ord176
ord219
AssocQueryStringW

Exports

Exports

OPENSSL_Applink

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 916KB - Virtual size: 915KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 993KB - Virtual size: 992KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_17_/cacert.pem
$_17_/channels.ini
$_17_/scripts/aliases.ini
$_17_/scripts/popups.ini
$_17_/servers.ini
$_17_/urls.ini
defaults/cacert.pem
defaults/channels.ini
defaults/scripts/aliases.ini
defaults/scripts/popups.ini
defaults/servers.ini
defaults/urls.ini
ircintro.chm
.chm
mirc.chm
.chm
readme.txt
uninstall.exe
.exe windows:4 windows x86 arch:x86

7c2c71dfce9a27650634dc8b1ca03bf0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:8b:7f:9d:ec:c1:78:33:b9:a4:6d:c7:1b:98:c1:31
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/11/2022, 00:00

Not After

17/12/2025, 23:59

Subject

CN=mIRC Co. Ltd.,OU=Secure Application Development,O=mIRC Co. Ltd.,L=Stanmore,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:8b:7f:9d:ec:c1:78:33:b9:a4:6d:c7:1b:98:c1:31
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/11/2022, 00:00

Not After

17/12/2025, 23:59

Subject

CN=mIRC Co. Ltd.,OU=Secure Application Development,O=mIRC Co. Ltd.,L=Stanmore,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

62:ad:19:e2:a3:99:4e:bd:f8:c1:c2:f5:b5:81:c2:72:71:2b:96:18:4f:c1:2e:df:e2:44:cf:39:1f:54:35:13
Signer

Actual PE Digest

62:ad:19:e2:a3:99:4e:bd:f8:c1:c2:f5:b5:81:c2:72:71:2b:96:18:4f:c1:2e:df:e2:44:cf:39:1f:54:35:13

Digest Algorithm

sha256

PE Digest Matches

true

50:8a:21:46:57:f2:13:d5:f0:73:78:10:ff:90:d9:23:0d:28:2a:b7
Signer

Actual PE Digest

50:8a:21:46:57:f2:13:d5:f0:73:78:10:ff:90:d9:23:0d:28:2a:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetFileAttributesA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileTime
GetFileAttributesA
SetCurrentDirectoryA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MulDiv
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

GetSystemMenu
SetClassLongA
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
LoadImageA
CreateDialogParamA
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
SetWindowLongA
SendMessageTimeoutA
FindWindowExA
IsWindow
AppendMenuA
TrackPopupMenu
CreatePopupMenu
DrawTextA
EndPaint
DestroyWindow
wsprintfA
PostQuitMessage

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

5197e2b5d0b686a43ee5fcfc134f44d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetCommandLineA
CloseHandle
GetCurrentProcessId
CreateThread
OpenProcess
GlobalFree
GlobalAlloc
LoadLibraryA
Sleep
CreateFileMappingA
GetVersionExA
CreateEventA
MapViewOfFile
UnmapViewOfFile
GetExitCodeThread
GetExitCodeProcess
FormatMessageA
LocalFree
GetPrivateProfileIntA
CreateProcessA
lstrcatA
MultiByteToWideChar
GetPrivateProfileStringA
lstrcmpiA
DuplicateHandle
GetCurrentThreadId
SetLastError
GetLastError
SetCurrentDirectoryA
SetEvent
GetModuleHandleA
WaitForSingleObject
lstrlenA
GetModuleFileNameA

user32

DestroyWindow
GetDlgItem
wsprintfA
GetWindowThreadProcessId
PeekMessageA
CallNextHookEx
CreateWindowExA
LoadIconA
GetWindowLongA
CallWindowProcA
SetForegroundWindow
FindWindowExA
IsWindowVisible
MsgWaitForMultipleObjects
UnhookWindowsHookEx
EnableWindow
LoadStringA
SendMessageW
LoadImageA
EndDialog
MessageBoxA
DialogBoxParamA
SetWindowLongA
DefWindowProcA
CharNextA
SetWindowsHookExA
GetClientRect
SendMessageA
SetWindowPos
ShowWindow
GetWindowRect
CreateDialogParamA
PostMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetClassNameA

shell32

ShellExecuteExA

advapi32

QueryServiceStatus
EqualSid
CloseServiceHandle
OpenProcessToken
OpenSCManagerA
GetUserNameA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
OpenServiceA

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/mIRC.dll
.dll windows:5 windows x86 arch:x86

2383cc510c64cc9dc67dc39378657495

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
GetCurrentProcess
GetVersionExA
GetLastError
HeapSize
CloseHandle
MapViewOfFile
UnmapViewOfFile
lstrcpyA
GlobalFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind

user32

wsprintfA
SendMessageA
FindWindowExA

advapi32

GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken

Exports

Exports

IsInAdminGroup
IsmIRCRunning
RandNum
WinVer

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
versions.txt

Sharing

General

Malware Config

Signatures

Files

7c2c71dfce9a27650634dc8b1ca03bf0

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:8b:7f:9d:ec:c1:78:33:b9:a4:6d:c7:1b:98:c1:31Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:8b:7f:9d:ec:c1:78:33:b9:a4:6d:c7:1b:98:c1:31Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

28:8f:5a:fa:84:2a:25:2b:6d:7d:8e:1e:d3:b6:83:81:f9:f5:d2:e3:4b:88:e1:90:59:11:f2:d2:b9:47:7f:f1Signer

c8:70:20:de:4b:69:0d:a7:a9:3a:3a:2b:6f:38:6f:d4:e4:d2:58:05Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 68KB

.rsrc Size: 28KB - Virtual size: 28KB

b79de4e8687b3fce7173ec8dc917f685

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 348B

.reloc Size: 1024B - Virtual size: 972B

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:8b:7f:9d:ec:c1:78:33:b9:a4:6d:c7:1b:98:c1:31
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:8b:7f:9d:ec:c1:78:33:b9:a4:6d:c7:1b:98:c1:31
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

28:8f:5a:fa:84:2a:25:2b:6d:7d:8e:1e:d3:b6:83:81:f9:f5:d2:e3:4b:88:e1:90:59:11:f2:d2:b9:47:7f:f1
Signer

c8:70:20:de:4b:69:0d:a7:a9:3a:3a:2b:6f:38:6f:d4:e4:d2:58:05
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 68KB

.rsrc
Size: 28KB - Virtual size: 28KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 348B

.reloc
Size: 1024B - Virtual size: 972B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 32KB - Virtual size: 34KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 100B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 3KB