General

Malware Config

Signatures

Files

• SHooGQV2lgB.zip

  .zip

  Password: y$WQLBL

• README.txt
• openMe.rar

  .rar

  Password: y$WQLBL

• Q/Solara X.exe

  .exe windows:5 windows x86 arch:x86

  Password: y$WQLBL

  be41bf7b8cc010b614bd36bbca606973

  
  

  Code Sign

  04:c7:f0:b4:a0:58:c8:67:a8:17:49:52:55:7c:fa:2f

  Certificate

  Issuer

  CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Not Before

  29-02-2024 06:22

  Not After

  28-02-2027 06:22

  Subject

  CN=Jernej Simončič,O=Jernej Simončič,L=Ljubljana,C=SI

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39

  Certificate

  Issuer

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  19-05-2021 05:32

  Not After

  18-05-2036 05:32

  Subject

  CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31

  Certificate

  Issuer

  CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Not Before

  02-11-2023 08:32

  Not After

  30-10-2034 08:32

  Subject

  CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87

  Certificate

  Issuer

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  19-05-2021 05:32

  Not After

  18-05-2036 05:32

  Subject

  CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27

  Certificate

  Issuer

  CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  31-05-2021 06:43

  Not After

  17-09-2029 06:43

  Subject

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0f:31:fe:73:72:a1:75:29:8f:04:73:ea:9d:b1:53:4f:4c:87:ac:2a:b9:44:ed:a9:10:11:b7:0b:d8:d0:cb:9a

  Signer

  Actual PE Digest

  0f:31:fe:73:72:a1:75:29:8f:04:73:ea:9d:b1:53:4f:4c:87:ac:2a:b9:44:ed:a9:10:11:b7:0b:d8:d0:cb:9a

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetFileTime

  CompareFileTime

  SearchPathW

  GetShortPathNameW

  GetFullPathNameW

  MoveFileW

  SetCurrentDirectoryW

  GetFileAttributesW

  GetLastError

  CreateDirectoryW

  SetFileAttributesW

  Sleep

  GetTickCount

  GetFileSize

  GetModuleFileNameW

  GetCurrentProcess

  CopyFileW

  ExitProcess

  GetWindowsDirectoryW

  GetTempPathW

  GetCommandLineW

  SetErrorMode

  lstrcpynA

  CloseHandle

  lstrcpynW

  GetDiskFreeSpaceW

  GlobalUnlock

  GlobalLock

  CreateThread

  LoadLibraryW

  CreateProcessW

  lstrcmpiA

  CreateFileW

  GetTempFileNameW

  lstrcatW

  GetProcAddress

  LoadLibraryA

  GetModuleHandleA

  OpenProcess

  lstrcpyW

  GetVersionExW

  GetSystemDirectoryW

  GetVersion

  lstrcpyA

  RemoveDirectoryW

  lstrcmpA

  lstrcmpiW

  lstrcmpW

  ExpandEnvironmentStringsW

  GlobalAlloc

  WaitForSingleObject

  GetExitCodeProcess

  GlobalFree

  GetModuleHandleW

  LoadLibraryExW

  FreeLibrary

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  WideCharToMultiByte

  lstrlenA

  MulDiv

  WriteFile

  ReadFile

  MultiByteToWideChar

  SetFilePointer

  FindClose

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  lstrlenW

  user32

  GetAsyncKeyState

  IsDlgButtonChecked

  ScreenToClient

  GetMessagePos

  CallWindowProcW

  IsWindowVisible

  LoadBitmapW

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  TrackPopupMenu

  GetWindowRect

  AppendMenuW

  CreatePopupMenu

  GetSystemMetrics

  EndDialog

  EnableMenuItem

  GetSystemMenu

  SetClassLongW

  IsWindowEnabled

  SetWindowPos

  DialogBoxParamW

  CheckDlgButton

  CreateWindowExW

  SystemParametersInfoW

  RegisterClassW

  SetDlgItemTextW

  GetDlgItemTextW

  MessageBoxIndirectW

  CharNextA

  CharUpperW

  CharPrevW

  wvsprintfW

  DispatchMessageW

  PeekMessageW

  wsprintfA

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  SetForegroundWindow

  ShowWindow

  wsprintfW

  SendMessageTimeoutW

  LoadCursorW

  SetCursor

  GetWindowLongW

  GetSysColor

  CharNextW

  GetClassInfoW

  ExitWindowsEx

  IsWindow

  GetDlgItem

  SetWindowLongW

  LoadImageW

  GetDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  DrawTextW

  EndPaint

  FindWindowExW

  gdi32

  SetBkColor

  GetDeviceCaps

  DeleteObject

  CreateBrushIndirect

  CreateFontIndirectW

  SetBkMode

  SetTextColor

  SelectObject

  shell32

  SHBrowseForFolderW

  SHGetPathFromIDListW

  SHGetFileInfoW

  ShellExecuteW

  SHFileOperationW

  SHGetSpecialFolderLocation

  advapi32

  RegEnumKeyW

  RegOpenKeyExW

  RegCloseKey

  RegDeleteKeyW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegQueryValueExW

  RegEnumValueW

  comctl32

  ImageList_AddMasked

  ImageList_Destroy

  ord17

  ImageList_Create

  ole32

  CoTaskMemFree

  OleInitialize

  OleUninitialize

  CoCreateInstance

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  Sections

  .text

  Size: 29KB - Virtual size: 28KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 458KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 516KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 23KB - Virtual size: 22KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $TEMP/Advertisements
• $TEMP/Alot
• $TEMP/Appears
• $TEMP/Au
• $TEMP/Canada
• $TEMP/Coat
• $TEMP/Colorado
• $TEMP/Commands
• $TEMP/Consecutive
• $TEMP/Differential
• $TEMP/Electro
• $TEMP/Empire
• $TEMP/Euro
• $TEMP/Expiration
• $TEMP/Fabrics
• $TEMP/Gained
• $TEMP/Indie
• $TEMP/Phrase
• $TEMP/Rather
• $TEMP/Reliable
• $TEMP/Sample
• $TEMP/San
• $TEMP/Stylish
• $TEMP/Swift
• $TEMP/Taylor
• $TEMP/Thereof
• $TEMP/Trouble
• $TEMP/Twin
• $TEMP/Var
• $TEMP/Vietnamese
• $TEMP/Wings
• Q/web

  .dll regsvr32 windows:5 windows x86 arch:x86

  Password: y$WQLBL

  a9fd3e7f71a802c8eee0a502f46de991

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  04-03-2014 00:00

  Not After

  03-03-2024 23:59

  Subject

  CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  4e:a1:e8:9e:15:ea:4f:fa:93:79:84:d8:8f:54:5f:ba

  Certificate

  Issuer

  CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  14-05-2015 00:00

  Not After

  07-05-2017 23:59

  Subject

  SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Flash Player,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  58:87:9f:24:25:99:c5:8a:6a:3d:a1:73:d2:9f:04:d8:cb:0a:4b:54

  Signer

  Actual PE Digest

  58:87:9f:24:25:99:c5:8a:6a:3d:a1:73:d2:9f:04:d8:cb:0a:4b:54

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  Flash.pdb

  Imports

  version

  VerQueryValueW

  GetFileVersionInfoW

  VerQueryValueA

  GetFileVersionInfoA

  GetFileVersionInfoSizeA

  GetFileVersionInfoSizeW

  winmm

  mixerGetID

  waveInGetDevCapsA

  waveOutGetDevCapsA

  waveOutMessage

  waveOutGetDevCapsW

  waveInGetDevCapsW

  waveOutGetNumDevs

  waveInGetNumDevs

  waveInStart

  waveInAddBuffer

  waveInStop

  waveInMessage

  waveInUnprepareHeader

  waveInReset

  waveInPrepareHeader

  waveInOpen

  timeKillEvent

  timeGetTime

  timeSetEvent

  timeEndPeriod

  timeBeginPeriod

  timeGetDevCaps

  waveOutWrite

  waveOutPrepareHeader

  waveOutUnprepareHeader

  waveOutReset

  waveOutClose

  waveOutOpen

  waveOutGetPosition

  mixerClose

  mixerGetLineControlsA

  mixerGetLineInfoA

  mixerGetDevCapsA

  mixerOpen

  mixerGetControlDetailsA

  waveOutRestart

  waveOutPause

  mixerSetControlDetails

  waveInClose

  waveInGetPosition

  wininet

  InternetSetCookieW

  InternetGetCookieW

  crypt32

  CertFindCertificateInStore

  CertVerifySubjectCertificateContext

  CertCreateCertificateContext

  CryptGetMessageCertificates

  CryptVerifyMessageSignature

  CertAddStoreToCollection

  CertOpenStore

  CertVerifyRevocation

  CertFreeCertificateContext

  CertCompareCertificate

  CertEnumCertificatesInStore

  CertAddCertificateContextToStore

  CertCompareCertificateName

  CryptFindOIDInfo

  CertRDNValueToStrW

  CertFindRDNAttr

  CryptDecodeObjectEx

  CertNameToStrW

  CertCloseStore

  CertVerifyTimeValidity

  oleaut32

  SysAllocString

  VariantClear

  VariantInit

  SysStringByteLen

  SysStringLen

  SysAllocStringLen

  SysFreeString

  RegisterTypeLi

  VarUI4FromStr

  LoadRegTypeLi

  LoadTypeLi

  VarBstrCat

  SysAllocStringByteLen

  SafeArrayUnlock

  SafeArrayLock

  SafeArrayCreateVector

  SafeArrayUnaccessData

  SafeArrayDestroy

  SafeArrayAccessData

  VariantChangeType

  OleCreatePropertyFrame

  UnRegisterTypeLi

  dsound

  ord1

  ord8

  msimg32

  AlphaBlend

  kernel32

  GetTickCount

  LCMapStringW

  CreateProcessA

  GetSystemDirectoryW

  GetSystemWow64DirectoryW

  FindClose

  FindNextFileW

  RemoveDirectoryW

  FindFirstFileW

  SystemTimeToFileTime

  GetSystemTime

  GetFileSizeEx

  CreateFileW

  CreateDirectoryW

  GetProcessTimes

  GetCurrentProcessId

  GlobalSize

  GetSystemDirectoryA

  GetTempFileNameW

  GetSystemInfo

  GetUserDefaultUILanguage

  MoveFileExW

  VirtualQuery

  GetUserDefaultLangID

  DeleteFileA

  CreateFileA

  WriteFile

  SetFilePointer

  VerifyVersionInfoW

  VerSetConditionMask

  ReadFile

  GetFileSize

  CreateThread

  LockResource

  FindResourceExA

  FindResourceExW

  SetUnhandledExceptionFilter

  GetTempPathW

  GetTimeZoneInformation

  ReleaseSemaphore

  CreateSemaphoreW

  DeviceIoControl

  GetFileAttributesExW

  ExpandEnvironmentStringsA

  GetLongPathNameW

  GetTempFileNameA

  GetTempPathA

  CreateDirectoryA

  FindResourceW

  SetFilePointerEx

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  GetFullPathNameW

  OutputDebugStringA

  GetFileInformationByHandle

  GetVolumeInformationW

  TryEnterCriticalSection

  UnmapViewOfFile

  ReleaseMutex

  MapViewOfFile

  CreateFileMappingA

  GetExitCodeThread

  DuplicateHandle

  TerminateThread

  CreateWaitableTimerW

  SetThreadPriority

  CompareFileTime

  QueryPerformanceCounter

  QueryPerformanceFrequency

  QueueUserAPC

  OpenThread

  SleepEx

  SwitchToThread

  SetEndOfFile

  FlushFileBuffers

  GlobalMemoryStatusEx

  IsDebuggerPresent

  SetSystemTime

  FileTimeToSystemTime

  TlsAlloc

  TlsFree

  ResumeThread

  CreateTimerQueueTimer

  DeleteTimerQueueTimer

  CreateSemaphoreA

  HeapAlloc

  HeapFree

  HeapUnlock

  HeapWalk

  HeapLock

  HeapCreate

  HeapDestroy

  VirtualProtect

  GetNumberFormatW

  GetCurrencyFormatW

  CompareStringW

  GetDateFormatW

  GetTimeFormatW

  GetUserDefaultLCID

  IsValidLocale

  EnumSystemLocalesW

  GetProcessHeap

  GetProcessAffinityMask

  IsProcessorFeaturePresent

  ExitProcess

  UnhandledExceptionFilter

  RtlUnwind

  GetCommandLineA

  ExitThread

  HeapReAlloc

  GetLocaleInfoW

  GetSystemTimeAsFileTime

  GetStdHandle

  SetConsoleCtrlHandler

  InitializeCriticalSectionAndSpinCount

  GetOEMCP

  IsValidCodePage

  SetHandleCount

  GetFileType

  GetStartupInfoA

  LCMapStringA

  GetConsoleCP

  GetConsoleMode

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  SetStdHandle

  GetStringTypeA

  GetStringTypeW

  EnumSystemLocalesA

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  CompareStringA

  SetEnvironmentVariableA

  GetNativeSystemInfo

  lstrcpynW

  GlobalMemoryStatus

  FlushConsoleInputBuffer

  LoadResource

  SizeofResource

  DisableThreadLibraryCalls

  SetLastError

  OutputDebugStringW

  GetCurrentThreadId

  GetModuleFileNameW

  GetVersionExA

  GetModuleFileNameA

  GetFileAttributesA

  SetFileAttributesA

  LocalAlloc

  LocalFree

  GlobalLock

  GlobalUnlock

  MulDiv

  GetCurrentProcess

  FlushInstructionCache

  lstrcmpiW

  CreateMutexW

  LoadLibraryW

  LoadLibraryA

  GetProcAddress

  WaitForMultipleObjects

  FreeLibrary

  WaitForSingleObject

  ResetEvent

  CloseHandle

  CreateEventW

  SetEvent

  GetModuleHandleW

  GlobalAlloc

  GetLastError

  GetVersionExW

  GetLocaleInfoA

  lstrlenW

  lstrlenA

  WideCharToMultiByte

  GlobalFree

  InterlockedDecrement

  InterlockedIncrement

  DeleteFileW

  GetFileAttributesW

  GetCurrentThread

  SetThreadAffinityMask

  TlsSetValue

  IsDBCSLeadByte

  GetACP

  GetCPInfo

  MultiByteToWideChar

  RaiseException

  HeapSize

  DebugBreak

  ExpandEnvironmentStringsW

  InterlockedExchange

  InterlockedCompareExchange

  Sleep

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  TlsGetValue

  SetConsoleMode

  ReadConsoleInputA

  GetModuleHandleA

  CreateEventA

  CreateWaitableTimerA

  SetWaitableTimer

  CancelWaitableTimer

  InterlockedExchangeAdd

  GetVersion

  VirtualAlloc

  VirtualFree

  CopyFileW

  TerminateProcess

  LoadLibraryExW

  CreateMutexA

  user32

  RegisterClipboardFormatW

  GetWindowThreadProcessId

  RemoveMenu

  SetMenuItemInfoW

  GetMenuItemInfoW

  InsertMenuItemW

  CreatePopupMenu

  TrackPopupMenu

  DestroyMenu

  DrawMenuBar

  CreateMenu

  SetMenuInfo

  CharUpperW

  CharLowerW

  PostThreadMessageW

  GetMessageW

  CloseWindow

  WaitForInputIdle

  TranslateMessage

  DispatchMessageW

  SetWindowTextA

  RedrawWindow

  DialogBoxIndirectParamW

  SetWindowTextW

  SendMessageTimeoutW

  CreateIconIndirect

  GetMonitorInfoW

  SetRectEmpty

  GetCursor

  DestroyIcon

  LoadImageW

  GetPropW

  SetPropW

  GetSystemMetrics

  InflateRect

  GetClipboardFormatNameA

  RegisterClipboardFormatA

  IsWindow

  PtInRect

  EqualRect

  SetWindowRgn

  BeginPaint

  EndPaint

  GetSubMenu

  MapVirtualKeyW

  LoadStringW

  IntersectRect

  CloseClipboard

  GetClipboardData

  OpenClipboard

  IsClipboardFormatAvailable

  SetClipboardData

  EmptyClipboard

  EnumDisplayDevicesW

  DestroyCaret

  ShowCaret

  CreateCaret

  SetCaretPos

  MoveWindow

  GetActiveWindow

  UnregisterClassA

  LoadIconA

  DeleteMenu

  RegisterClassExA

  CreateWindowExA

  ReleaseCapture

  UpdateWindow

  SystemParametersInfoW

  GetMessageTime

  LoadIconW

  RegisterClassW

  IsWindowVisible

  DialogBoxParamW

  GetDlgItem

  EndDialog

  SetWindowPos

  GetKeyState

  LoadStringA

  MessageBoxA

  SendMessageW

  GetQueueStatus

  SetTimer

  GetCapture

  SetCursor

  GetCursorPos

  WindowFromPoint

  ScreenToClient

  GetClientRect

  SetCapture

  MessageBoxW

  KillTimer

  PeekMessageW

  EnableMenuItem

  CheckMenuItem

  GetWindowInfo

  CopyRect

  PostQuitMessage

  ClientToScreen

  SendInput

  ActivateKeyboardLayout

  GetKeyboardLayout

  GetWindowRect

  UpdateLayeredWindow

  UnregisterClassW

  GetParent

  GetFocus

  IsChild

  SetFocus

  RegisterClassExW

  InvalidateRect

  DefWindowProcW

  UnionRect

  CallWindowProcW

  GetDC

  ReleaseDC

  LoadCursorW

  GetClassInfoExW

  GetWindowLongW

  SetWindowLongW

  CharNextW

  SetRect

  GetForegroundWindow

  GetDesktopWindow

  EnumDisplayDevicesA

  MonitorFromWindow

  FillRect

  OffsetRect

  FlashWindowEx

  GetSystemMenu

  IsZoomed

  GetWindowPlacement

  SetWindowPlacement

  ShowWindowAsync

  IsIconic

  EnumDisplaySettingsW

  MapWindowPoints

  GetWindowTextLengthW

  CreateWindowExW

  ShowWindow

  DestroyWindow

  GetDoubleClickTime

  EnumWindows

  PostMessageW

  IsWindowEnabled

  GetWindow

  GetClassNameA

  GetWindowTextW

  GetWindowTextA

  DefWindowProcA

  GetWindowLongA

  LoadCursorA

  SetWindowLongA

  PostMessageA

  RegisterWindowMessageA

  EnumDisplayMonitors

  MonitorFromRect

  GetMonitorInfoA

  wsprintfW

  GetUserObjectInformationW

  GetProcessWindowStation

  SetCursorPos

  gdi32

  GetDeviceCaps

  CreateDIBSection

  SelectObject

  GetStockObject

  GetObjectW

  DeleteObject

  GdiFlush

  DeleteDC

  CreateMetaFileW

  GetClipBox

  SetViewportOrgEx

  LPtoDP

  CreateRectRgnIndirect

  GetObjectType

  GetICMProfileA

  CreateDCA

  SetPixel

  TextOutW

  SetTextAlign

  DeleteMetaFile

  CreateBitmap

  CreateFontIndirectW

  GetTextExtentPoint32A

  ExtTextOutA

  GetTextExtentPoint32W

  GetTextMetricsW

  SetTextColor

  CreateFontIndirectA

  IntersectClipRect

  GetClipRgn

  CreateRectRgn

  SetBkMode

  SelectClipRgn

  SetTextCharacterExtra

  GetTextAlign

  GetBkMode

  GetTextColor

  GetCurrentObject

  GetBkColor

  EnumFontFamiliesA

  CreatePen

  DPtoLP

  GetTextCharacterExtra

  SetWorldTransform

  SetGraphicsMode

  GetWorldTransform

  StartDocW

  EndDoc

  StrokePath

  ExtCreatePen

  FillPath

  StartPage

  EndPage

  BeginPath

  EndPath

  SetPolyFillMode

  PolyBezierTo

  SelectClipPath

  CloseMetaFile

  RestoreDC

  SetWindowExtEx

  SetWindowOrgEx

  SaveDC

  GdiAlphaBlend

  StretchBlt

  BitBlt

  SetStretchBltMode

  CreateCompatibleBitmap

  ExtTextOutW

  SetBkColor

  GetStretchBltMode

  EnumFontFamiliesW

  CreateSolidBrush

  GetFontData

  EnumFontFamiliesExW

  LineTo

  MoveToEx

  Rectangle

  StretchDIBits

  CreateCompatibleDC

  RectVisible

  comdlg32

  GetSaveFileNameW

  GetOpenFileNameW

  CommDlgExtendedError

  PrintDlgW

  advapi32

  CryptDecrypt

  CryptSetKeyParam

  CryptGetHashParam

  CryptHashData

  CryptDestroyHash

  CryptAcquireContextA

  CryptCreateHash

  CryptAcquireContextW

  CryptGenRandom

  CryptReleaseContext

  RegisterEventSourceA

  ReportEventA

  DeregisterEventSource

  OpenProcessToken

  GetTokenInformation

  IsValidSid

  GetSidSubAuthorityCount

  GetSidSubAuthority

  CryptImportKey

  CryptGenKey

  CryptDestroyKey

  CryptExportKey

  CryptEncrypt

  RegOpenKeyA

  RegQueryValueExW

  RegCreateKeyA

  RegEnumKeyExW

  RegCreateKeyExA

  RegSetValueExA

  RegQueryInfoKeyW

  RegSetValueExW

  RegOpenKeyExW

  RegCreateKeyExW

  RegDeleteValueW

  RegDeleteKeyW

  RegOpenKeyExA

  RegQueryValueExA

  RegCloseKey

  shell32

  SHGetFolderLocation

  SHGetFolderPathW

  ShellExecuteW

  SHGetSpecialFolderPathW

  SHFileOperationW

  SHGetFolderPathA

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHAppBarMessage

  SHGetSettings

  SHGetDiskFreeSpaceExW

  ord165

  ole32

  CoTaskMemRealloc

  CreateOleAdviseHolder

  OleRegEnumVerbs

  OleRegGetUserType

  OleRegGetMiscStatus

  CreateDataAdviseHolder

  StringFromGUID2

  WriteClassStm

  OleSaveToStream

  ReadClassStm

  MkParseDisplayName

  PropVariantClear

  OleFlushClipboard

  OleIsCurrentClipboard

  OleSetClipboard

  OleGetClipboard

  OleUninitialize

  OleInitialize

  CoInitializeEx

  CoRegisterMessageFilter

  CoSetProxyBlanket

  CoTaskMemFree

  CoFreeUnusedLibraries

  CoInitialize

  CreateBindCtx

  CoTaskMemAlloc

  ReleaseStgMedium

  CoCreateInstance

  CoUninitialize

  ws2_32

  socket

  WSAIoctl

  WSAGetLastError

  WSAAsyncSelect

  closesocket

  WSACleanup

  WSASocketA

  ntohl

  gethostname

  WSASocketW

  select

  __WSAFDIsSet

  connect

  ioctlsocket

  WSAEnumNetworkEvents

  WSAEventSelect

  WSACreateEvent

  WSAAddressToStringA

  bind

  sendto

  recvfrom

  WSASetLastError

  getservbyport

  gethostbyaddr

  getservbyname

  htonl

  inet_ntoa

  gethostbyname

  inet_addr

  WSACloseEvent

  htons

  getsockname

  ntohs

  send

  WSAStartup

  setsockopt

  recv

  shlwapi

  UrlCanonicalizeW

  ord158

  PathFindFileNameW

  StrRStrIW

  StrStrIW

  AssocQueryStringW

  urlmon

  HlinkSimpleNavigateToMoniker

  RegisterBindStatusCallback

  CreateURLMoniker

  CopyStgMedium

  mscms

  DeleteColorTransform

  CloseColorProfile

  CreateColorTransformW

  OpenColorProfileW

  TranslateBitmapBits

  iphlpapi

  GetAdaptersAddresses

  psapi

  GetProcessMemoryInfo

  Exports

  Exports

  AdobeCPGetAPI

  DllCanUnloadNow

  DllGetClassObject

  DllRegisterServer

  DllUnregisterServer

  IAEModule_AEModule_PutKernel

  IAEModule_IAEKernel_LoadModule

  IAEModule_IAEKernel_UnloadModule

  Sections

  .text

  Size: 13.1MB - Virtual size: 13.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rodata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 3.6MB - Virtual size: 3.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 836KB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 583KB - Virtual size: 582KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 700KB - Virtual size: 699KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ