TheGlue_v1[.]6[.]6_Win[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

TheGlue_v1.6.6_Win.rar
Size

34.5MB
MD5

dc1302056b6134a2bcf5b053a3756f58
SHA1

9155b7bb242df59420f78e99d1c504a394afaad9
SHA256

3bbc0e091a3f6ec8fb5027fe0a84280b0a6c3a03a2941fccb57f769f3db9b1fb
SHA512

bda0868224fa7b881093c846c4e3332250cbe1a0e125e23b98c807d0d839ed6f35af7a99419a232fe4270ca71c8139ec5f8ca4ecd3fea665d8d8523120c1efbe
SSDEEP

786432:xskQS9ZbnUomFrcU+aA/TP1UONQfzBqQUcKXgod1fdiUHMRXCd:7PbUo7U+aA/T93QNucK/fdiUHKXCd

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TheGlue_v1.6.6_Win/PATCHED/Cytomic_KeyGen.exe
unpack002/$TEMP/BASSMOD.dll
unpack002/$TEMP/R2RCTMKG.dll
unpack002/$TEMP/keygen.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/TheGlue_v1.6.6_Win/PATCHED/Cytomic_KeyGen.exe	nsis_installer_1
static1/unpack001/TheGlue_v1.6.6_Win/PATCHED/Cytomic_KeyGen.exe	nsis_installer_2

Files

TheGlue_v1.6.6_Win.rar
.rar
TheGlue_v1.6.6_Win/!Вывод_с_PayPal,_Beatstars_и_других_площадок,_оплата_подписок.url
.url
TheGlue_v1.6.6_Win/BEATTALK.txt
TheGlue_v1.6.6_Win/Install The Glue v1.6.6.exe
.exe windows:6 windows x86 arch:x86

e569e6f445d32ba23766ad67d1e3787f

Code Sign

9b:83:14:81:79:09:4b:95:2f:4f:f3:dc:65:42:c6:d4
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-04-2020 00:00

Not After

27-07-2023 23:59

Subject

CN=Cytomic,O=Cytomic,POSTALCODE=6158,STREET=78 Glyde St,L=East Fremantle,ST=Western Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:61:ff:fd:16:6f:f6:67:d5:76:06:09:ef:d9:b1:8c:f8:e3:1e:af
Signer

Actual PE Digest

ca:61:ff:fd:16:6f:f6:67:d5:76:06:09:ef:d9:b1:8c:f8:e3:1e:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TheGlue_v1.6.6_Win/PATCHED/Cytomic_KeyGen.exe
.exe windows:4 windows x86 arch:x86

b1a57b635b23ffd553b3fd1e0960b2bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CompareFileTime
SearchPathA
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
Sleep
lstrcmpiA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
WaitForSingleObject
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
GetCommandLineA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
MultiByteToWideChar
LoadLibraryExA
GetModuleHandleA
FreeLibrary

user32

SetCursor
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
EndDialog
ScreenToClient
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
GetWindowLongA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
SetTimer
PostQuitMessage
SetWindowLongA
SendMessageTimeoutA
LoadImageA
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
CreateDialogParamA
DestroyWindow
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/BASSMOD.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BASSMOD_ErrorGetCode
BASSMOD_Free
BASSMOD_GetCPU
BASSMOD_GetDeviceDescription
BASSMOD_GetVersion
BASSMOD_GetVolume
BASSMOD_Init
BASSMOD_MusicDecode
BASSMOD_MusicFree
BASSMOD_MusicGetLength
BASSMOD_MusicGetName
BASSMOD_MusicGetPosition
BASSMOD_MusicGetVolume
BASSMOD_MusicIsActive
BASSMOD_MusicLoad
BASSMOD_MusicPause
BASSMOD_MusicPlay
BASSMOD_MusicPlayEx
BASSMOD_MusicRemoveSync
BASSMOD_MusicSetAmplify
BASSMOD_MusicSetPanSep
BASSMOD_MusicSetPosition
BASSMOD_MusicSetPositionScaler
BASSMOD_MusicSetSync
BASSMOD_MusicSetVolume
BASSMOD_MusicStop
BASSMOD_SetVolume

Sections

Size: 31KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/R2RCTMKG.dll
.dll windows:6 windows x86 arch:x86

2a01488de3cca5d063fb7ec4a40a83f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

rand
_time64
free
memset
srand
memcmp
memcpy
calloc
strlen
malloc
realloc

user32

wsprintfA

advapi32

CryptAcquireContextA
CryptGenRandom

Exports

Exports

GenerateLicense

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/bgm.xm
$TEMP/keygen.exe
.exe windows:4 windows x86 arch:x86

61baf0ac33a569be37eaea52c317de1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

_TrackMouseEvent
ord17

msimg32

GradientFill

kernel32

FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualQuery
VirtualProtect
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCPInfo
GetOEMCP
GetACP
HeapSize
SetUnhandledExceptionFilter
WriteFile
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ReadFile
CloseHandle
LCMapStringW
LCMapStringA
SetFilePointer
GetCurrentProcess
TerminateProcess
ExitProcess
GetVersionExA
GetStartupInfoA
GetModuleHandleA
SetCurrentDirectoryA
SetEnvironmentVariableA
CreateDirectoryA
GetFullPathNameA
GetCurrentDirectoryA
GetDriveTypeA
HeapReAlloc
RtlUnwind
RaiseException
HeapFree
HeapAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
CreateFileA
IsBadReadPtr
IsBadCodePtr
QueryPerformanceCounter
GetLocalTime
FindFirstFileA
FindNextFileA
GetLastError
FindClose
DeleteFileA
GetShortPathNameA
GlobalLock
GlobalUnlock
MulDiv
GlobalAlloc
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
WinExec
GetWindowsDirectoryA
GetSystemDirectoryA
GetSystemInfo
GlobalMemoryStatus
GetVersion
GetComputerNameA
FreeLibrary
LoadLibraryA
GetProcAddress
GetCommandLineA
Sleep
GetTickCount
GetModuleFileNameA
GetLocaleInfoW
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange
SetEndOfFile
GetEnvironmentStrings

user32

UnregisterClassA
AdjustWindowRectEx
LoadIconA
LoadCursorA
RegisterClassA
PostQuitMessage
DefWindowProcA
InvalidateRect
BeginPaint
EndPaint
FillRect
TabbedTextOutA
GetSysColor
MoveWindow
ReleaseDC
GetClassLongA
SetClassLongA
SetWindowLongA
IsWindowEnabled
EnableWindow
SetFocus
GetFocus
GetWindowLongA
GetClientRect
InflateRect
DrawFocusRect
DrawTextA
PostMessageA
SetWindowTextA
GetDlgItemTextA
GetDlgCtrlID
IsDlgButtonChecked
CallWindowProcA
FindWindowA
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
MapVirtualKeyA
GetWindowRect
SetActiveWindow
SetWindowPos
GetAsyncKeyState
GetCursorPos
ShowCursor
SetCursorPos
MessageBoxA
EnumDisplaySettingsA
ChangeDisplaySettingsA
CreateWindowExA
ShowWindow
SendMessageA
DestroyWindow
GetDC
GetSystemMetrics
GetActiveWindow

gdi32

CreateDIBSection
CreateCompatibleDC
Rectangle
DeleteDC
SetBkColor
SetStretchBltMode
StretchBlt
Ellipse
MoveToEx
LineTo
SetPixel
GetPixel
GetTextExtentPoint32A
SetDIBColorTable
CreatePalette
CreatePen
GetTextMetricsA
SelectPalette
RealizePalette
BitBlt
SelectObject
SetBkMode
SetTextColor
GetStockObject
CreateFontIndirectA
DeleteObject
CreateSolidBrush
GetDeviceCaps

comdlg32

GetSaveFileNameA
ChooseColorA
GetOpenFileNameA

advapi32

GetUserNameA

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
IIDFromString
CLSIDFromProgID
CoUninitialize
CreateStreamOnHGlobal
OleUninitialize
CoInitializeEx
OleInitialize

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayCopy
OleLoadPicture
SafeArrayGetElement
VariantClear
VariantInit
SafeArrayAccessData
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayCreate
SysFreeString
SysAllocStringByteLen
VariantChangeType
VariantCopyInd
VariantCopy
SysAllocString
SafeArrayPutElement

winmm

sndPlaySoundA
mciSendStringA
timeEndPeriod
timeGetDevCaps
timeBeginPeriod
timeGetTime

Sections

.text
Size: 197KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TheGlue_v1.6.6_Win/PATCHED/The Glue.dll
.dll windows:6 windows x64 arch:x64

16b27d2d054f7dfa9398544d59726cdb

Code Sign

9b:83:14:81:79:09:4b:95:2f:4f:f3:dc:65:42:c6:d4
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-04-2020 00:00

Not After

27-07-2023 23:59

Subject

CN=Cytomic,O=Cytomic,POSTALCODE=6158,STREET=78 Glyde St,L=East Fremantle,ST=Western Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:57:4d:bc:05:d1:73:79:0b:3d:c0:f6:e4:2d:24:ce:df:fe:e8:9e:b8:99:41:60:d7:32:f6:d1:7a:fc:d5:86
Signer

Actual PE Digest

50:57:4d:bc:05:d1:73:79:0b:3d:c0:f6:e4:2d:24:ce:df:fe:e8:9e:b8:99:41:60:d7:32:f6:d1:7a:fc:d5:86

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
MoveFileW
GetDriveTypeW
IsDebuggerPresent
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
CompareStringOrdinal
GlobalSize
LoadLibraryA
GlobalAlloc
GlobalFree
GlobalLock
GetCurrentProcessId
GlobalUnlock
GetVolumeNameForVolumeMountPointA
GetWindowsDirectoryA
GetCurrentThread
GetThreadPriority
CreateDirectoryW
SetThreadAffinityMask
ReadFile
TryEnterCriticalSection
GetVolumeInformationW
CancelIo
FindFirstFileW
SetPriorityClass
EnterCriticalSection
FindNextFileW
GetCurrentProcess
WriteFile
GetModuleHandleExW
TerminateProcess
RemoveDirectoryW
WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
GetFullPathNameW
SetStdHandle
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
HeapFree
HeapReAlloc
HeapAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
GetTimeZoneInformation
LoadLibraryExW
RtlUnwind
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
CopyFileW
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
FreeLibrary
GetModuleHandleW
ExitProcess
DeleteCriticalSection
ReplaceFileW
LocalFree
GetProcAddress
GetOverlappedResult
GetCurrentDirectoryW
LoadLibraryW
CloseHandle
DeleteFileW
QueryPerformanceFrequency
TerminateThread
SetEvent
OutputDebugStringW
GetFileAttributesExW
GetLastError
FormatMessageW
GetFileInformationByHandle
Sleep
CreateEventW
GetLogicalDriveStringsW
SetFileAttributesW
DisconnectNamedPipe
GetFileAttributesW
CreateFileW
WaitForSingleObject
GetLocaleInfoW
FindClose
CreateMutexW
GetTempPathW
PeekNamedPipe
SetEndOfFile
GetEnvironmentVariableW
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
SetThreadPriority
WaitForMultipleObjects
GetModuleFileNameW
ReleaseSRWLockExclusive
InitializeSRWLock
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertFiberToThread
GetSystemTimeAsFileTime
RtlVirtualUnwind
GetCurrentThreadId
WideCharToMultiByte
DeleteFiber
MultiByteToWideChar
GetFileType
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetModuleHandleA
UnmapViewOfFile
ResumeThread
GetSystemDirectoryW
IsProcessorFeaturePresent
ReleaseMutex

user32

SetWindowLongPtrW
DestroyWindow
GetFocus
SendMessageTimeoutW
PostMessageW
DefWindowProcW
GetMessageW
EndPaint
BeginPaint
GetCursorPos
SetCursorPos
InvalidateRect
CreateWindowExW
GetParent
SystemParametersInfoW
EnableMenuItem
GetDesktopWindow
ShowCaret
DrawIconEx
UpdateLayeredWindow
GetClientRect
SetWindowLongW
SetCursor
GetUserObjectInformationW
SetClipboardData
SetWindowsHookExW
UnregisterClassW
ReleaseCapture
SetCapture
DestroyCaret
LoadCursorW
LoadIconW
GetClipboardData
BringWindowToTop
SetLayeredWindowAttributes
GetWindowLongPtrW
RegisterClassExW
DispatchMessageW
PeekMessageW
EnumWindows
SetFocus
TranslateMessage
GetWindowTextW
GetMessageTime
GetForegroundWindow
TrackMouseEvent
MapWindowPoints
GetDC
CreateCaret
IsChild
EmptyClipboard
CloseClipboard
CreateIconIndirect
GetMonitorInfoW
GetWindowInfo
DestroyIcon
RedrawWindow
GetCapture
OpenClipboard
GetAsyncKeyState
IsWindow
GetProcessWindowStation
ReleaseDC
GetWindowThreadProcessId
AttachThreadInput
GetWindowRect
SetWindowPos
PostMessageA
CallNextHookEx
GetSystemMetrics
GetClassNameA
SetWindowsHookExA
UnhookWindowsHookEx
GetAncestor
ToUnicode
ShowWindow
CallWindowProcW
MoveWindow
GetWindowLongW
GetSystemMenu
GetMessageExtraInfo
GetUpdateRgn
GetMessagePos
MapVirtualKeyW
IsWindowVisible
MessageBoxW
MonitorFromWindow
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
SendMessageW
EndDialog
SetWindowTextW
MessageBeep
WindowFromPoint
GetWindowPlacement
DestroyCursor
GetKeyboardState
SetCaretPos
GetActiveWindow

gdi32

RestoreDC
CreateFontIndirectW
SetMapMode
RemoveFontMemResourceEx
DeleteObject
GetGlyphOutlineW
GetGlyphIndicesW
SaveDC
CreateDIBSection
StretchDIBits
CreateRectRgnIndirect
CreateRectRgn
GetRegionData
GetObjectW
ExcludeClipRect
GetOutlineTextMetricsW
CreateBitmap
CombineRgn
AddFontMemResourceEx
SelectObject
GetKerningPairsW
CreateCompatibleDC
EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
DeleteDC
SetMapperFlags

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryValueExW
MapGenericMask
DuplicateToken
RegOpenKeyExW
OpenProcessToken
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCloseKey
AccessCheck
GetNamedSecurityInfoW

shell32

SHGetKnownFolderPath
SHGetPathFromIDListW
Shell_NotifyIconW
SHBrowseForFolderW
ExtractAssociatedIconW
SHGetMalloc
SHCreateShellItem
DragQueryFileW
SHGetSpecialFolderPathW
SHParseDisplayName
ShellExecuteW

ole32

OleCreate
OleSetContainedObject
RevokeDragDrop
CoInitializeEx
RegisterDragDrop
DoDragDrop
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoCreateInstance

oleaut32

SafeArrayDestroy
SysAllocString
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData

wininet

HttpQueryInfoW
InternetSetFilePointer
InternetCrackUrlW
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetReadFile
FtpOpenFileW
HttpOpenRequestW
InternetWriteFile
InternetOpenW

ws2_32

WSAGetLastError
setsockopt
ioctlsocket
sendto
WSASetLastError
WSACleanup
__WSAFDIsSet
accept
bind
closesocket
select
getaddrinfo
WSAStartup
inet_addr
send
inet_ntoa
recv
getsockopt
htonl
htons
freeaddrinfo

shlwapi

PathStripToRootW

winmm

timeGetTime
timeBeginPeriod

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmNotifyIME
ImmGetContext
ImmAssociateContextEx

dxgi

CreateDXGIFactory

bcrypt

BCryptGenRandom

crypt32

CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertFindCertificateInStore
CertCloseStore

Exports

Exports

VSTPluginMain

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TheGlue_v1.6.6_Win/PATCHED/The Glue.vst3
.dll windows:6 windows x64 arch:x64

cb56504e5446b69dcc2957f34f1dfbbd

Code Sign

9b:83:14:81:79:09:4b:95:2f:4f:f3:dc:65:42:c6:d4
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-04-2020 00:00

Not After

27-07-2023 23:59

Subject

CN=Cytomic,O=Cytomic,POSTALCODE=6158,STREET=78 Glyde St,L=East Fremantle,ST=Western Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:8a:4d:1e:07:62:13:28:f3:ca:8e:a9:44:75:fc:09:05:b1:57:18:f3:85:b3:86:64:dd:6c:ca:8f:99:27:d4
Signer

Actual PE Digest

d2:8a:4d:1e:07:62:13:28:f3:ca:8e:a9:44:75:fc:09:05:b1:57:18:f3:85:b3:86:64:dd:6c:ca:8f:99:27:d4

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
FreeLibrary
CopyFileW
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
CompareStringOrdinal
GlobalSize
LoadLibraryA
GlobalAlloc
GlobalFree
GlobalLock
GetCurrentProcessId
GlobalUnlock
GetVolumeNameForVolumeMountPointA
GetWindowsDirectoryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
MultiByteToWideChar
DeleteCriticalSection
WideCharToMultiByte
IsDebuggerPresent
CreateDirectoryW
SetThreadAffinityMask
ReadFile
GetVolumeInformationW
CancelIo
FindFirstFileW
SetPriorityClass
FindNextFileW
GetCurrentProcess
WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
GetFullPathNameW
SetStdHandle
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
GetConsoleOutputCP
HeapReAlloc
HeapFree
HeapAlloc
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
GetTimeZoneInformation
LoadLibraryExW
RtlUnwind
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
ExitProcess
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReplaceFileW
LocalFree
GetProcAddress
GetOverlappedResult
GetCurrentDirectoryW
LoadLibraryW
CloseHandle
DeleteFileW
QueryPerformanceFrequency
TerminateThread
GetCurrentThread
SetEvent
OutputDebugStringW
GetFileAttributesExW
GetLastError
FormatMessageW
GetFileInformationByHandle
Sleep
CreateEventW
GetLogicalDriveStringsW
SetFileAttributesW
DisconnectNamedPipe
GetModuleHandleA
UnmapViewOfFile
ResumeThread
FindClose
CreateMutexW
GetTempPathW
PeekNamedPipe
SetEndOfFile
GetEnvironmentVariableW
SetFilePointer
SetThreadPriority
WaitForMultipleObjects
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetModuleHandleExW
WriteFile
ReleaseSRWLockExclusive
InitializeSRWLock
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertFiberToThread
TryEnterCriticalSection
GetSystemTimeAsFileTime
RtlVirtualUnwind
DeleteFiber
GetFileType
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetSystemDirectoryW
ReleaseMutex
GetFileAttributesW
CreateFileW
WaitForSingleObject
RtlUnwindEx
GetLocaleInfoW

user32

SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
PostMessageW
AttachThreadInput
GetWindowThreadProcessId
ReleaseDC
GetDC
GetWindowTextW
TranslateMessage
SetFocus
PeekMessageW
DispatchMessageW
RegisterClassExW
GetWindowLongPtrW
UnregisterClassW
GetUserObjectInformationW
GetProcessWindowStation
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
GetFocus
SendMessageTimeoutW
DefWindowProcW
GetMessageW
EnumWindows
SetWindowPos
EndPaint
BeginPaint
GetCursorPos
SetCursorPos
GetAncestor
InvalidateRect
ReleaseCapture
GetParent
SystemParametersInfoW
EnableMenuItem
GetDesktopWindow
ShowCaret
DrawIconEx
UpdateLayeredWindow
GetClientRect
SetWindowLongW
SetCursor
ToUnicode
SetClipboardData
SetCapture
DestroyCaret
LoadCursorW
LoadIconW
GetClipboardData
BringWindowToTop
SetLayeredWindowAttributes
GetMessageTime
GetForegroundWindow
TrackMouseEvent
MapWindowPoints
CreateCaret
IsChild
EmptyClipboard
CloseClipboard
CreateIconIndirect
GetMonitorInfoW
GetWindowInfo
DestroyIcon
RedrawWindow
GetCapture
OpenClipboard
GetAsyncKeyState
IsWindow
ShowWindow
GetActiveWindow
SetCaretPos
GetKeyboardState
MoveWindow
GetWindowLongW
GetSystemMenu
GetMessageExtraInfo
GetUpdateRgn
GetMessagePos
MapVirtualKeyW
GetWindowRect
IsWindowVisible
CallWindowProcW
MessageBoxW
MonitorFromWindow
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
SendMessageW
EndDialog
SetWindowTextW
MessageBeep
WindowFromPoint
GetWindowPlacement
DestroyCursor

gdi32

RestoreDC
CreateFontIndirectW
SetMapMode
RemoveFontMemResourceEx
DeleteObject
GetGlyphOutlineW
GetGlyphIndicesW
SaveDC
CreateDIBSection
StretchDIBits
CreateRectRgnIndirect
CreateRectRgn
GetRegionData
GetObjectW
ExcludeClipRect
GetOutlineTextMetricsW
CreateBitmap
CombineRgn
AddFontMemResourceEx
SelectObject
GetKerningPairsW
CreateCompatibleDC
EnumFontFamiliesExW
GetDeviceCaps
GetTextMetricsW
DeleteDC
SetMapperFlags

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
MapGenericMask
DuplicateToken
RegOpenKeyExW
OpenProcessToken
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCloseKey
AccessCheck
GetNamedSecurityInfoW

shell32

SHCreateShellItem
ExtractAssociatedIconW
SHBrowseForFolderW
SHGetKnownFolderPath
SHParseDisplayName
SHGetPathFromIDListW
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileW
SHGetMalloc

ole32

OleCreate
OleSetContainedObject
RevokeDragDrop
CoCreateGuid
RegisterDragDrop
DoDragDrop
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy

wininet

InternetSetFilePointer
InternetCrackUrlW
HttpEndRequestW
HttpSendRequestExW
HttpQueryInfoW
InternetConnectW
InternetSetOptionW
InternetReadFile
HttpOpenRequestW
InternetOpenW
FtpOpenFileW
InternetCloseHandle
InternetWriteFile

ws2_32

send
inet_addr
WSAStartup
getaddrinfo
select
getsockopt
inet_ntoa
htonl
WSAGetLastError
setsockopt
ioctlsocket
closesocket
bind
accept
recv
htons
freeaddrinfo
sendto
__WSAFDIsSet
WSASetLastError
WSACleanup

shlwapi

PathStripToRootW

winmm

timeBeginPeriod
timeGetTime

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmNotifyIME
ImmGetContext
ImmAssociateContextEx

dxgi

CreateDXGIFactory

bcrypt

BCryptGenRandom

crypt32

CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext

Exports

Exports

ExitDll
GetPluginFactory
InitDll

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TheGlue_v1.6.6_Win/SHITNABEAT.txt

Sharing

General

Malware Config

Signatures

Files

e569e6f445d32ba23766ad67d1e3787f

Code Sign

9b:83:14:81:79:09:4b:95:2f:4f:f3:dc:65:42:c6:d4Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ca:61:ff:fd:16:6f:f6:67:d5:76:06:09:ef:d9:b1:8c:f8:e3:1e:afSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

version

user32

oleaut32

netapi32

advapi32

Exports

Exports

Sections

.text Size: 718KB - Virtual size: 718KB

.itext Size: 6KB - Virtual size: 5KB

.data Size: 14KB - Virtual size: 13KB

.bss Size: - Virtual size: 27KB

.idata Size: 4KB - Virtual size: 3KB

.didata Size: 512B - Virtual size: 420B

.edata Size: 512B - Virtual size: 154B

.tls Size: - Virtual size: 24B

.rdata Size: 512B - Virtual size: 93B

.rsrc Size: 68KB - Virtual size: 68KB

b1a57b635b23ffd553b3fd1e0960b2bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 138KB - Virtual size: 138KB

Headers

File Characteristics

Exports

Exports

Sections

Size: 31KB - Virtual size: 68KB

Size: 2KB - Virtual size: 1KB

2a01488de3cca5d063fb7ec4a40a83f9

Headers

File Characteristics

Imports

msvcrt

user32

advapi32

Exports

Exports

9b:83:14:81:79:09:4b:95:2f:4f:f3:dc:65:42:c6:d4
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ca:61:ff:fd:16:6f:f6:67:d5:76:06:09:ef:d9:b1:8c:f8:e3:1e:af
Signer

.text
Size: 718KB - Virtual size: 718KB

.itext
Size: 6KB - Virtual size: 5KB

.data
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 420B

.edata
Size: 512B - Virtual size: 154B

.tls
Size: - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 68KB - Virtual size: 68KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 138KB - Virtual size: 138KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 197KB - Virtual size: 200KB

.rdata
Size: 34KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 16KB

9b:83:14:81:79:09:4b:95:2f:4f:f3:dc:65:42:c6:d4
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

50:57:4d:bc:05:d1:73:79:0b:3d:c0:f6:e4:2d:24:ce:df:fe:e8:9e:b8:99:41:60:d7:32:f6:d1:7a:fc:d5:86
Signer

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 10.8MB - Virtual size: 10.8MB

.data
Size: 89KB - Virtual size: 111KB

.pdata
Size: 191KB - Virtual size: 190KB

_RDATA
Size: 512B - Virtual size: 348B