vtf_shell_extensions_v1[.]7[.]5[.]1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

vtf_shell_extensions_v1.7.5.1.exe
Size

560KB
MD5

542509951d5fa4fdec25dd9cfde976c8
SHA1

7c9453161a7c7ebd2899f316f502917c95d8947c
SHA256

782bdc222b50de11629f900f0b7dd9352a77800dbecb04c75ba42e8ceebd52ae
SHA512

3ed108f1402e2990f8dc9015a9bc952b021a49215f73b96a153bf15353b7aee1a898e1c3f7f84a6629c581d55778c8e86be4c763d2ea49c84fb2c6e71b513521
SSDEEP

12288:FRzPRv7xUu6wvEvBH1zxgB+qvl8L+MkoixHZKhiKDQ0D9AEuMr:FRzPRvNPrvE3x4nkAHZKhiYQyepMr

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
vtf_shell_extensions_v1.7.5.1.exe
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$R0

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

vtf_shell_extensions_v1.7.5.1.exe
.exe windows:4 windows x86 arch:x86

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetFileAttributesA
SetFileAttributesA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
GetCurrentProcess
GetFullPathNameA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
lstrcpynA
SetErrorMode
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0
.dll windows:4 windows x64 arch:x64

ff07aca7b4e068199c61cb67017a27ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\Projects\Utilities\VTFLib\sln\vs8\VTFLib\x64\Release\VTFLib.pdb

Imports

kernel32

LocalFree
FormatMessageA
GetLastError
CreateFileA
CloseHandle
GetFileSize
SetFilePointer
ReadFile
WriteFile
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSection
RtlVirtualUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
OutputDebugStringA
SetEndOfFile

user32

MessageBoxA

Exports

Exports

??0CVMTFile@VTFLib@@QEAA@AEBV01@@Z
??0CVMTFile@VTFLib@@QEAA@XZ
??0CVMTGroupNode@Nodes@VTFLib@@QEAA@AEBV012@@Z
??0CVMTGroupNode@Nodes@VTFLib@@QEAA@PEBD@Z
??0CVMTIntegerNode@Nodes@VTFLib@@QEAA@AEBV012@@Z
??0CVMTIntegerNode@Nodes@VTFLib@@QEAA@PEBD0@Z
??0CVMTIntegerNode@Nodes@VTFLib@@QEAA@PEBD@Z
??0CVMTIntegerNode@Nodes@VTFLib@@QEAA@PEBDH@Z
??0CVMTNode@Nodes@VTFLib@@QEAA@AEBV012@@Z
??0CVMTNode@Nodes@VTFLib@@QEAA@PEBD@Z
??0CVMTSingleNode@Nodes@VTFLib@@QEAA@AEBV012@@Z
??0CVMTSingleNode@Nodes@VTFLib@@QEAA@PEBD0@Z
??0CVMTSingleNode@Nodes@VTFLib@@QEAA@PEBD@Z
??0CVMTSingleNode@Nodes@VTFLib@@QEAA@PEBDM@Z
??0CVMTStringNode@Nodes@VTFLib@@QEAA@AEBV012@@Z
??0CVMTStringNode@Nodes@VTFLib@@QEAA@PEBD0@Z
??0CVMTStringNode@Nodes@VTFLib@@QEAA@PEBD@Z
??0CVMTValueNode@Nodes@VTFLib@@QEAA@AEBV012@@Z
??0CVMTValueNode@Nodes@VTFLib@@QEAA@PEBD@Z
??0CVTFFile@VTFLib@@QEAA@AEBV01@@Z
??0CVTFFile@VTFLib@@QEAA@AEBV01@W4tagVTFImageFormat@@@Z
??0CVTFFile@VTFLib@@QEAA@XZ
??1CVMTFile@VTFLib@@QEAA@XZ
??1CVMTGroupNode@Nodes@VTFLib@@UEAA@XZ
??1CVMTIntegerNode@Nodes@VTFLib@@UEAA@XZ
??1CVMTNode@Nodes@VTFLib@@UEAA@XZ
??1CVMTSingleNode@Nodes@VTFLib@@UEAA@XZ
??1CVMTStringNode@Nodes@VTFLib@@UEAA@XZ
??1CVMTValueNode@Nodes@VTFLib@@UEAA@XZ
??1CVTFFile@VTFLib@@QEAA@XZ
??4CVMTFile@VTFLib@@QEAAAEAV01@AEBV01@@Z
??4CVMTGroupNode@Nodes@VTFLib@@QEAAAEAV012@AEBV012@@Z
??4CVMTIntegerNode@Nodes@VTFLib@@QEAAAEAV012@AEBV012@@Z
??4CVMTNode@Nodes@VTFLib@@QEAAAEAV012@AEBV012@@Z
??4CVMTSingleNode@Nodes@VTFLib@@QEAAAEAV012@AEBV012@@Z
??4CVMTStringNode@Nodes@VTFLib@@QEAAAEAV012@AEBV012@@Z
??4CVMTValueNode@Nodes@VTFLib@@QEAAAEAV012@AEBV012@@Z
??4CVTFFile@VTFLib@@QEAAAEAV01@AEBV01@@Z
??_7CVMTGroupNode@Nodes@VTFLib@@6B@
??_7CVMTIntegerNode@Nodes@VTFLib@@6B@
??_7CVMTNode@Nodes@VTFLib@@6B@
??_7CVMTSingleNode@Nodes@VTFLib@@6B@
??_7CVMTStringNode@Nodes@VTFLib@@6B@
??_7CVMTValueNode@Nodes@VTFLib@@6B@
?AddGroupNode@CVMTGroupNode@Nodes@VTFLib@@QEAAPEAV123@PEBD@Z
?AddIntegerNode@CVMTGroupNode@Nodes@VTFLib@@QEAAPEAVCVMTIntegerNode@23@PEBDH@Z
?AddNode@CVMTGroupNode@Nodes@VTFLib@@QEAAPEAVCVMTNode@23@PEAV423@@Z
?AddSingleNode@CVMTGroupNode@Nodes@VTFLib@@QEAAPEAVCVMTSingleNode@23@PEBDM@Z
?AddStringNode@CVMTGroupNode@Nodes@VTFLib@@QEAAPEAVCVMTStringNode@23@PEBD0@Z
?Clone@CVMTGroupNode@Nodes@VTFLib@@UEBAPEAVCVMTNode@23@XZ
?Clone@CVMTIntegerNode@Nodes@VTFLib@@UEBAPEAVCVMTNode@23@XZ
?Clone@CVMTSingleNode@Nodes@VTFLib@@UEBAPEAVCVMTNode@23@XZ
?Clone@CVMTStringNode@Nodes@VTFLib@@UEBAPEAVCVMTNode@23@XZ
?CompressDXTn@CVTFFile@VTFLib@@CAEPEAE0IIW4tagVTFImageFormat@@@Z
?ComputeDataOffset@CVTFFile@VTFLib@@AEBAIIIIIW4tagVTFImageFormat@@@Z
?ComputeImageReflectivity@CVTFFile@VTFLib@@SAXPEAEIIAEAM11@Z
?ComputeImageSize@CVTFFile@VTFLib@@SAIIIIIW4tagVTFImageFormat@@@Z
?ComputeImageSize@CVTFFile@VTFLib@@SAIIIIW4tagVTFImageFormat@@@Z
?ComputeMipmapCount@CVTFFile@VTFLib@@SAIIII@Z
?ComputeMipmapDimensions@CVTFFile@VTFLib@@SAXIIIIAEAI00@Z
?ComputeMipmapSize@CVTFFile@VTFLib@@SAIIIIIW4tagVTFImageFormat@@@Z
?ComputeReflectivity@CVTFFile@VTFLib@@QEAAEXZ
?ComputeResources@CVTFFile@VTFLib@@AEAAXXZ
?Convert@CVTFFile@VTFLib@@SAEPEAE0IIW4tagVTFImageFormat@@1@Z
?ConvertFromRGBA8888@CVTFFile@VTFLib@@SAEPEAE0IIW4tagVTFImageFormat@@@Z
?ConvertToNormalMap@CVTFFile@VTFLib@@SAEPEAE0IIW4tagVTFKernelFilter@@W4tagVTFHeightConversionMethod@@W4tagVTFNormalAlphaResult@@EMEEEE@Z
?ConvertToRGBA8888@CVTFFile@VTFLib@@SAEPEAE0IIW4tagVTFImageFormat@@@Z
?CorrectImageGamma@CVTFFile@VTFLib@@SAXPEAEIIM@Z
?Create@CVMTFile@VTFLib@@QEAAEPEBD@Z
?Create@CVTFFile@VTFLib@@QEAAEIIIIIPEAPEAEAEBUtagSVTFCreateOptions@@@Z
?Create@CVTFFile@VTFLib@@QEAAEIIIIIW4tagVTFImageFormat@@EEE@Z
?Create@CVTFFile@VTFLib@@QEAAEIIPEAEAEBUtagSVTFCreateOptions@@@Z
?DecompressDXT1@CVTFFile@VTFLib@@CAEPEAE0II@Z
?DecompressDXT3@CVTFFile@VTFLib@@CAEPEAE0II@Z
?DecompressDXT5@CVTFFile@VTFLib@@CAEPEAE0II@Z
?Destroy@CVMTFile@VTFLib@@QEAAXXZ
?Destroy@CVTFFile@VTFLib@@QEAAXXZ
?FlipImage@CVTFFile@VTFLib@@SAXPEAEII@Z
?GenerateMipmaps@CVTFFile@VTFLib@@QEAAEIIW4tagVTFMipmapFilter@@W4tagVTFSharpenFilter@@@Z
?GenerateMipmaps@CVTFFile@VTFLib@@QEAAEW4tagVTFMipmapFilter@@W4tagVTFSharpenFilter@@@Z
?GenerateNormalMap@CVTFFile@VTFLib@@QEAAEIW4tagVTFKernelFilter@@W4tagVTFHeightConversionMethod@@W4tagVTFNormalAlphaResult@@@Z
?GenerateNormalMap@CVTFFile@VTFLib@@QEAAEW4tagVTFKernelFilter@@W4tagVTFHeightConversionMethod@@W4tagVTFNormalAlphaResult@@@Z
?GenerateSphereMap@CVTFFile@VTFLib@@QEAAEXZ
?GenerateThumbnail@CVTFFile@VTFLib@@QEAAEXZ
?GetBumpmapScale@CVTFFile@VTFLib@@QEBAMXZ
?GetData@CVTFFile@VTFLib@@QEBAPEAEIIII@Z
?GetDepth@CVTFFile@VTFLib@@QEBAIXZ
?GetFaceCount@CVTFFile@VTFLib@@QEBAIXZ
?GetFlag@CVTFFile@VTFLib@@QEBAEW4tagVTFImageFlag@@@Z
?GetFlags@CVTFFile@VTFLib@@QEBAIXZ
?GetFormat@CVTFFile@VTFLib@@QEBA?AW4tagVTFImageFormat@@XZ
?GetFrameCount@CVTFFile@VTFLib@@QEBAIXZ
?GetHasImage@CVTFFile@VTFLib@@QEBAEXZ
?GetHasResource@CVTFFile@VTFLib@@QEBAEI@Z
?GetHasThumbnail@CVTFFile@VTFLib@@QEBAEXZ
?GetHeight@CVTFFile@VTFLib@@QEBAIXZ
?GetImageFormatInfo@CVTFFile@VTFLib@@SAAEBUtagSVTFImageFormatInfo@@W4tagVTFImageFormat@@@Z
?GetMajorVersion@CVTFFile@VTFLib@@QEBAIXZ
?GetMinorVersion@CVTFFile@VTFLib@@QEBAIXZ
?GetMipmapCount@CVTFFile@VTFLib@@QEBAIXZ
?GetName@CVMTNode@Nodes@VTFLib@@QEBAPEBDXZ
?GetNode@CVMTGroupNode@Nodes@VTFLib@@QEBAPEAVCVMTNode@23@I@Z
?GetNode@CVMTGroupNode@Nodes@VTFLib@@QEBAPEAVCVMTNode@23@PEBD@Z
?GetNodeCount@CVMTGroupNode@Nodes@VTFLib@@QEBAIXZ
?GetParent@CVMTNode@Nodes@VTFLib@@QEAAPEAVCVMTGroupNode@23@XZ
?GetReflectivity@CVTFFile@VTFLib@@QEBAXAEAM00@Z
?GetResourceCount@CVTFFile@VTFLib@@QEBAIXZ
?GetResourceData@CVTFFile@VTFLib@@QEBAPEAXIAEAI@Z
?GetResourceType@CVTFFile@VTFLib@@QEBAII@Z
?GetRoot@CVMTFile@VTFLib@@QEBAPEAVCVMTGroupNode@Nodes@2@XZ
?GetSize@CVTFFile@VTFLib@@QEBAIXZ
?GetStartFrame@CVTFFile@VTFLib@@QEBAIXZ
?GetSupportsResources@CVTFFile@VTFLib@@QEBAEXZ
?GetThumbnailData@CVTFFile@VTFLib@@QEBAPEAEXZ
?GetThumbnailFormat@CVTFFile@VTFLib@@QEBA?AW4tagVTFImageFormat@@XZ
?GetThumbnailHeight@CVTFFile@VTFLib@@QEBAIXZ
?GetThumbnailWidth@CVTFFile@VTFLib@@QEBAIXZ
?GetType@CVMTGroupNode@Nodes@VTFLib@@UEBA?AW4tagVMTNodeType@@XZ
?GetType@CVMTIntegerNode@Nodes@VTFLib@@UEBA?AW4tagVMTNodeType@@XZ
?GetType@CVMTSingleNode@Nodes@VTFLib@@UEBA?AW4tagVMTNodeType@@XZ
?GetType@CVMTStringNode@Nodes@VTFLib@@UEBA?AW4tagVMTNodeType@@XZ
?GetValue@CVMTIntegerNode@Nodes@VTFLib@@QEBA?BHXZ
?GetValue@CVMTSingleNode@Nodes@VTFLib@@QEBA?BMXZ
?GetValue@CVMTStringNode@Nodes@VTFLib@@QEBAPEBDXZ
?GetWidth@CVTFFile@VTFLib@@QEBAIXZ
?Indent@CVMTFile@VTFLib@@AEBAXPEAVIWriter@Writers@IO@2@I@Z
?IsLoaded@CVMTFile@VTFLib@@QEBAEXZ
?IsLoaded@CVTFFile@VTFLib@@QEBAEXZ
?IsPowerOfTwo@CVTFFile@VTFLib@@AEAAEI@Z
?Load@CVMTFile@VTFLib@@AEAAEPEAVIReader@Readers@IO@2@@Z
?Load@CVMTFile@VTFLib@@QEAAEPEAX@Z
?Load@CVMTFile@VTFLib@@QEAAEPEBD@Z
?Load@CVMTFile@VTFLib@@QEAAEPEBXI@Z
?Load@CVTFFile@VTFLib@@AEAAEPEAVIReader@Readers@IO@2@E@Z
?Load@CVTFFile@VTFLib@@QEAAEPEAXE@Z
?Load@CVTFFile@VTFLib@@QEAAEPEBDE@Z
?Load@CVTFFile@VTFLib@@QEAAEPEBXIE@Z
?MirrorImage@CVTFFile@VTFLib@@SAXPEAEII@Z
?NextPowerOfTwo@CVTFFile@VTFLib@@AEAAII@Z
?RemoveAllNodes@CVMTGroupNode@Nodes@VTFLib@@QEAAXXZ
?RemoveNode@CVMTGroupNode@Nodes@VTFLib@@QEAAXPEAVCVMTNode@23@@Z
?Resize@CVTFFile@VTFLib@@SAEPEAE0IIIIW4tagVTFMipmapFilter@@W4tagVTFSharpenFilter@@@Z
?Save@CVMTFile@VTFLib@@AEBAEPEAVIWriter@Writers@IO@2@@Z
?Save@CVMTFile@VTFLib@@AEBAXPEAVIWriter@Writers@IO@2@PEAVCVMTNode@Nodes@2@I@Z
?Save@CVMTFile@VTFLib@@QEBAEPEAX@Z
?Save@CVMTFile@VTFLib@@QEBAEPEAXIAEAI@Z
?Save@CVMTFile@VTFLib@@QEBAEPEBD@Z
?Save@CVTFFile@VTFLib@@AEBAEPEAVIWriter@Writers@IO@2@@Z
?Save@CVTFFile@VTFLib@@QEBAEPEAX@Z
?Save@CVTFFile@VTFLib@@QEBAEPEAXIAEAI@Z
?Save@CVTFFile@VTFLib@@QEBAEPEBD@Z
?SetBumpmapScale@CVTFFile@VTFLib@@QEAAXM@Z
?SetData@CVTFFile@VTFLib@@QEAAXIIIIPEAE@Z
?SetFlag@CVTFFile@VTFLib@@QEAAXW4tagVTFImageFlag@@E@Z
?SetFlags@CVTFFile@VTFLib@@QEAAXI@Z
?SetName@CVMTNode@Nodes@VTFLib@@QEAAXPEBD@Z
?SetReflectivity@CVTFFile@VTFLib@@QEAAXMMM@Z
?SetResourceData@CVTFFile@VTFLib@@QEAAPEAXIIPEAX@Z
?SetStartFrame@CVTFFile@VTFLib@@QEAAXI@Z
?SetThumbnailData@CVTFFile@VTFLib@@QEAAXPEAE@Z
?SetValue@CVMTIntegerNode@Nodes@VTFLib@@QEAAXH@Z
?SetValue@CVMTIntegerNode@Nodes@VTFLib@@UEAAXPEBD@Z
?SetValue@CVMTSingleNode@Nodes@VTFLib@@QEAAXM@Z
?SetValue@CVMTSingleNode@Nodes@VTFLib@@UEAAXPEBD@Z
?SetValue@CVMTStringNode@Nodes@VTFLib@@UEAAXPEBD@Z
vlBindImage
vlBindMaterial
vlCreateImage
vlCreateMaterial
vlDeleteImage
vlDeleteMaterial
vlGetBoolean
vlGetFloat
vlGetInteger
vlGetLastError
vlGetProc
vlGetVersion
vlGetVersionString
vlImageComputeImageReflectivity
vlImageComputeImageSize
vlImageComputeMipmapCount
vlImageComputeMipmapDimensions
vlImageComputeMipmapSize
vlImageComputeReflectivity
vlImageConvert
vlImageConvertFromRGBA8888
vlImageConvertToNormalMap
vlImageConvertToRGBA8888
vlImageCorrectImageGamma
vlImageCreate
vlImageCreateDefaultCreateStructure
vlImageCreateMultiple
vlImageCreateSingle
vlImageDestroy
vlImageFlipImage
vlImageGenerateAllMipmaps
vlImageGenerateAllNormalMaps
vlImageGenerateMipmaps
vlImageGenerateNormalMap
vlImageGenerateSphereMap
vlImageGenerateThumbnail
vlImageGetBumpmapScale
vlImageGetData
vlImageGetDepth
vlImageGetFaceCount
vlImageGetFlag
vlImageGetFlags
vlImageGetFormat
vlImageGetFrameCount
vlImageGetHasImage
vlImageGetHasResource
vlImageGetHasThumbnail
vlImageGetHeight
vlImageGetImageFormatInfo
vlImageGetImageFormatInfoEx
vlImageGetMajorVersion
vlImageGetMinorVersion
vlImageGetMipmapCount
vlImageGetReflectivity
vlImageGetResourceCount
vlImageGetResourceData
vlImageGetResourceType
vlImageGetSize
vlImageGetStartFrame
vlImageGetSupportsResources
vlImageGetThumbnailData
vlImageGetThumbnailFormat
vlImageGetThumbnailHeight
vlImageGetThumbnailWidth
vlImageGetWidth
vlImageIsBound
vlImageIsLoaded
vlImageLoad
vlImageLoadLump
vlImageLoadProc
vlImageMirrorImage
vlImageResize
vlImageSave
vlImageSaveLump
vlImageSaveProc
vlImageSetBumpmapScale
vlImageSetData
vlImageSetFlag
vlImageSetFlags
vlImageSetReflectivity
vlImageSetResourceData
vlImageSetStartFrame
vlImageSetThumbnailData
vlInitialize
vlMaterialAddNodeGroup
vlMaterialAddNodeInteger
vlMaterialAddNodeSingle
vlMaterialAddNodeString
vlMaterialCreate
vlMaterialDestroy
vlMaterialGetChildNode
vlMaterialGetFirstNode
vlMaterialGetLastNode
vlMaterialGetNextNode
vlMaterialGetNodeInteger
vlMaterialGetNodeName
vlMaterialGetNodeSingle
vlMaterialGetNodeString
vlMaterialGetNodeType
vlMaterialGetParentNode
vlMaterialGetPreviousNode
vlMaterialIsBound
vlMaterialIsLoaded
vlMaterialLoad
vlMaterialLoadLump
vlMaterialLoadProc
vlMaterialSave
vlMaterialSaveLump
vlMaterialSaveProc
vlMaterialSetNodeInteger
vlMaterialSetNodeName
vlMaterialSetNodeSingle
vlMaterialSetNodeString
vlSetBoolean
vlSetFloat
vlSetInteger
vlSetProc
vlShutdown

Sections

.text
Size: 605KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README_VTFShellExtensions.txt
license.txt

Sharing

General

Malware Config

Signatures

Files

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 84KB

.rsrc Size: 29KB - Virtual size: 28KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 608B

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 620B

ff07aca7b4e068199c61cb67017a27ee

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 605KB - Virtual size: 605KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 37KB - Virtual size: 80KB

.pdata Size: 20KB - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 84KB

.rsrc
Size: 29KB - Virtual size: 28KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 620B

.text
Size: 605KB - Virtual size: 605KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 37KB - Virtual size: 80KB

.pdata
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB