dae66e86b89fa7add2392d8bc765f6467db5dd0a8af7db0a4ba65b41c3dd1690

Sharing

Copy URL Twitter E-mail

General

Target

dae66e86b89fa7add2392d8bc765f6467db5dd0a8af7db0a4ba65b41c3dd1690
Size

1.2MB
MD5

55511570631d2042b59eb4bdbd820b39
SHA1

97735a34b0bce51e2c501168bb2cfa2da5acb452
SHA256

dae66e86b89fa7add2392d8bc765f6467db5dd0a8af7db0a4ba65b41c3dd1690
SHA512

9b94f837a199cb2bdbba32ef0bc369fd9d97a48dc254686d2dfccd050f6ecafe32867b2aa223b1cbce9bd7c1d48d6460131e69d6bcf6881e4ef37825085479b3
SSDEEP

24576:lYT11NNJeqKf13aO3XXcP7nuKZEEBmKAX0L3riLZHPRQLUFFVDcteM:KR1fJer3aO3XCnZDlL3riLZlFFVDNM

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
dae66e86b89fa7add2392d8bc765f6467db5dd0a8af7db0a4ba65b41c3dd1690
unpack001/$8/$8/uninstall.exe
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/LockedList.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/LockedList.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

Files

dae66e86b89fa7add2392d8bc765f6467db5dd0a8af7db0a4ba65b41c3dd1690
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$8/$8/uninstall.exe
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

62734a8f9e9c1184cf5a30c332ae53cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
InitializeCriticalSection
LeaveCriticalSection
MultiByteToWideChar
OpenProcess
Process32FirstW
Process32NextW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcpyW
lstrcpynW

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_wcsicmp
abort
calloc
free
fwrite
malloc
strlen
strncmp
vfprintf

user32

wsprintfW

Exports

Exports

KillProc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 75B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LockedList.dll
.dll windows:6 windows x86 arch:x86

c26621761683a926589c7f7a96aa5d75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon
ImageList_Create

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW

kernel32

QueryDosDeviceW
DuplicateHandle
CreateEventW
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
OpenProcess
GlobalAlloc
Sleep
TerminateProcess
GetModuleFileNameW
CreateFileW
lstrcmpW
lstrlenW
GetLastError
GlobalFree
LocalAlloc
GetExitCodeThread
WaitForMultipleObjects
lstrcmpiW
lstrcatW
CloseHandle
GetCurrentProcessId
LocalFree
lstrcpyW
CreateThread
lstrcpynW
SetEvent
LoadLibraryW
TerminateThread
GetProcAddress
ResetEvent
GetVersion

user32

DestroyIcon
SetWindowTextW
CallWindowProcW
SetClipboardData
EnableWindow
MapWindowPoints
SendMessageW
GetSystemMetrics
MessageBoxW
OpenClipboard
CreateWindowExW
IsWindow
CreateDialogParamW
SendMessageTimeoutW
CreatePopupMenu
ShowWindow
GetCursorPos
SetWindowPos
SetWindowLongW
GetDlgItem
EmptyClipboard
GetClassNameW
MoveWindow
GetWindowTextW
AppendMenuW
SetCursorPos
IsDialogMessageW
TranslateMessage
wsprintfW
CharLowerW
GetClientRect
MsgWaitForMultipleObjects
PostMessageW
LoadImageW
TrackPopupMenu
GetMessageW
SetActiveWindow
GetWindowRect
ScreenToClient
CloseClipboard
SetCursor
DestroyWindow
GetWindow
GetWindowThreadProcessId
GetWindowLongW
EnumWindows
DispatchMessageW
PeekMessageW
DestroyMenu

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

ExtractIconExW
ShellExecuteExW

Exports

Exports

AddApplications
AddCaption
AddClass
AddCustom
AddFile
AddFolder
AddModule
CloseProcess
Dialog
EnumProcesses
FindProcess
InitDialog
IsFileLocked
Show
SilentPercentComplete
SilentSearch
SilentWait

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$8/APOConfig.exe
.exe windows:6 windows x86 arch:x86

6d2d87d45047262928cf3f591464f201

Code Sign

53:76:34:0a:02:d7:1b:41:2c:8e:8e:b9:41:7d:44:1c
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

11/06/2024, 05:40

Not After

11/06/2027, 05:40

Subject

CN=Bogdan Blagoev Sharkov,O=Bogdan Blagoev Sharkov,L=Sofia,C=BG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:08:69:f9:27:ab:fb:0a:24:e4:b5:7c:c9:ed:98:d1:9e:8d:67:3d:da:38:69:27:33:dd:3a:8b:68:f5:11:d5
Signer

Actual PE Digest

05:08:69:f9:27:ab:fb:0a:24:e4:b5:7c:c9:ed:98:d1:9e:8d:67:3d:da:38:69:27:33:dd:3a:8b:68:f5:11:d5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Bobo\GIT\APOConfig\Release\APOConfig.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathFileExistsW

kernel32

CreateFileW
FormatMessageW
MultiByteToWideChar
GetProcessHeap
LocalFree
HeapAlloc
LocalAlloc
GetCurrentProcess
HeapFree
Sleep
GetModuleFileNameW
HeapSize
WriteConsoleW
UnhandledExceptionFilter
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CloseHandle
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
FindClose

advapi32

RegDeleteValueW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
GetSecurityDescriptorDacl
RegGetKeySecurity
RegCloseKey
RegDeleteKeyExW
RegQueryInfoKeyW
SetSecurityDescriptorOwner
AllocateAndInitializeSid
SetEntriesInAclW
RegCreateKeyExW
RegEnumKeyExW
QueryServiceStatusEx
OpenServiceW
StartServiceW
ControlService
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
RegSetKeySecurity

shell32

ShellExecuteW

ole32

CoUninitialize
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoInitializeEx
PropVariantClear

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$8/AudioChanger.exe
.exe windows:6 windows x64 arch:x64

56183be51ede472f606c0de4379f8af3

Code Sign

53:76:34:0a:02:d7:1b:41:2c:8e:8e:b9:41:7d:44:1c
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

11/06/2024, 05:40

Not After

11/06/2027, 05:40

Subject

CN=Bogdan Blagoev Sharkov,O=Bogdan Blagoev Sharkov,L=Sofia,C=BG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:f2:f7:b4:56:01:72:09:19:9a:16:66:01:5b:1e:eb:e4:70:93:c1:58:32:9b:aa:05:ed:01:c6:c9:31:7b:cf
Signer

Actual PE Digest

ad:f2:f7:b4:56:01:72:09:19:9a:16:66:01:5b:1e:eb:e4:70:93:c1:58:32:9b:aa:05:ed:01:c6:c9:31:7b:cf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Bobo\GIT\AudioChanger\x64\Release\AudioChanger.pdb

Imports

kernel32

GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
WriteConsoleW
CreateFileW
CloseHandle
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
GetProcessHeap
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW

ole32

PropVariantClear
CoInitializeEx
CoUninitialize

mfplat

MFShutdown
MFCreateMemoryBuffer
MFCreateMediaType
MFCreateAttributes
MFStartup
MFCreateSample

mfreadwrite

MFCreateSinkWriterFromURL
MFCreateSourceReaderFromURL

propsys

PropVariantToInt64

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$8/ClownfishVoiceChanger.exe
.exe windows:6 windows x86 arch:x86

558928dfd479ee25ee4be44709ad4cdf

Code Sign

53:76:34:0a:02:d7:1b:41:2c:8e:8e:b9:41:7d:44:1c
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

11/06/2024, 05:40

Not After

11/06/2027, 05:40

Subject

CN=Bogdan Blagoev Sharkov,O=Bogdan Blagoev Sharkov,L=Sofia,C=BG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:e3:f3:b3:11:6d:cf:cb:e2:b5:69:b6:51:a4:8f:28:11:1f:bd:90:16:dc:e6:5a:d1:1f:dc:d1:5d:3d:51:62
Signer

Actual PE Digest

1e:e3:f3:b3:11:6d:cf:cb:e2:b5:69:b6:51:a4:8f:28:11:1f:bd:90:16:dc:e6:5a:d1:1f:dc:d1:5d:3d:51:62

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Bobo\GIT\APOConfig\Release\ClownfishVoicechanger.pdb

Imports

bcrypt

BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty

wininet

InternetQueryDataAvailable
HttpOpenRequestA
HttpQueryInfoW
InternetQueryOptionW
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetSetOptionW
InternetReadFile
HttpAddRequestHeadersA

shlwapi

PathFileExistsW

ws2_32

freeaddrinfo
WSACleanup
__WSAFDIsSet
closesocket
gethostbyname
select
shutdown
getaddrinfo
WSAStartup
inet_addr
gethostbyaddr
send
socket
connect
WSAAddressToStringW
recv
htons

kernel32

FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
HeapFree
GetCurrentProcess
LocalAlloc
HeapAlloc
LocalFree
GetProcessHeap
MultiByteToWideChar
FormatMessageW
CreateDirectoryW
ReadFile
FindFirstFileW
CreateNamedPipeA
EnterCriticalSection
FindNextFileW
lstrlenW
WriteFile
lstrcpynW
GetUserDefaultUILanguage
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
InitializeCriticalSectionEx
FindClose
GetLocaleInfoW
WaitForSingleObject
CreateFileW
GetVersionExW
DisconnectNamedPipe
Sleep
GetLastError
GetCurrentThread
LoadLibraryA
ExitProcess
CloseHandle
LoadLibraryW
CreateThread
DecodePointer
GetProcAddress
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetModuleHandleW
FreeLibrary
CopyFileW
WideCharToMultiByte
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetExitCodeProcess
GetModuleFileNameA
SetLastError
OutputDebugStringA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetFileAttributesW
SuspendThread
GetCurrentDirectoryA
ResumeThread
GetVersionExA
GetThreadContext
ReadProcessMemory
CreateEventExW
WaitForMultipleObjects
SetEvent
ResetEvent
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RaiseException
RtlUnwind
GetStdHandle
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
EncodePointer
HeapReAlloc
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetModuleHandleExW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
HeapSize
WriteConsoleW
DeleteFileW
SetEndOfFile
InitializeCriticalSectionAndSpinCount

user32

MessageBeep
RegisterClassExW
GetWindowPlacement
LoadAcceleratorsW
TrackPopupMenu
LoadStringW
GetSubMenu
ShowWindow
IsWindow
GetAsyncKeyState
OffsetRect
DispatchMessageW
SetTimer
CopyRect
SwitchToThisWindow
SetMenuItemInfoW
GetWindowTextA
SetWindowPlacement
SetMenuInfo
SetWindowTextA
SendDlgItemMessageW
DialogBoxIndirectParamW
MoveWindow
SetMenu
IsDlgButtonChecked
UnhookWindowsHookEx
DestroyMenu
SetFocus
TranslateAcceleratorW
FindWindowW
LoadCursorW
SendMessageA
SetWindowsHookExW
RemoveMenu
CheckMenuItem
GetDlgItem
AppendMenuW
SetRect
KillTimer
PostQuitMessage
GetDesktopWindow
GetParent
DialogBoxParamW
UpdateWindow
SetForegroundWindow
GetWindowLongW
GetMessageW
GetMenuItemInfoW
DefWindowProcW
LoadImageW
GetCursorPos
BeginPaint
EndPaint
EnableWindow
GetWindowTextW
ModifyMenuW
AdjustWindowRectEx
LoadMenuW
PostMessageW
GetWindowRect
DestroyWindow
SetWindowPos
MessageBoxW
GetMenuItemCount
CreateWindowExW
SendMessageW
CallNextHookEx
EndDialog
MessageBoxA
SetWindowTextW
TranslateMessage

gdi32

GetStockObject
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreateFontIndirectW
CreateSolidBrush

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetUserNameA
SetEntriesInAclA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
InitializeSecurityDescriptor
RegSetValueExW
RegEnumKeyExW
AllocateAndInitializeSid
RegCloseKey
SetSecurityDescriptorDacl
CryptReleaseContext
CryptGetHashParam
RegCreateKeyW

shell32

SHBrowseForFolderW
ShellExecuteExW
SHGetPathFromIDListW
SHFileOperationW
SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoInitializeEx
PropVariantClear
OleInitialize
CoUninitialize
OleUninitialize
CoTaskMemFree
CLSIDFromString
CoCreateInstance

oleaut32

VariantInit
VariantClear

version

GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoA

Sections

.text
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$8/ClownfshAPO64.dll
.dll regsvr32 windows:6 windows x64 arch:x64

0f5925ab233c752777c755bf2d43fca2

Code Sign

53:76:34:0a:02:d7:1b:41:2c:8e:8e:b9:41:7d:44:1c
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

11/06/2024, 05:40

Not After

11/06/2027, 05:40

Subject

CN=Bogdan Blagoev Sharkov,O=Bogdan Blagoev Sharkov,L=Sofia,C=BG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b8:62:0e:34:1d:d0:92:82:74:68:79:e1:1e:75:dd:95:9f:d7:bc:9d:65:c2:a8:45:81:bb:37:55:29:a1:5e:58
Signer

Actual PE Digest

b8:62:0e:34:1d:d0:92:82:74:68:79:e1:1e:75:dd:95:9f:d7:bc:9d:65:c2:a8:45:81:bb:37:55:29:a1:5e:58

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Bobo\GIT\ClownfishAPO\x64\Release\ClownfshAPO.pdb

Imports

kernel32

GetLastError
CreateFileA
TerminateThread
CloseHandle
CreateThread
Sleep
GetProcessHeap
HeapAlloc
SetEvent
HeapFree
WriteConsoleW
InitializeCriticalSection
LeaveCriticalSection
WriteFile
EnterCriticalSection
WaitNamedPipeA
TryEnterCriticalSection
ReadFile
DeleteCriticalSection
GetModuleFileNameW
CreateFileW
HeapReAlloc
HeapSize
GetConsoleMode
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP

advapi32

RegOpenKeyExW
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW

ole32

CoTaskMemFree
StringFromCLSID
StringFromGUID2
CoTaskMemAlloc

Exports

Exports

CreateAPOObject
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_CONST
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$8/res/Alien-Off.ico
$8/res/Alien.ico
$8/res/Atari-Off.ico
$8/res/Atari.ico
$8/res/Cave-Off.ico
$8/res/Cave.ico
$8/res/Chorus-Off.ico
$8/res/Chorus.ico
$8/res/CityHall-Off.ico
$8/res/CityHall.ico
$8/res/Clone-Off.ico
$8/res/Clone.ico
$8/res/Denoise-Off.ico
$8/res/Denoise.ico
$8/res/Ghost-Off.ico
$8/res/Ghost.ico
$8/res/Microphone-Off.bmp
$8/res/Microphone-Off.ico
$8/res/Microphone.bmp
$8/res/Microphone.ico
$8/res/Mutation-Fast-Off.ico
$8/res/Mutation-Fast.ico
$8/res/Mutation-Normal-Off.ico
$8/res/Mutation-Normal.ico
$8/res/Mutation-Slow-Off.ico
$8/res/Mutation-Slow.ico
$8/res/Pitch-Baby-Off.ico
$8/res/Pitch-Baby.ico
$8/res/Pitch-Female-Off.ico
$8/res/Pitch-Female.ico
$8/res/Pitch-Helium-Off.ico
$8/res/Pitch-Helium.ico
$8/res/Pitch-Male-Off.ico
$8/res/Pitch-Male.ico
$8/res/Pitch-Manual-Off.ico
$8/res/Pitch-Manual.ico
$8/res/Radio-Off.ico
$8/res/Radio.ico
$8/res/Robot-Off.ico
$8/res/Robot.ico
$8/res/Silence-Off.ico
$8/res/Silence.ico
$8/res/Vocoder-Off.ico
$8/res/Vocoder.ico
$8/sounds/Applause.mp3
$8/sounds/Bicycle bell.mp3
$8/sounds/Boooooo.mp3
$8/sounds/Cheering.mp3
$8/sounds/Duck.mp3
$8/sounds/Fanfare.mp3
$8/sounds/Gong.mp3
$8/sounds/Gunshot.mp3
$8/sounds/Hail to the king.mp3
$8/sounds/I feel good.mp3
$8/sounds/Laugh.mp3
$8/sounds/Ricochet.mp3
$8/sounds/Sheep.mp3
$8/sounds/Smoke weed everyday.mp3
$8/sounds/You guys suck.mp3
$8/sounds/You suck.mp3
$8/vocoders/Bell.mp3
$8/vocoders/Church_Melody.mp3
$8/vocoders/Creepy.mp3
$8/vocoders/Fire.mp3
$8/vocoders/Flute.mp3
$8/vocoders/Ghost.mp3
$8/vocoders/Melody.mp3
$8/vocoders/Melody2.mp3
$8/vocoders/Melody3.mp3
$8/vocoders/Melody4.mp3
$8/vocoders/Metal.mp3
$8/vocoders/Metal2.mp3
$8/vocoders/River.mp3
$8/vocoders/Robot.mp3
$8/vocoders/Robot2.mp3
$8/vocoders/Rusty.mp3
$8/vocoders/Singer.mp3
$8/vocoders/Useless.mp3
$8/vocoders/Vader.mp3
$8/vocoders/Weird.mp3
$8/vst/howto.txt
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

62734a8f9e9c1184cf5a30c332ae53cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
InitializeCriticalSection
LeaveCriticalSection
MultiByteToWideChar
OpenProcess
Process32FirstW
Process32NextW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcpyW
lstrcpynW

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_wcsicmp
abort
calloc
free
fwrite
malloc
strlen
strncmp
vfprintf

user32

wsprintfW

Exports

Exports

KillProc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 75B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LockedList.dll
.dll windows:6 windows x86 arch:x86

c26621761683a926589c7f7a96aa5d75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon
ImageList_Create

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW

kernel32

QueryDosDeviceW
DuplicateHandle
CreateEventW
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
OpenProcess
GlobalAlloc
Sleep
TerminateProcess
GetModuleFileNameW
CreateFileW
lstrcmpW
lstrlenW
GetLastError
GlobalFree
LocalAlloc
GetExitCodeThread
WaitForMultipleObjects
lstrcmpiW
lstrcatW
CloseHandle
GetCurrentProcessId
LocalFree
lstrcpyW
CreateThread
lstrcpynW
SetEvent
LoadLibraryW
TerminateThread
GetProcAddress
ResetEvent
GetVersion

user32

DestroyIcon
SetWindowTextW
CallWindowProcW
SetClipboardData
EnableWindow
MapWindowPoints
SendMessageW
GetSystemMetrics
MessageBoxW
OpenClipboard
CreateWindowExW
IsWindow
CreateDialogParamW
SendMessageTimeoutW
CreatePopupMenu
ShowWindow
GetCursorPos
SetWindowPos
SetWindowLongW
GetDlgItem
EmptyClipboard
GetClassNameW
MoveWindow
GetWindowTextW
AppendMenuW
SetCursorPos
IsDialogMessageW
TranslateMessage
wsprintfW
CharLowerW
GetClientRect
MsgWaitForMultipleObjects
PostMessageW
LoadImageW
TrackPopupMenu
GetMessageW
SetActiveWindow
GetWindowRect
ScreenToClient
CloseClipboard
SetCursor
DestroyWindow
GetWindow
GetWindowThreadProcessId
GetWindowLongW
EnumWindows
DispatchMessageW
PeekMessageW
DestroyMenu

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

ExtractIconExW
ShellExecuteExW

Exports

Exports

AddApplications
AddCaption
AddClass
AddCustom
AddFile
AddFolder
AddModule
CloseProcess
Dialog
EnumProcesses
FindProcess
InitDialog
IsFileLocked
Show
SilentPercentComplete
SilentSearch
SilentWait

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 168KB

.rsrc Size: 20KB - Virtual size: 19KB

61259b55b8912888e90f516ca08dc514

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 168KB

.rsrc Size: 20KB - Virtual size: 19KB

62734a8f9e9c1184cf5a30c332ae53cb

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 28B

.rdata Size: 1024B - Virtual size: 792B

.bss Size: - Virtual size: 1KB

.edata Size: 512B - Virtual size: 75B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 1024B - Virtual size: 628B

c26621761683a926589c7f7a96aa5d75

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

version

shlwapi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 168KB

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 168KB

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 28B

.rdata
Size: 1024B - Virtual size: 792B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 75B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1024B - Virtual size: 628B

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

53:76:34:0a:02:d7:1b:41:2c:8e:8e:b9:41:7d:44:1c
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

05:08:69:f9:27:ab:fb:0a:24:e4:b5:7c:c9:ed:98:d1:9e:8d:67:3d:da:38:69:27:33:dd:3a:8b:68:f5:11:d5
Signer

.text
Size: 106KB - Virtual size: 105KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 6KB - Virtual size: 6KB

53:76:34:0a:02:d7:1b:41:2c:8e:8e:b9:41:7d:44:1c
Certificate