d:\HUA2\dsa\apps\tools\QDecrypt\release consolemode\QDecrypt.pdb
Overview
overview
4Static
static
3QFAdminUtil.zip
windows7-x64
1QFAdminUtil.zip
windows10-2004-x64
3QDecrypt.exe
windows7-x64
4QDecrypt.exe
windows10-2004-x64
3QDecrypt.exe
windows7-x64
4QDecrypt.exe
windows10-2004-x64
3QF-sidara....ADC.01
windows7-x64
3QF-sidara....ADC.01
windows10-2004-x64
3vsapi32.dll
windows7-x64
3vsapi32.dll
windows10-2004-x64
3Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
QFAdminUtil.zip
Resource
win7-20240705-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
QFAdminUtil.zip
Resource
win10v2004-20240802-en
windows10-2004-x64
12 signatures
150 seconds
Behavioral task
behavioral3
Sample
QDecrypt.exe
Resource
win7-20240705-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral4
Sample
QDecrypt.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral5
Sample
QDecrypt.exe
Resource
win7-20240704-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral6
Sample
QDecrypt.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
4 signatures
150 seconds
Behavioral task
behavioral7
Sample
QF-sidara.kominfo.go.id-C8BC41D3BADC.01
Resource
win7-20240729-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral8
Sample
QF-sidara.kominfo.go.id-C8BC41D3BADC.01
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
vsapi32.dll
Resource
win7-20240708-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral10
Sample
vsapi32.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
QFAdminUtil.zip
-
Size
2.5MB
-
MD5
ff1447124e702c366baea7c750fc7e76
-
SHA1
a8f278b1c3635d84d17c964e74d0f678317c13ec
-
SHA256
b6e9fb8135daf1d0f96498129bccbbd934299f6a4b01a8343d9472f5681aedf3
-
SHA512
8c2856bf3bfcec1ab6fe2e9c7f9b659fbe62c2acebb25e44c4c42db5476aba295306c6effd17e74e968300ac2da58f0944e8c66f1c6c0d29aab79c98efa105e4
-
SSDEEP
49152:VWaOq9sbg93br/GWTmI4uN+hbTd7ACQ3aEhsa/75MxggMHkut/rwi195Tg:QaOq6bsrKWTmpu4T7AB3DKxzMxe+Fg
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/QDecrypt.com unpack001/QDecrypt.exe
Files
-
QFAdminUtil.zip.zip
-
QDecrypt.com.exe windows:4 windows x86 arch:x86
c76f6b4310a871f309c4d3c3e38f8b7e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
vsapi32
ord622
kernel32
CreateFileW
GetFileAttributesW
FindClose
FindFirstFileW
CloseHandle
GetTempPathW
GetTempFileNameW
GetFileType
CopyFileW
SetCurrentDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
Sleep
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
TlsSetValue
ExitProcess
TlsGetValue
GetProcAddress
GetCurrentProcess
TlsFree
TlsAlloc
GetModuleHandleW
FindNextFileW
GetEnvironmentVariableW
GetCurrentProcessId
GetCPInfo
IsValidCodePage
TerminateProcess
FormatMessageW
GetModuleFileNameW
GetCurrentThread
RaiseException
OutputDebugStringW
FreeLibrary
GetModuleHandleA
ReadFile
WriteFile
WaitForMultipleObjects
SetEvent
IsBadReadPtr
IsBadStringPtrA
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
GetStringTypeW
GetStringTypeA
EnumSystemLocalesA
GetLocaleInfoA
GetDateFormatA
GetTimeFormatA
GetDriveTypeA
SetEnvironmentVariableA
GetCurrentDirectoryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
LoadLibraryA
GetOEMCP
HeapSize
GetTickCount
QueryPerformanceCounter
SetLastError
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
DebugBreak
GetLastError
SetThreadLocale
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
GetACP
CompareStringW
SetEndOfFile
LCMapStringA
GetTimeZoneInformation
GetFullPathNameW
CompareStringA
SetEnvironmentVariableW
InterlockedExchange
HeapFree
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
SetStdHandle
DeleteFileW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
MoveFileW
user32
DdePostAdvise
DdeConnect
DdeNameService
DdeCreateStringHandleW
DdeClientTransaction
DdeDisconnect
DdeInitializeW
DdeGetLastError
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeQueryStringW
DdeUninitialize
DdeFreeStringHandle
MsgWaitForMultipleObjects
GetMessageW
DispatchMessageW
SetTimer
KillTimer
PeekMessageW
DestroyWindow
UnregisterClassW
RegisterClassW
CreateWindowExW
PostThreadMessageW
MessageBoxW
DefWindowProcW
advapi32
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegDeleteKeyW
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
ole32
CoCreateInstance
Sections
.text Size: 672KB - Virtual size: 669KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 164KB - Virtual size: 161KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 4KB - Virtual size: 13B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 92KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
QDecrypt.exe.exe windows:4 windows x86 arch:x86
e0981f00acdc3b8f7610d180b8b856e3
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\HUA2\dsa\apps\tools\QDecrypt\release\QDecrypt.pdb
Imports
vsapi32
ord628
ord622
rpcrt4
UuidToStringW
RpcStringFreeW
comctl32
ImageList_Add
ImageList_ReplaceIcon
ImageList_Replace
ImageList_Remove
ImageList_Draw
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragMove
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ord16
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_Destroy
ord17
ImageList_Create
kernel32
lstrlenA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
GetTimeZoneInformation
SetFilePointer
FlushFileBuffers
GetConsoleMode
GlobalSize
GetFullPathNameW
MoveFileW
DeleteFileW
HeapReAlloc
SetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetStartupInfoA
HeapAlloc
GetVersionExA
GetCommandLineA
HeapFree
InterlockedExchange
LoadLibraryA
CreateFileA
GetOEMCP
GetCurrentDirectoryA
GetDriveTypeA
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
EnumSystemLocalesA
GetStringTypeA
GetStringTypeW
GetProcessHeap
HeapSize
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SetLastError
MulDiv
GetCommandLineW
SetErrorMode
SetConsoleCursorPosition
FillConsoleOutputCharacterW
WriteConsoleW
WriteConsoleA
GetStdHandle
GetConsoleScreenBufferInfo
ReadConsoleOutputCharacterA
FreeConsole
ExpandEnvironmentStringsW
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetEnvironmentVariableW
GetConsoleOutputCP
CompareStringA
SetEvent
WaitForMultipleObjects
WriteFile
ReadFile
IsBadStringPtrA
IsBadReadPtr
FindNextFileW
GetModuleHandleA
FreeLibrary
GetModuleFileNameW
TerminateProcess
GetModuleHandleW
IsValidCodePage
GetCPInfo
GetCurrentProcessId
GetEnvironmentVariableW
OutputDebugStringW
RaiseException
GetCurrentThread
WideCharToMultiByte
GetVersionExW
TlsAlloc
TlsFree
GetCurrentProcess
GetProcAddress
TlsGetValue
ExitProcess
TlsSetValue
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
Sleep
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetThreadLocale
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
GetACP
SetCurrentDirectoryW
CopyFileW
GetFileType
FormatMessageW
LocalFree
GetTempFileNameW
GetLastError
GetFileTime
GetTempPathW
FileTimeToLocalFileTime
FileTimeToSystemTime
CloseHandle
MultiByteToWideChar
FindFirstFileW
FindClose
GetFileAttributesW
CreateFileW
DebugBreak
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
CompareStringW
SetEndOfFile
GetConsoleCP
QueryPerformanceFrequency
user32
DrawTextW
CreateIconIndirect
UnionRect
EndPaint
BeginPaint
GetWindowDC
DestroyCursor
TranslateAcceleratorW
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDoubleClickTime
CreateMenu
AppendMenuW
ModifyMenuW
RemoveMenu
InsertMenuItemW
InsertMenuW
CreatePopupMenu
SetMenuItemInfoW
GetSubMenu
DestroyMenu
GetMenuState
LoadImageW
DestroyIcon
GetIconInfo
LoadBitmapW
LoadIconW
ValidateRect
DrawIconEx
DrawFrameControl
GetWindowTextLengthW
GetWindowTextW
GetClassNameW
MessageBeep
GetDialogBaseUnits
SetWindowRgn
GetDlgItem
CreateDialogParamW
InflateRect
PtInRect
UnregisterHotKey
RegisterHotKey
SetWindowsHookExW
GetMenuItemCount
GetMenuItemInfoW
SystemParametersInfoW
BeginDeferWindowPos
EndDeferWindowPos
MapWindowPoints
CopyRect
DeferWindowPos
UpdateWindow
SetCursorPos
ReleaseCapture
SetFocus
GetClientRect
GetSysColor
IsWindow
CallWindowProcW
FillRect
InvalidateRect
IsDialogMessageW
TrackPopupMenu
GetCapture
CallNextHookEx
UnhookWindowsHookEx
ChildWindowFromPointEx
GetWindow
GetActiveWindow
GetMessageTime
IsWindowEnabled
IsWindowVisible
ClientToScreen
SetRect
RedrawWindow
SetParent
WindowFromPoint
GetParent
ScrollWindow
EnableScrollBar
SetScrollInfo
GetScrollInfo
SetCapture
GetFocus
EnableWindow
GetAsyncKeyState
VkKeyScanW
MapVirtualKeyW
GetDC
ReleaseDC
TranslateMessage
PostQuitMessage
GetCursorPos
GetMessagePos
GetDesktopWindow
GetWindowRect
GetSystemMenu
EnableMenuItem
DrawMenuBar
GetWindowPlacement
CreateDialogIndirectParamW
SetWindowTextW
OffsetRect
DrawFocusRect
HideCaret
keybd_event
ChildWindowFromPoint
FindWindowExW
ValidateRgn
GetSysColorBrush
CheckMenuItem
GetUpdateRgn
CheckMenuRadioItem
SetWindowPos
MoveWindow
GetWindowLongW
SetWindowLongW
FlashWindow
GetSystemMetrics
IsIconic
IsZoomed
SetForegroundWindow
ShowWindow
BringWindowToTop
GetKeyState
DdePostAdvise
DrawStateW
DrawEdge
RegisterClipboardFormatW
GetClipboardFormatNameW
ChangeDisplaySettingsW
EnumDisplaySettingsW
IsClipboardFormatAvailable
AdjustWindowRectEx
DdeConnect
DdeNameService
DdeCreateStringHandleW
DdeClientTransaction
DdeDisconnect
DdeInitializeW
DdeGetLastError
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeQueryStringW
DdeUninitialize
DdeFreeStringHandle
LoadCursorW
SetCursor
SendMessageW
MsgWaitForMultipleObjects
GetMessageW
DispatchMessageW
PeekMessageW
DestroyWindow
UnregisterClassW
SetTimer
KillTimer
DefWindowProcW
RegisterClassW
PostMessageW
CreateWindowExW
PostThreadMessageW
MessageBoxW
ShowCursor
wsprintfW
ScreenToClient
SetMenu
gdi32
SetROP2
SetViewportOrgEx
CreateCompatibleDC
DeleteDC
GetPixel
SetPixel
PolyBezier
SetWindowOrgEx
SetWindowExtEx
SetViewportExtEx
SetMapMode
SelectClipRgn
CreateSolidBrush
GetBkColor
SetStretchBltMode
ExtSelectClipRgn
ExtFloodFill
GetCharABCWidthsW
GetTextExtentExPointW
CreateCompatibleBitmap
BitBlt
Arc
Pie
Polygon
SetPolyFillMode
PolyPolygon
Rectangle
RoundRect
GetOutlineTextMetricsW
GetStockObject
MaskBlt
DeleteObject
StretchDIBits
StretchBlt
GetRgnBox
EqualRgn
PtInRegion
RectInRegion
Polyline
CombineRgn
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
CreateHatchBrush
CreatePatternBrush
SaveDC
RestoreDC
CreateRectRgnIndirect
CreateBitmap
CreatePen
SetTextAlign
CreateICW
ExtCreatePen
CreateDIBSection
GetDIBits
CreateDIBitmap
GetDIBColorTable
EnumFontFamiliesExW
SetAbortProc
StartDocW
EndDoc
StartPage
EndPage
CreateDCW
GetEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
PlayEnhMetaFile
CloseEnhMetaFile
GetSystemPaletteEntries
GetObjectW
GetClipBox
SetBkMode
SetTextColor
SetBkColor
MoveToEx
LineTo
CreateFontIndirectW
GetDeviceCaps
GetRegionData
ExtCreateRegion
OffsetRgn
ExtTextOutW
ExcludeClipRect
SetBrushOrgEx
CreateRectRgn
GdiFlush
GetTextExtentPoint32W
SelectPalette
RealizePalette
Ellipse
GetTextMetricsW
SelectObject
winspool.drv
ClosePrinter
DocumentPropertiesW
OpenPrinterW
comdlg32
PrintDlgW
ChooseColorW
ChooseFontW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
PageSetupDlgW
advapi32
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegDeleteKeyW
shell32
ExtractIconW
DragQueryFileW
DragQueryPoint
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
ExtractIconExW
ole32
RevokeDragDrop
CoLockObjectExternal
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoCreateInstance
ReleaseStgMedium
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleGetClipboard
RegisterDragDrop
Sections
.text Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 676KB - Virtual size: 673KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 231KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 4KB - Virtual size: 13B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 92KB - Virtual size: 90KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
QF-sidara.kominfo.go.id-C8BC41D3BADC.01
-
vsapi32.dll.dll windows:4 windows x86 arch:x86
2c2e79147833b5350b97c355d7168fcb
Code Sign
47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before10/05/2010, 00:00Not After10/05/2015, 23:59SubjectCN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before30/09/2010, 00:00Not After01/01/2014, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:9d:17:8a:d3:34:ac:df:47:c8:a0:d1:5b:b5:0e:6eCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before17/01/2013, 00:00Not After18/03/2014, 23:59SubjectCN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TWExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3f:fa:7d:ef:25:d0:0a:59:62:dd:61:fe:29:85:fd:e6:0a:ae:ef:d4Signer
Actual PE Digest3f:fa:7d:ef:25:d0:0a:59:62:dd:61:fe:29:85:fd:e6:0a:ae:ef:d4Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\VSAPI\src\source\dllsrc\vsapiw32\vsapi32\PGO_2005\vsapi32.pdb
Imports
kernel32
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetFileAttributesA
SetFileAttributesA
GetFileAttributesW
GetLastError
SetFileAttributesW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
FindFirstFileA
FindClose
FindNextFileA
GetFileTime
OutputDebugStringA
DuplicateHandle
CloseHandle
CreateFileA
GetFileSize
GlobalMemoryStatus
SetFilePointer
SetEndOfFile
GetCurrentProcess
SetFileTime
WriteFile
ReadFile
CreateFileW
HeapFree
HeapAlloc
FindFirstFileW
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteFileW
GetSystemTimeAsFileTime
MoveFileA
CreateDirectoryW
GetDriveTypeW
MoveFileW
GetDriveTypeA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
GetFullPathNameA
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
Sleep
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoW
DeleteFileA
RemoveDirectoryA
CreateDirectoryA
Exports
Exports
FreeVirusPattern
OleRemoveVirus
ReadPatternFile
ScanFileVirus
VSActOnFile
VSActOnFileW
VSAddArchProcessExcludeExtName
VSAddArchProcessExtName
VSAddDataType
VSAddProcessExcludeExtName
VSAddProcessExtName
VSAddSpywareExcludeName
VSArchFileNeedProcess
VSBackupFile
VSBackupFileW
VSBackupResource
VSBackupResourceW
VSBackupVSCData
VSBaseName
VSCalculateCRC
VSCharType
VSCheckPatternFile
VSCheckPatternFileW
VSCleanEncryptedVirus
VSCleanVirus
VSCleanVirusW
VSClearArchProcessExcludeExtNameTable
VSClearArchProcessExtNameTable
VSClearProcessExcludeExtNameTable
VSClearProcessExtNameTable
VSClearSpywareExcludeNameTable
VSCloseFile
VSCloseIOFromHandle
VSCloseResource
VSConvertCharacter
VSCopyFile
VSCopyFileFD
VSCopyFileW
VSCrc32
VSCreateDirectoryTree
VSDCIsCompressed
VSDataType
VSDataTypeFD
VSDecompress
VSDecompressFile
VSDelDataType
VSDelUserDecodeFunc
VSDeleteArchProcessExcludeExtName
VSDeleteArchProcessExtName
VSDeleteProcessExcludeExtName
VSDeleteProcessExtName
VSDeleteSpywareExcludeName
VSDeleteUnusedPattern
VSDisablePattern
VSEncBackupFile
VSEncBackupFileW
VSFileNeedProcess
VSFileNeedProcessW
VSFileType
VSFindFirst
VSFindNewestPattern
VSFindNext
VSFormatDate
VSFormatDateTime
VSFreePatternList
VSFreePatternNode
VSGetActiveScanFlag
VSGetArchProcessExcludeExtName
VSGetArchProcessExcludeExtNumber
VSGetArchProcessExtName
VSGetArchProcessExtNumber
VSGetArchProcessExtTableSize
VSGetBackupEncodeFlag
VSGetBackupFileInfo
VSGetBackupFileInfoW
VSGetCharacterEnvType
VSGetCleanBackupFlag
VSGetCleanZipFlag
VSGetConfChangeFlag
VSGetConfig
VSGetConfigEx
VSGetCurrentPatternFileInternalVersion
VSGetCurrentPatternFileVersion
VSGetDataTypeInfo
VSGetDebug
VSGetDecodeFlag
VSGetDecompressLayer
VSGetDefaultExcludeExtList
VSGetDefaultExcludeExtListSize
VSGetDefaultExtList
VSGetDefaultExtListSize
VSGetDefaultHospitalPath
VSGetDefaultPatternFile
VSGetDefaultPatternPath
VSGetDefaultTempPath
VSGetDetectableVirusNumber
VSGetEncodeAction
VSGetEncryptTempFileFlag
VSGetExpandLiteFlag
VSGetExtractAmgFlag
VSGetExtractArchiveFlag
VSGetExtractFileCountLimit
VSGetExtractFileRatioLimit
VSGetExtractFileSizeLimit
VSGetExtractFileSizeLimitByVSDT
VSGetExtractPath
VSGetGenericVirusReport
VSGetHeuristicLevel
VSGetKeepDecompressFileFlag
VSGetLastPattern
VSGetLastPatternW
VSGetLogFilePath
VSGetLogFlag
VSGetMemoryDecompressSize
VSGetMsgScanLayer
VSGetMultiPatternFilesInfo
VSGetNormalizeMemScanFlag
VSGetOleEmbedScanLayer
VSGetPatternHandle
VSGetPatternInternalVersion
VSGetPatternInternalVersionW
VSGetPatternList
VSGetPatternPath
VSGetPatternPathW
VSGetPatternProperty
VSGetProcessAllFileFlag
VSGetProcessAllFileInArcFlag
VSGetProcessAllSubDirFlag
VSGetProcessExcludeExtName
VSGetProcessExcludeExtNumber
VSGetProcessExtName
VSGetProcessExtNumber
VSGetProcessExtTableSize
VSGetProcessMemScanFlag
VSGetRTFScanLayer
VSGetRedAlertFlag
VSGetScanBPFlag
VSGetScanGenericMacroFlag
VSGetScanJavaFlag
VSGetScanMacroFlag
VSGetScanMemoryFlag
VSGetScanTask
VSGetScanTaskStatus
VSGetScriptTrapFlag
VSGetSmartDecompressFlag
VSGetSoftMiceFlag
VSGetSpywareExcludeName
VSGetSpywareExcludeNameEx
VSGetSpywareExcludeNumber
VSGetStripMacroFlag
VSGetTempPath
VSGetUserName
VSGetVSCInfo
VSGetVSDebug
VSGetVSVerboseLevel
VSGetVerboseLevel
VSGetVersion
VSGetVersionString
VSGetVirusAction
VSGetVirusDetectionInfo
VSGetVirusHospitalPath
VSGetVirusInfo
VSGetVirusNameInfo
VSGetVirusNameInfoEx
VSGetVirusPatternInfo
VSGetVirusPatternInfoEx
VSGetVirusPatternInformation
VSGetVirusPropertyByName
VSGetVolume
VSInit
VSIsDir
VSIsFullPathName
VSIsNewerEngine
VSIsTwoByteWord
VSLog
VSLseekResource
VSMatch
VSMergeDir
VSMkdir
VSNoVolumeName
VSOpenFile
VSOpenFileW
VSOpenIOFromHandle
VSOpenResource
VSPatternVersionToString
VSProcessDir
VSProcessFile
VSQuit
VSReadControlPattern
VSReadFile
VSReadLog
VSReadPattern
VSReadPatternInFile
VSReadPatternInFileW
VSReadResource
VSReadVirusPattern
VSRemoveAllTempFile
VSRemoveWhiteChar
VSResetConfChangeFlag
VSResetScanCounter
VSResourceDataType
VSResourceSize
VSRestoreFile
VSRestoreFileW
VSScanBP
VSScanDir
VSScanFile
VSScanFileFD
VSScanResource
VSScanShellCode
VSSearchArchProcessExcludeExtName
VSSearchArchProcessExtName
VSSearchProcessExcludeExtName
VSSearchSpywareExcludeName
VSSeekFile
VSSetActiveScanFlag
VSSetAdvFileInfoCallBackFunc
VSSetAskActionFunc
VSSetBackupEncodeFlag
VSSetCharacterEnvType
VSSetCleanBackupFlag
VSSetCleanZipFlag
VSSetConfig
VSSetConfigEx
VSSetCountFileFlag
VSSetDataTypeFD
VSSetDataTypeInfo
VSSetDebug
VSSetDecodeFlag
VSSetDecompressLayer
VSSetDefaultHospitalPath
VSSetDefaultPatternFile
VSSetDefaultPatternPath
VSSetDefaultTempPath
VSSetEncodeAction
VSSetEncryptTempFileFlag
VSSetExpandLiteFlag
VSSetExtractAmgFlag
VSSetExtractArchiveFlag
VSSetExtractFileCountLimit
VSSetExtractFileRatioLimit
VSSetExtractFileSizeLimit
VSSetExtractFileSizeLimitByVSDT
VSSetExtractPath
VSSetFeedbackCallBackFunc
VSSetHeuristicLevel
VSSetKeepDecompressFileFlag
VSSetLogFilePath
VSSetLogFilePathFunc
VSSetLogFlag
VSSetMemoryDecompressSize
VSSetMsgScanLayer
VSSetNormalizeMemScanFlag
VSSetOleEmbedCallBackFunc
VSSetOleEmbedScanLayer
VSSetPatternPath
VSSetPostExtractArchFunc
VSSetPreExtractArchFunc
VSSetProcessAllFileFlag
VSSetProcessAllFileInArcFlag
VSSetProcessAllSubDirFlag
VSSetProcessFileCallBackFunc
VSSetProcessMemScanFlag
VSSetRTFScanLayer
VSSetRedAlertFlag
VSSetRenameFileNameFunc
VSSetScanBPFlag
VSSetScanGenericMacroFlag
VSSetScanJavaFlag
VSSetScanMacroFlag
VSSetScanMemoryFlag
VSSetScriptTrapFlag
VSSetSmartDecompressFlag
VSSetSoftMiceFlag
VSSetStripMacroFlag
VSSetTempPath
VSSetUserDecodeFunc
VSSetUserLogFunc
VSSetVSCInfo
VSSetVSDebug
VSSetVSVerboseLevel
VSSetVerboseLevel
VSSetVirusAction
VSSetVirusHospitalPath
VSSetVolume
VSSizeOfFile
VSStoreVSCData
VSStricmp
VSStringToPatternVersion
VSStrip
VSStrnicmp
VSSwapLong
VSSwapLongTable
VSSwapShort
VSSwapShortTable
VSToLowerString
VSToUpperString
VSUpdateZip
VSVirusScan
VSVirusScanFile
VSVirusScanFileW
VSVirusScanFileWithoutFNFilter
VSWriteFile
VSWriteResource
_VSIScanEnableSignature
_VSIScanGetVirusInfo
_VSIScanGetVirusInfoEx
_VSScanVirusInMemory
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 252KB - Virtual size: 250KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 976B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ