1dfba89ba7c4b3f49d64e868279fcc2f67f3322e599e58099e153d4fc7b9dc52

Sharing

Copy URL

Twitter E-mail

General

Target

1dfba89ba7c4b3f49d64e868279fcc2f67f3322e599e58099e153d4fc7b9dc52
Size

1.5MB
MD5

807ff53088a91a7d85d7e0cc3d3dc3d0
SHA1

38b1b3e6ff7be5051c60f1c96332a8ab990cfb63
SHA256

1dfba89ba7c4b3f49d64e868279fcc2f67f3322e599e58099e153d4fc7b9dc52
SHA512

b3802dd4596d744e5d8cbfcf3228a2e25d2557edf2b5703de7db4c943a10be9639fa1bb79fc92e13decfd664b0097d91d1e9b33f8e9995fbbefd2339ae10ab3d
SSDEEP

49152:6Ac9m+NS8Dcar/kDsWnFHiwiG6lbiYWuZC1+d:xc9fNS8Dcar+FHiw2Brc+d

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FSResizer43/FSResizer.exe
unpack001/FSResizer43/fsplugin01.dll
unpack001/FSResizer43/fsplugin02.dll
unpack001/FSResizer43/fsplugin03.dll

Files

1dfba89ba7c4b3f49d64e868279fcc2f67f3322e599e58099e153d4fc7b9dc52
.zip
FSResizer43/Credits.txt
FSResizer43/FSLogo.png
.png
FSResizer43/FSResizer.exe
.exe windows:4 windows x86 arch:x86

3b37a0968a3d633e26c6593d212713d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

msimg32

AlphaBlend

ole32

ReleaseStgMedium

comctl32

ImageList_SetIconSize

imm32

ImmGetVirtualKey

winspool.drv

OpenPrinterA

shell32

ShellExecuteW

comdlg32

PrintDlgA

avifil32

AVISaveOptionsFree

msvfw32

DrawDibRealize

winmm

PlaySoundA

Sections

CODE
Size: 1.1MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FSResizer43/FSResizerHelp.chm
.chm
FSResizer43/FSResizerSettings.db
FSResizer43/GnDown.url
.url
FSResizer43/LicenseAgreement.txt
FSResizer43/Portable.db
FSResizer43/fsplugin01.dll
.dll windows:4 windows x86 arch:x86

af7730f5190b736356af1d0eda458dc3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_setmode
__dllonexit
__mb_cur_max
_errno
_iob
_isctype
_pctype
_setjmp
_wfopen
abort
calloc
exit
fclose
fflush
fprintf
fread
free
fwrite
getenv
longjmp
malloc
memcpy
sprintf
sscanf
strncpy
tolower
vfprintf

Exports

Exports

FreeMemData
JPEGFileTransform
JPEGMEMTransform
TransferMemData

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 188B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FSResizer43/fsplugin02.dll
.dll windows:4 windows x86 arch:x86

1cba0e23b706e0bfbc0a4cb9b6bd80fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
exit
ferror
fflush
fprintf
fread
free
fwrite
getenv
malloc
memcpy
memset
sprintf
sscanf
strlen
strncmp
vfprintf

Exports

Exports

jcopy_block_row
jcopy_sample_rows
jdiv_round_up
jinit_1pass_quantizer
jinit_2pass_quantizer
jinit_c_coef_controller
jinit_c_main_controller
jinit_c_master_control
jinit_c_prep_controller
jinit_color_converter
jinit_color_deconverter
jinit_compress_master
jinit_d_coef_controller
jinit_d_main_controller
jinit_d_post_controller
jinit_downsampler
jinit_forward_dct
jinit_huff_decoder
jinit_huff_encoder
jinit_input_controller
jinit_inverse_dct
jinit_marker_reader
jinit_marker_writer
jinit_master_decompress
jinit_memory_mgr
jinit_merged_upsampler
jinit_phuff_decoder
jinit_phuff_encoder
jinit_upsampler
jpeg_CreateCompress
jpeg_CreateDecompress
jpeg_abort
jpeg_abort_compress
jpeg_abort_decompress
jpeg_add_quant_table
jpeg_alloc_huff_table
jpeg_alloc_quant_table
jpeg_calc_output_dimensions
jpeg_consume_input
jpeg_copy_critical_parameters
jpeg_crop_scanline
jpeg_default_colorspace
jpeg_destroy
jpeg_destroy_compress
jpeg_destroy_decompress
jpeg_fdct_float
jpeg_fdct_ifast
jpeg_fdct_islow
jpeg_fill_bit_buffer
jpeg_finish_compress
jpeg_finish_decompress
jpeg_finish_output
jpeg_free_large
jpeg_free_small
jpeg_gen_optimal_table
jpeg_get_large
jpeg_get_small
jpeg_has_multiple_scans
jpeg_huff_decode
jpeg_idct_1x1
jpeg_idct_2x2
jpeg_idct_4x4
jpeg_idct_float
jpeg_idct_ifast
jpeg_idct_islow
jpeg_input_complete
jpeg_make_c_derived_tbl
jpeg_make_d_derived_tbl
jpeg_mem_available
jpeg_mem_dest
jpeg_mem_init
jpeg_mem_src
jpeg_mem_term
jpeg_new_colormap
jpeg_open_backing_store
jpeg_quality_scaling
jpeg_read_coefficients
jpeg_read_header
jpeg_read_raw_data
jpeg_read_scanlines
jpeg_resync_to_restart
jpeg_save_markers
jpeg_set_colorspace
jpeg_set_defaults
jpeg_set_linear_quality
jpeg_set_marker_processor
jpeg_set_quality
jpeg_simple_progression
jpeg_skip_scanlines
jpeg_start_compress
jpeg_start_decompress
jpeg_start_output
jpeg_std_error
jpeg_stdio_dest
jpeg_stdio_src
jpeg_suppress_tables
jpeg_write_coefficients
jpeg_write_m_byte
jpeg_write_m_header
jpeg_write_marker
jpeg_write_raw_data
jpeg_write_scanlines
jpeg_write_tables
jround_up
jzero_far

Sections

.text
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 996B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 135B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 277B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FSResizer43/fsplugin03.dll
.dll windows:5 windows x86 arch:x86

8e0a1f2284a5f7dab96c697a66241e4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Andrew\Desktop\lcms\lcms2-2.9\bin\lcms2.pdb

Imports

kernel32

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateMutexW
WaitForSingleObject
InterlockedCompareExchange
ReleaseMutex
CloseHandle
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
DeleteFileA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RtlUnwind
MultiByteToWideChar
ReadFile
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
Sleep
ExitProcess
GetModuleFileNameA
SetFilePointer
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
LoadLibraryA
GetModuleHandleA
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
HeapSize
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

__cmsComputeInterpParams@24
__cmsFloat2Half@4
__cmsFreeInterpParams@4
__cmsGetFormatter@16
__cmsHalf2Float@4
__cmsQuantizeVal@12
__cmsReadDevicelinkLUT@8
__cmsReadInputLUT@8
__cmsReadOutputLUT@8
__cmsStageAllocIdentityCLut@8
__cmsStageAllocIdentityCurves@8
__cmsStageAllocLab2XYZ@4
__cmsStageAllocLabV2ToV4@4
__cmsStageAllocLabV4ToV2@4
__cmsStageAllocNamedColor@8
__cmsStageAllocXYZ2Lab@4
_cms15Fixed16toDouble
_cms8Fixed8toDouble
_cmsAdjustEndianess16
_cmsAdjustEndianess32
_cmsAdjustEndianess64
_cmsCalloc
_cmsCreateMutex
_cmsDecodeDateTimeNumber
_cmsDefaultICCintents
_cmsDestroyMutex
_cmsDoTransformLineStride@36
_cmsDoubleTo15Fixed16
_cmsDoubleTo8Fixed8
_cmsDupMem
_cmsEncodeDateTimeNumber
_cmsFree
_cmsGetTransformFormatters16
_cmsGetTransformFormattersFloat
_cmsGetTransformUserData
_cmsICCcolorSpace
_cmsIOPrintf
_cmsLCMScolorSpace
_cmsLockMutex
_cmsMAT3eval
_cmsMAT3identity
_cmsMAT3inverse
_cmsMAT3isIdentity
_cmsMAT3per
_cmsMAT3solve
_cmsMalloc
_cmsMallocZero
_cmsOpenProfileFromIOhandler2THR@12
_cmsPipelineSetOptimizationParameters
_cmsRead15Fixed16Number
_cmsReadAlignment
_cmsReadFloat32Number
_cmsReadTypeBase
_cmsReadUInt16Array
_cmsReadUInt16Number
_cmsReadUInt32Number
_cmsReadUInt64Number
_cmsReadUInt8Number
_cmsReadXYZNumber
_cmsRealloc
_cmsSetTransformUserData
_cmsStageAllocPlaceholder
_cmsUnlockMutex
_cmsVEC3cross
_cmsVEC3distance
_cmsVEC3dot
_cmsVEC3init
_cmsVEC3length
_cmsVEC3minus
_cmsWrite15Fixed16Number
_cmsWriteAlignment
_cmsWriteFloat32Number
_cmsWriteTypeBase
_cmsWriteUInt16Array
_cmsWriteUInt16Number
_cmsWriteUInt32Number
_cmsWriteUInt64Number
_cmsWriteUInt8Number
_cmsWriteXYZNumber
cmsAdaptToIlluminant
cmsAllocNamedColorList
cmsAllocProfileSequenceDescription
cmsAppendNamedColor
cmsBFDdeltaE
cmsBuildGamma
cmsBuildParametricToneCurve
cmsBuildSegmentedToneCurve
cmsBuildTabulatedToneCurve16
cmsBuildTabulatedToneCurveFloat
cmsCIE2000DeltaE
cmsCIE94DeltaE
cmsCIECAM02Done
cmsCIECAM02Forward
cmsCIECAM02Init
cmsCIECAM02Reverse
cmsCMCdeltaE
cmsChangeBuffersFormat
cmsChannelsOf
cmsCloseIOhandler
cmsCloseProfile
cmsCreateBCHSWabstractProfile
cmsCreateBCHSWabstractProfileTHR
cmsCreateContext
cmsCreateExtendedTransform
cmsCreateGrayProfile
cmsCreateGrayProfileTHR
cmsCreateInkLimitingDeviceLink
cmsCreateInkLimitingDeviceLinkTHR
cmsCreateLab2Profile
cmsCreateLab2ProfileTHR
cmsCreateLab4Profile
cmsCreateLab4ProfileTHR
cmsCreateLinearizationDeviceLink
cmsCreateLinearizationDeviceLinkTHR
cmsCreateMultiprofileTransform
cmsCreateMultiprofileTransformTHR
cmsCreateNULLProfile
cmsCreateNULLProfileTHR
cmsCreateProfilePlaceholder
cmsCreateProofingTransform
cmsCreateProofingTransformTHR
cmsCreateRGBProfile
cmsCreateRGBProfileTHR
cmsCreateTransform
cmsCreateTransformTHR
cmsCreateXYZProfile
cmsCreateXYZProfileTHR
cmsCreate_sRGBProfile
cmsCreate_sRGBProfileTHR
cmsD50_XYZ
cmsD50_xyY
cmsDeleteContext
cmsDeleteTransform
cmsDeltaE
cmsDesaturateLab
cmsDetectBlackPoint
cmsDetectDestinationBlackPoint
cmsDetectTAC
cmsDictAddEntry
cmsDictAlloc
cmsDictDup
cmsDictFree
cmsDictGetEntryList
cmsDictNextEntry
cmsDoTransform
cmsDoTransformStride
cmsDupContext
cmsDupNamedColorList
cmsDupProfileSequenceDescription
cmsDupToneCurve
cmsEstimateGamma
cmsEvalToneCurve16
cmsEvalToneCurveFloat
cmsFloat2LabEncoded
cmsFloat2LabEncodedV2
cmsFloat2XYZEncoded
cmsFormatterForColorspaceOfProfile
cmsFormatterForPCSOfProfile
cmsFreeNamedColorList
cmsFreeProfileSequenceDescription
cmsFreeToneCurve
cmsFreeToneCurveTriple
cmsGBDAlloc
cmsGBDFree
cmsGDBAddPoint
cmsGDBCheckPoint
cmsGDBCompute
cmsGetAlarmCodes
cmsGetAlarmCodesTHR
cmsGetColorSpace
cmsGetContextUserData
cmsGetDeviceClass
cmsGetEncodedCMMversion
cmsGetEncodedICCversion
cmsGetHeaderAttributes
cmsGetHeaderCreationDateTime
cmsGetHeaderCreator
cmsGetHeaderFlags
cmsGetHeaderManufacturer
cmsGetHeaderModel
cmsGetHeaderProfileID
cmsGetHeaderRenderingIntent
cmsGetNamedColorList
cmsGetPCS
cmsGetPipelineContextID
cmsGetPostScriptCRD
cmsGetPostScriptCSA
cmsGetPostScriptColorResource
cmsGetProfileContextID
cmsGetProfileIOhandler
cmsGetProfileInfo
cmsGetProfileInfoASCII
cmsGetProfileVersion
cmsGetSupportedIntents
cmsGetSupportedIntentsTHR
cmsGetTagCount
cmsGetTagSignature
cmsGetToneCurveEstimatedTable
cmsGetToneCurveEstimatedTableEntries
cmsGetToneCurveParametricType
cmsGetTransformContextID
cmsGetTransformInputFormat
cmsGetTransformOutputFormat
cmsIT8Alloc
cmsIT8DefineDblFormat
cmsIT8EnumDataFormat
cmsIT8EnumProperties
cmsIT8EnumPropertyMulti
cmsIT8FindDataFormat
cmsIT8Free
cmsIT8GetData
cmsIT8GetDataDbl
cmsIT8GetDataRowCol
cmsIT8GetDataRowColDbl
cmsIT8GetPatchByName
cmsIT8GetPatchName
cmsIT8GetProperty
cmsIT8GetPropertyDbl
cmsIT8GetPropertyMulti
cmsIT8GetSheetType
cmsIT8LoadFromFile
cmsIT8LoadFromMem
cmsIT8SaveToFile
cmsIT8SaveToMem
cmsIT8SetComment
cmsIT8SetData
cmsIT8SetDataDbl
cmsIT8SetDataFormat
cmsIT8SetDataRowCol
cmsIT8SetDataRowColDbl
cmsIT8SetIndexColumn
cmsIT8SetPropertyDbl
cmsIT8SetPropertyHex
cmsIT8SetPropertyMulti
cmsIT8SetPropertyStr
cmsIT8SetPropertyUncooked
cmsIT8SetSheetType
cmsIT8SetTable
cmsIT8SetTableByLabel
cmsIT8TableCount
cmsIsCLUT
cmsIsIntentSupported
cmsIsMatrixShaper
cmsIsTag
cmsIsToneCurveDescending
cmsIsToneCurveLinear
cmsIsToneCurveMonotonic
cmsIsToneCurveMultisegment
cmsJoinToneCurve
cmsLCh2Lab
cmsLab2LCh
cmsLab2XYZ
cmsLabEncoded2Float
cmsLabEncoded2FloatV2
cmsLinkTag
cmsMD5computeID
cmsMLUalloc
cmsMLUdup
cmsMLUfree
cmsMLUgetASCII
cmsMLUgetTranslation
cmsMLUgetWide
cmsMLUsetASCII
cmsMLUsetWide
cmsMLUtranslationsCodes
cmsMLUtranslationsCount
cmsNamedColorCount
cmsNamedColorIndex
cmsNamedColorInfo
cmsOpenIOhandlerFromFile
cmsOpenIOhandlerFromMem
cmsOpenIOhandlerFromNULL
cmsOpenIOhandlerFromStream
cmsOpenProfileFromFile
cmsOpenProfileFromFileTHR
cmsOpenProfileFromIOhandlerTHR
cmsOpenProfileFromMem
cmsOpenProfileFromMemTHR
cmsOpenProfileFromStream
cmsOpenProfileFromStreamTHR
cmsPipelineAlloc
cmsPipelineCat
cmsPipelineCheckAndRetreiveStages
cmsPipelineDup
cmsPipelineEval16
cmsPipelineEvalFloat
cmsPipelineEvalReverseFloat
cmsPipelineFree
cmsPipelineGetPtrToFirstStage
cmsPipelineGetPtrToLastStage
cmsPipelineInputChannels
cmsPipelineInsertStage
cmsPipelineOutputChannels
cmsPipelineSetSaveAs8bitsFlag
cmsPipelineStageCount
cmsPipelineUnlinkStage
cmsPlugin
cmsPluginTHR
cmsReadRawTag
cmsReadTag
cmsReverseToneCurve
cmsReverseToneCurveEx
cmsSaveProfileToFile
cmsSaveProfileToIOhandler
cmsSaveProfileToMem
cmsSaveProfileToStream
cmsSetAdaptationState
cmsSetAdaptationStateTHR
cmsSetAlarmCodes
cmsSetAlarmCodesTHR
cmsSetColorSpace
cmsSetDeviceClass
cmsSetEncodedICCversion
cmsSetHeaderAttributes
cmsSetHeaderFlags
cmsSetHeaderManufacturer
cmsSetHeaderModel
cmsSetHeaderProfileID
cmsSetHeaderRenderingIntent
cmsSetLogErrorHandler
cmsSetLogErrorHandlerTHR
cmsSetPCS
cmsSetProfileVersion
cmsSignalError
cmsSliceSpace16
cmsSliceSpaceFloat
cmsSmoothToneCurve
cmsStageAllocCLut16bit
cmsStageAllocCLut16bitGranular
cmsStageAllocCLutFloat
cmsStageAllocCLutFloatGranular
cmsStageAllocIdentity
cmsStageAllocMatrix
cmsStageAllocToneCurves
cmsStageData
cmsStageDup
cmsStageFree
cmsStageInputChannels
cmsStageNext
cmsStageOutputChannels
cmsStageSampleCLut16bit
cmsStageSampleCLutFloat
cmsStageType
cmsTagLinkedTo
cmsTempFromWhitePoint
cmsTransform2DeviceLink
cmsUnregisterPlugins
cmsUnregisterPluginsTHR
cmsWhitePointFromTemp
cmsWriteRawTag
cmsWriteTag
cmsXYZ2Lab
cmsXYZ2xyY
cmsXYZEncoded2Float
cmsfilelength
cmsstrcasecmp
cmsxyY2XYZ

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b37a0968a3d633e26c6593d212713d3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

msimg32

ole32

comctl32

imm32

winspool.drv

shell32

comdlg32

avifil32

msvfw32

winmm

Sections

CODE Size: 1.1MB - Virtual size: 3.6MB

.rsrc Size: 45KB - Virtual size: 48KB

af7730f5190b736356af1d0eda458dc3

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 150KB

.data Size: 512B - Virtual size: 8B

.rdata Size: 10KB - Virtual size: 9KB

.eh_fram Size: 1024B - Virtual size: 852B

.bss Size: - Virtual size: 188B

.edata Size: 512B - Virtual size: 158B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 2KB - Virtual size: 1KB

1cba0e23b706e0bfbc0a4cb9b6bd80fb

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 275KB - Virtual size: 274KB

.data Size: 512B - Virtual size: 36B

.rdata Size: 144KB - Virtual size: 144KB

/4 Size: 22KB - Virtual size: 22KB

.bss Size: - Virtual size: 996B

.edata Size: 3KB - Virtual size: 3KB

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 6KB - Virtual size: 5KB

/14 Size: 512B - Virtual size: 56B

/29 Size: 3KB - Virtual size: 2KB

/41 Size: 512B - Virtual size: 135B

/55 Size: 512B - Virtual size: 277B

/67 Size: 512B - Virtual size: 56B

8e0a1f2284a5f7dab96c697a66241e4a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

CODE
Size: 1.1MB - Virtual size: 3.6MB

.rsrc
Size: 45KB - Virtual size: 48KB

.text
Size: 150KB - Virtual size: 150KB

.data
Size: 512B - Virtual size: 8B

.rdata
Size: 10KB - Virtual size: 9KB

.eh_fram
Size: 1024B - Virtual size: 852B

.bss
Size: - Virtual size: 188B

.edata
Size: 512B - Virtual size: 158B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 275KB - Virtual size: 274KB

.data
Size: 512B - Virtual size: 36B

.rdata
Size: 144KB - Virtual size: 144KB

/4
Size: 22KB - Virtual size: 22KB

.bss
Size: - Virtual size: 996B

.edata
Size: 3KB - Virtual size: 3KB

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 6KB - Virtual size: 5KB

/14
Size: 512B - Virtual size: 56B

/29
Size: 3KB - Virtual size: 2KB

/41
Size: 512B - Virtual size: 135B

/55
Size: 512B - Virtual size: 277B

/67
Size: 512B - Virtual size: 56B

.text
Size: 262KB - Virtual size: 261KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 26KB - Virtual size: 34KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 10KB - Virtual size: 10KB