macro[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

macro.zip
Size

5.4MB
MD5

6f6da6ebf15bcc4be4277d5ee54d98a0
SHA1

c4deb3646ab223966efadaf958451d121e0938b8
SHA256

82ca17856a588a45652b86a9bc9d5cc42aa81631b3a354d8684bc986165991bc
SHA512

ce98942409f1906a49e2847ed0e9ae00793556497bd75f2f4b34655b1417235bf06b16b814eef0ec1120273b7658d45bf7ec9f54068e3dba9dbcd6c33b252692
SSDEEP

98304:pOob30lg12al+8k/oSyCfKn+YvONpVCPM6FcJt5a7VHfjrUMq/GrQdOUMoX4GtHB:pj30lgIG+8k/oSpfKKc1cJt5KbrUMUNJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bin/leptonica_util/leptonica_util.exe
unpack001/Bin/leptonica_util/liblept168.dll
unpack001/Bin/tesseract/tesseract.exe

Files

macro.zip
.zip
Bin/leptonica_util/Microsoft.VC90.CRT.manifest
.xml
Bin/leptonica_util/leptonica_util.exe
.exe windows:5 windows x86 arch:x86

f13ac442dbf5c1dbecf7059eb11d4110

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Dev\c\Leptonica_Capture2Text\Release\leptonica_util.pdb

Imports

liblept168

pixConvertRGBToGray
pixWrite
pixAverageOnLine
splitPathAtExtension
pixRead
pixScaleGrayLI
pixDestroy
pixUnsharpMaskingGray
pixOtsuAdaptiveThreshold
pixInvert
pixWriteImpliedFormat

msvcr90

atof
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
strcpy_s
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
memset
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
atoi
_initterm
__p__fmode

kernel32

InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedExchange
Sleep

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/leptonica_util/liblept168.dll
.dll windows:5 windows x86 arch:x86

5d49e1581de254332214840b9ede873b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessTimes
GetCurrentProcess
GetSystemTimeAsFileTime
GetTempPathA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
FindFirstFileA
MoveFileExA
CopyFileA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FindNextFileA
FindClose
DeleteFileA
GetLastError
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcessId

user32

ReleaseDC
GetDC

gdi32

CreateDIBSection
GetObjectA
DeleteObject

msvcr90

memcpy
fwrite
memmove
fread
_CIsqrt
fseek
fscanf
fclose
rand
memset
sprintf
sscanf
_snprintf_s
_CIlog
ceil
_CIpow
_CIatan
malloc
rewind
remove
_lseek
fgets
system
floor
longjmp
_setjmp3
atof
_CIexp
srand
fopen
fputc
_CItan
strstr
_localtime64
_time64
strncat
strchr
ftell
strrchr
strftime
_fullpath
memcmp
_snprintf
abort
strlen
strtod
fabs
pow
fflush
exit
ferror
getenv
_fstat64i32
realloc
vfprintf
isprint
fputs
bsearch
qsort
setvbuf
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
__iob_func
fprintf
strncmp
_CIsin
_CIcos
_CIatan2
calloc
free
_close
_open
_fdopen
fgetc
_fileno
_getpid
_read
_write
_setmode

Exports

Exports

AlphaMaskBorderVals
ConvolveSamplingFactX
ConvolveSamplingFactY
ImageFileFormatExtensions
MORPH_BC
NumImageFileFormatExtensions
absDifferenceLow
accumulateLow
addColorizedGrayToCmap
addConstantGrayLow
addGrayLow
adjacentOnPixelInRaster
affineInvertXform
affineXformPt
affineXformSampledPt
applyCubicFit
applyLinearFit
applyQuadraticFit
applyQuarticFit
arrayFindEachSequence
arrayFindSequence
arrayRead
arrayReadStream
barcodeDispatchDecoder
barcodeFormatIsSupported
bbufferBytesToWrite
bbufferCreate
bbufferDestroy
bbufferDestroyAndSaveData
bbufferExtendArray
bbufferRead
bbufferReadStream
bbufferWrite
bbufferWriteStream
bilinearXformPt
bilinearXformSampledPt
blockconvAccumLow
blockconvLow
blocksumLow
bmfCreate
bmfDestroy
bmfGetBaseline
bmfGetLineStrings
bmfGetPix
bmfGetStringWidth
bmfGetWidth
bmfGetWordWidths
boxAdjustSides
boxBoundingRegion
boxChangeRefcount
boxClipToRectangle
boxClone
boxContains
boxContainsPt
boxCopy
boxCreate
boxCreateValid
boxDestroy
boxEqual
boxGetCenter
boxGetGeometry
boxGetRefcount
boxIntersectByLine
boxIntersects
boxOverlapFraction
boxOverlapRegion
boxPrintStreamInfo
boxRelocateOneSide
boxRotateOrth
boxSetGeometry
boxTransform
boxTransformOrdered
boxaAddBox
boxaAffineTransform
boxaBinSort
boxaClear
boxaClipToBox
boxaCombineOverlaps
boxaContainedInBox
boxaConvertToPta
boxaCopy
boxaCreate
boxaDestroy
boxaEqual
boxaExtendArray
boxaExtendArrayToSize
boxaExtractSortedPattern
boxaGetBox
boxaGetBoxGeometry
boxaGetCount
boxaGetCoverage
boxaGetExtent
boxaGetMedian
boxaGetNearestToPt
boxaGetRankSize
boxaGetValidBox
boxaGetValidCount
boxaGetWhiteblocks
boxaInitFull
boxaInsertBox
boxaIntersectsBox
boxaJoin
boxaLocationRange
boxaMakeSizeIndicator
boxaPermutePseudorandom
boxaPermuteRandom
boxaPruneSortedOnOverlap
boxaRead
boxaReadStream
boxaRemoveBox
boxaReplaceBox
boxaRotate
boxaRotateOrth
boxaScale
boxaSelectBySize
boxaSelectWithIndicator
boxaSizeRange
boxaSort
boxaSort2d
boxaSort2dByIndex
boxaSortByIndex
boxaSwapBoxes
boxaTransform
boxaTransformOrdered
boxaTranslate
boxaWrite
boxaWriteStream
boxaaAddBox
boxaaAddBoxa
boxaaAlignBox
boxaaCopy
boxaaCreate
boxaaDestroy
boxaaDisplay
boxaaExtendArray
boxaaFlattenToBoxa
boxaaGetBoxCount
boxaaGetBoxa
boxaaGetCount
boxaaGetExtent
boxaaInsertBoxa
boxaaQuadtreeRegions
boxaaRead
boxaaReadStream
boxaaRemoveBoxa
boxaaReplaceBoxa
boxaaWrite
boxaaWriteStream
ccbCreate
ccbDestroy
ccbaAddCcb
ccbaCreate
ccbaDestroy
ccbaDisplayBorder
ccbaDisplayImage1
ccbaDisplayImage2
ccbaDisplaySPBorder
ccbaExtendArray
ccbaGenerateGlobalLocs
ccbaGenerateSPGlobalLocs
ccbaGenerateSinglePath
ccbaGenerateStepChains
ccbaGetCcb
ccbaGetCount
ccbaRead
ccbaReadStream
ccbaStepChainsToPixCoords
ccbaWrite
ccbaWriteSVG
ccbaWriteSVGString
ccbaWriteStream
composeRGBPixel
compressed_dataDestroy
concatenatePdf
concatenatePdfToData
convertByteToHexAscii
convertFilesFittedToPS
convertFilesTo1bpp
convertFilesToPS
convertFilesToPdf
convertFlateToPS
convertFlateToPSEmbed
convertFlateToPSString
convertG4ToPS
convertG4ToPSEmbed
convertG4ToPSString
convertHSVToRGB
convertImageDataToPdf
convertImageDataToPdfData
convertJpegToPS
convertJpegToPSEmbed
convertJpegToPSString
convertOnBigEnd16
convertOnBigEnd32
convertOnLittleEnd16
convertOnLittleEnd32
convertRGBToHSV
convertRGBToYUV
convertSegmentedFilesToPdf
convertSegmentedPagesToPS
convertTiffMultipageToPS
convertToPSEmbed
convertToPdf
convertToPdfData
convertToPdfDataSegmented
convertToPdfSegmented
convertYUVToRGB
create2dFloatArray
create2dIntArray
createMatrix2dRotate
createMatrix2dScale
createMatrix2dTranslate
decodeAscii85
dewarpApplyDisparity
dewarpBuildModel
dewarpCreate
dewarpDestroy
dewarpMinimize
dewarpPopulateFullRes
dewarpRead
dewarpReadStream
dewarpWrite
dewarpWriteStream
dilateGrayLow
displayHSVColorRange
distanceFunctionLow
ditherTo2bppLineLow
ditherTo2bppLow
ditherToBinaryLUTLow
ditherToBinaryLineLUTLow
ditherToBinaryLineLow
ditherToBinaryLow
dpixChangeRefcount
dpixClone
dpixConvertToFPix
dpixCopy
dpixCopyResolution
dpixCreate
dpixCreateTemplate
dpixDestroy
dpixEndianByteSwap
dpixGetData
dpixGetDimensions
dpixGetPixel
dpixGetRefcount
dpixGetResolution
dpixGetWpl
dpixRead
dpixReadStream
dpixResizeImageData
dpixScaleByInteger
dpixSetData
dpixSetDimensions
dpixSetPixel
dpixSetResolution
dpixSetWpl
dpixWrite
dpixWriteStream
encodeAscii85
erodeGrayLow
expandBinaryPower2Low
extractG4DataFromFile
extractJpegDataFromArray
extractJpegDataFromFile
extractMinMaxComponent
extractNumberFromFilename
extractRGBValues
fgetJpegResolution
fgetPngResolution
fhmtautogen
fhmtautogen1
fhmtautogen2
fhmtgen_low_1
fileAppendString
fileConcatenate
fileCopy
fileFormatIsTiff
filesAreIdentical
finalAccumulateLow
finalAccumulateThreshLow
findFileFormat
findFileFormatBuffer
findFileFormatStream
findNextBorderPixel
findTiffCompression
flipLRLow
flipTBLow
fmorphautogen
fmorphautogen1
fmorphautogen2
fmorphopgen_low_1
fmorphopgen_low_2
fnbytesInFile
fopenReadStream
fopenWriteStream
fpixAddBorder
fpixAddMirroredBorder
fpixAddMultConstant
fpixBuildHorizontalDisparity
fpixChangeRefcount
fpixClone
fpixConvertToDPix
fpixConvertToPix
fpixConvolve
fpixConvolveSep
fpixCopy
fpixCopyResolution
fpixCreate
fpixCreateTemplate
fpixDestroy
fpixDisplayMaxDynamicRange
fpixEndianByteSwap
fpixGetData
fpixGetDimensions
fpixGetMax
fpixGetMin
fpixGetPixel
fpixGetRefcount
fpixGetResolution
fpixGetWpl
fpixLinearCombination
fpixPrintStream
fpixRasterop
fpixRead
fpixReadStream
fpixRemoveBorder
fpixRenderContours
fpixResizeImageData
fpixSampledDisparity
fpixScaleByInteger
fpixSetData
fpixSetDimensions
fpixSetPixel
fpixSetResolution
fpixSetWpl
fpixWrite
fpixWriteStream
fpixaAddFPix
fpixaChangeRefcount
fpixaCopy
fpixaCreate
fpixaDestroy
fpixaDisplayQuadtree
fpixaExtendArray
fpixaExtendArrayToSize
fpixaGetCount
fpixaGetFPix
fpixaGetFPixDimensions
fpixaGetPixel
fpixaSetPixel
fprintTiffInfo
freadHeaderJpeg
freadHeaderPng
freadHeaderPnm
freadHeaderSpix
freadHeaderTiff
gaussjordan
genPathname
genRandomIntegerInRange
genTempFilename
generateBinaryMaze
generateFlatePS
generateG4PS
generateJpegPS
generatePtaBox
generatePtaBoxa
generatePtaFilledCircle
generatePtaHashBox
generatePtaLine
generatePtaLineFromPt
generatePtaPolyline
generatePtaWideLine
generatePtaaBoxa
generatePtaaHashBoxa
generateUncompressedPS
getAffineXformCoeffs
getBilinearXformCoeffs
getCompositeParameters
getCutPathForHole
getExtendedCompositeParameters
getFilenamesInDirectory
getFormatExtension
getImagelibVersions
getImpliedFileFormat
getLeptonicaVersion
getLogBase2
getMorphBorderPixelColor
getNumberedPathnamesInDirectory
getOctcubeIndexFromRGB
getProjectiveXformCoeffs
getResA4Page
getResLetterPage
getScaledParametersPS
getSortedPathnamesInDirectory
getTiffResolution
gplotAddPlot
gplotCreate
gplotDestroy
gplotGenCommandFile
gplotGenDataFiles
gplotMakeOutput
gplotRead
gplotSetScaling
gplotSimple1
gplotSimple2
gplotSimpleN
gplotWrite
ioFormatTest
jbAccumulateComposites
jbAddPage
jbAddPageComponents
jbAddPages
jbClasserCreate
jbClasserDestroy
jbClassifyCorrelation
jbClassifyRankHaus
jbCorrelation
jbCorrelationInit
jbCorrelationInitWithoutComponents
jbDataDestroy
jbDataRead
jbDataRender
jbDataSave
jbDataWrite
jbGetComponents
jbGetLLCorners
jbGetULCorners
jbRankHaus
jbRankHausInit
jbTemplatesFromComposites
jbWordsInTextlines
kernelCopy
kernelCreate
kernelCreateFromFile
kernelCreateFromPix
kernelCreateFromString
kernelDestroy
kernelDisplayInPix
kernelGetElement
kernelGetMinMax
kernelGetParameters
kernelGetSum
kernelInvert
kernelNormalize
kernelRead
kernelReadStream
kernelSetElement
kernelSetOrigin
kernelWrite
kernelWriteStream
l_binaryCopy
l_binaryRead
l_binaryReadStream
l_binaryWrite
l_byteaAppendData
l_byteaAppendString
l_byteaCopy
l_byteaCopyData
l_byteaCreate
l_byteaDestroy
l_byteaExtendArrayToSize
l_byteaFindEachSequence
l_byteaGetData
l_byteaGetSize
l_byteaInitFromFile
l_byteaInitFromMem
l_byteaInitFromStream
l_byteaJoin
l_byteaSplit
l_byteaWrite
l_byteaWriteStream
l_chooseDisplayProg
l_clearDataBit
l_clearDataDibit
l_clearDataQbit
l_error
l_errorFloat
l_errorInt
l_errorString
l_generateFlateData
l_generateG4Data
l_generateJpegData
l_getCurrentTime
l_getDataBit
l_getDataByte
l_getDataDibit
l_getDataFourBytes
l_getDataQbit
l_getDataTwoBytes
l_getFormattedDate
l_info
l_infoFloat
l_infoFloat2
l_infoInt
l_infoInt2
l_infoString
l_jpegSetNoChromaSampling
l_pdfSetDateAndVersion
l_pdfSetG4ImageMask
l_pngSetStrip16To8

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/tesseract/tesseract.exe
.exe windows:6 windows x86 arch:x86

279159be65dcd67a7bdfa666ea3aea54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
WSAStartup
gethostbyname
socket
send
select
recv
htons
closesocket

kernel32

IsDebuggerPresent
WriteConsoleW
HeapSize
GetCurrentDirectoryW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
FindClose
FindFirstFileA
FindNextFileA
MultiByteToWideChar
WideCharToMultiByte
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetModuleFileNameA
ReleaseSemaphore
Sleep
CreateThread
CreateProcessA
CreateSemaphoreA
GetStartupInfoA
GetCurrentProcess
GetSystemTimeAsFileTime
DeleteFileA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
GetLastError
CreateFileA
CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
ExitProcess
IsValidCodePage
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
GetCurrentThread
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetThreadTimes
FreeLibrary
LoadLibraryExW
RtlUnwind
RaiseException
GetModuleHandleExW
GetFileType
GetFullPathNameA
HeapAlloc
HeapFree
HeapReAlloc
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
GetDriveTypeW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
SetEndOfFile
GetFileAttributesExW
GetProcessHeap
FindFirstFileExA

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 833KB - Virtual size: 832KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Demo.pmc
Lang/ar.lang
Lang/bg.lang
Lang/ca.lang
Lang/cs.lang
Lang/cy.lang
Lang/da.lang
Lang/de.lang
Lang/el.lang
Lang/en.lang
Lang/es.lang
Lang/et.lang
Lang/eu.lang
Lang/fa.lang
Lang/fi.lang
Lang/fr.lang
Lang/gl.lang
Lang/he.lang
Lang/hi.lang
Lang/hr.lang
Lang/hu.lang
Lang/hy.lang
Lang/id.lang
Lang/is.lang
Lang/it.lang
Lang/ja.lang
Lang/ka.lang
Lang/kn.lang
Lang/ko.lang
Lang/lb.lang
Lang/lo.lang
Lang/lt.lang
Lang/lv.lang
.js
Lang/mk.lang
Lang/ms.lang
Lang/ne.lang
Lang/nl.lang
Lang/no.lang
Lang/pl.lang
Lang/pt.lang
Lang/ro.lang
Lang/ru.lang
Lang/sk.lang
Lang/sl.lang
Lang/sq.lang
Lang/sr.lang
Lang/sv.lang
Lang/th.lang
Lang/tr.lang
Lang/uk.lang
Lang/ur.lang
Lang/vi.lang
Lang/xh.lang
Lang/zh_CN.lang
Lang/zh_TW.lang
Lang/zu.lang
MacroCreator.exe
.exe windows:5 windows x64 arch:x64

2004a5f6f543f8c26e144c1ceb66f943

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:75:ed:6f:ef:5e:c6:ed:dd:86:22:16:46:9a:8a:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

26/08/2021, 00:00

Not After

26/08/2022, 23:59

Subject

CN=Cloversoft Serviços de Informática Ltda,O=Cloversoft Serviços de Informática Ltda,ST=São Paulo,C=BR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:d5:76:74:4a:32:fe:49:b5:57:c6:6c:cb:e9:24:77:f7:72:23:d7
Signer

Actual PE Digest

19:d5:76:74:4a:32:fe:49:b5:57:c6:6c:cb:e9:24:77:f7:72:23:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

gethostbyname
inet_addr
WSACleanup
gethostname
WSAStartup

winmm

mixerGetLineInfoW
mixerGetDevCapsW
mixerOpen
mciSendStringW
joyGetPosEx
mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails
waveOutGetVolume
mixerClose
waveOutSetVolume
joyGetDevCapsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_Create
CreateStatusWindowW
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_Destroy
ImageList_AddMasked

psapi

GetProcessImageFileNameW
GetModuleBaseNameW
GetModuleFileNameExW

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFileExA
InternetReadFile

kernel32

GetModuleFileNameW
GetSystemTimeAsFileTime
FindResourceW
SizeofResource
LoadResource
LockResource
GetFullPathNameW
GetShortPathNameW
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceExW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceW
GetCurrentDirectoryW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
DeleteCriticalSection
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetSystemWindowsDirectoryW
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
HeapReAlloc
EncodePointer
HeapFree
DecodePointer
ExitProcess
HeapAlloc
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCPInfo
GetVersionExW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
CreateMutexW
CloseHandle
GetExitCodeThread
SetThreadPriority
CreateThread
GetStringTypeExW
lstrcmpiW
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
SetErrorMode
InitializeCriticalSection
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
InitializeCriticalSectionAndSpinCount
HeapSize
HeapQueryInformation
GetCommandLineW
GetStartupInfoW
RtlUnwindEx
SetHandleCount
GetStringTypeW
RaiseException
RtlPcToFileHeader
LCMapStringW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetOEMCP
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetFileSizeEx
GetProcessHeap

user32

MessageBeep
ClientToScreen
GetCursorInfo
GetLastInputInfo
GetSystemMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
GetPropW
SetPropW
RemovePropW
MapWindowPoints
RedrawWindow
SetWindowLongPtrW
SetParent
GetClassInfoExW
DefDlgProcW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongPtrW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
GetWindowLongPtrW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
GetDesktopWindow
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
MessageBoxW
GetTopWindow
GetQueueStatus
SetDlgItemTextW
LoadAcceleratorsW
EnableMenuItem
GetMenu
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
IsCharAlphaW
IsZoomed
VkKeyScanExW
MapVirtualKeyExW
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
GetDlgItem
SendDlgItemMessageW
DialogBoxParamW
SetForegroundWindow
DefWindowProcW
FillRect
DrawIconEx
GetSysColorBrush
GetSysColor
RegisterWindowMessageW
GetMonitorInfoW
EnumDisplayMonitors
SetClipboardViewer
IsIconic
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
EnumWindows
GetWindowTextLengthW
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
SetActiveWindow
EnumChildWindows
MoveWindow
GetWindowRect
GetClientRect
SystemParametersInfoW
AdjustWindowRectEx
DrawTextW
SetRect
GetIconInfo
SetWindowTextW
IsWindowVisible
BlockInput
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
CheckMenuItem
LoadImageW
MapVirtualKeyW
ChangeClipboardChain
DestroyWindow

gdi32

GetPixel
GetClipRgn
GetCharABCWidthsW
SetBkMode
CreatePatternBrush
SetBrushOrgEx
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
SetBkColor
ExcludeClipRect
SetTextColor
GetClipBox
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
CreateSolidBrush
CreateFontW
FillRgn
GetDeviceCaps
DeleteObject

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegConnectRegistryW
RegDeleteValueW

shell32

DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayGetLBound
GetActiveObject
SysStringLen
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString

Sections

.text
Size: 883KB - Virtual size: 882KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 883KB - Virtual size: 882KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MacroCreator.ini
MacroCreator_Help.chm
.chm
Resources.dll
.dll windows:5 windows x86 arch:x86

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:75:ed:6f:ef:5e:c6:ed:dd:86:22:16:46:9a:8a:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

26/08/2021, 00:00

Not After

26/08/2022, 23:59

Subject

CN=Cloversoft Serviços de Informática Ltda,O=Cloversoft Serviços de Informática Ltda,ST=São Paulo,C=BR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:6b:e9:8c:e3:81:32:7e:51:b2:c8:2f:18:c7:e1:24:e6:ca:70:3b
Signer

Actual PE Digest

08:6b:e9:8c:e3:81:32:7e:51:b2:c8:2f:18:c7:e1:24:e6:ca:70:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SciLexer.dll
.dll windows:5 windows x64 arch:x64

4403127e61dce3c65aec4cb314f17ea0

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:75:ed:6f:ef:5e:c6:ed:dd:86:22:16:46:9a:8a:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

26/08/2021, 00:00

Not After

26/08/2022, 23:59

Subject

CN=Cloversoft Serviços de Informática Ltda,O=Cloversoft Serviços de Informática Ltda,ST=São Paulo,C=BR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c0:ea:dc:03:c3:b4:e6:a9:08:df:55:b4:7a:c5:3f:3f:b7:66:e3:94
Signer

Actual PE Digest

c0:ea:dc:03:c3:b4:e6:a9:08:df:55:b4:7a:c5:3f:3f:b7:66:e3:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

imm32

ImmSetCompositionWindow
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmNotifyIME
ImmSetCompositionFontA

kernel32

OutputDebugStringW
HeapReAlloc
GetStringTypeW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
GetModuleFileNameA
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
GetFileType
GetProcessHeap
IsDebuggerPresent
RaiseException
RtlPcToFileHeader
HeapAlloc
GetModuleFileNameW
WriteFile
GetStdHandle
HeapFree
RtlUnwindEx
Sleep
HeapSize
GetModuleHandleExW
ExitProcess
SetLastError
GetLastError
GetOEMCP
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
DecodePointer
EncodePointer
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
ReadFile
ReadConsoleW
FlushFileBuffers
CreateFileW
LCMapStringW
GlobalFree
CloseHandle
IsValidCodePage
GlobalUnlock
WideCharToMultiByte
GlobalAlloc
GetTickCount
GetModuleHandleW
GlobalLock
GlobalSize
GetCPInfo
GetLocaleInfoA
DeleteCriticalSection
LoadLibraryA
EnterCriticalSection
GetProcAddress
IsDBCSLeadByteEx
MultiByteToWideChar
GetACP
MulDiv
LeaveCriticalSection
GetVersionExW
LoadLibraryW
InitializeCriticalSection
QueryPerformanceCounter
LoadLibraryExW
FreeLibrary
GetCurrentProcessId

user32

CloseClipboard
SetTimer
HideCaret
ScreenToClient
IsChild
PostMessageW
KillTimer
MsgWaitForMultipleObjects
IsClipboardFormatAvailable
SetFocus
ShowCaret
GetKeyboardLayout
DefWindowProcW
CallWindowProcW
DestroyMenu
MapWindowPoints
SendMessageW
GetScrollInfo
GetClipboardData
SystemParametersInfoW
EmptyClipboard
IsWindowUnicode
DestroyCaret
AppendMenuA
CreateCaret
OpenClipboard
SetCaretPos
RegisterClipboardFormatW
SetClipboardData
GetDlgCtrlID
GetCaretBlinkTime
SetScrollInfo
GetMessageTime
EndPaint
ClientToScreen
DestroyWindow
SetCursor
GetWindowRect
TrackPopupMenu
FillRect
SetCapture
UnregisterClassW
DrawTextW
DrawTextA
GetKeyState
GetParent
LoadCursorW
GetWindowLongPtrW
GetClientRect
BeginPaint
GetDoubleClickTime
CreateIconIndirect
GetIconInfo
GetDC
DrawFocusRect
InflateRect
RegisterClassExW
InvalidateRect
GetWindowLongW
ReleaseDC
SetWindowLongW
DestroyCursor
GetSysColor
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
FrameRect
CreateWindowExW
AdjustWindowRectEx
SystemParametersInfoA
ReleaseCapture
GetSystemMetrics
SetWindowLongPtrW
GetUpdateRgn

gdi32

Polygon
TranslateCharsetInfo
CreateBitmap
CombineRgn
CreateRectRgn
MoveToEx
BitBlt
CreateDIBSection
CreateFontIndirectW
GetDeviceCaps
StretchBlt
CreateFontIndirectA
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
ExtTextOutW
Ellipse
GetObjectW
GetTextExtentExPointW
GetTextExtentExPointA
GetNearestColor
CreatePatternBrush
CreatePen
RoundRect
SetTextAlign
IntersectClipRect
GetStockObject
ExtTextOutA
CreateSolidBrush
DeleteDC
SetTextColor
LineTo
GetTextExtentPoint32A
GetTextMetricsW
GetTextExtentPoint32W

ole32

DoDragDrop
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop

Exports

Exports

Scintilla_DirectFunction

Sections

.text
Size: 969KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f13ac442dbf5c1dbecf7059eb11d4110

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

liblept168

msvcr90

kernel32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 908B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 512B - Virtual size: 456B

5d49e1581de254332214840b9ede873b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcr90

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 252KB - Virtual size: 251KB

.data Size: 22KB - Virtual size: 24KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 24KB

279159be65dcd67a7bdfa666ea3aea54

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 833KB - Virtual size: 832KB

.data Size: 39KB - Virtual size: 1.6MB

_RDATA Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 95KB - Virtual size: 94KB

2004a5f6f543f8c26e144c1ceb66f943

Code Sign

01Certificate

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

c0:75:ed:6f:ef:5e:c6:ed:dd:86:22:16:46:9a:8a:29Certificate

Extended Key Usages

Key Usages

19:d5:76:74:4a:32:fe:49:b5:57:c6:6c:cb:e9:24:77:f7:72:23:d7Signer

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

wininet

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 908B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 512B - Virtual size: 456B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 252KB - Virtual size: 251KB

.data
Size: 22KB - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 24KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 833KB - Virtual size: 832KB

.data
Size: 39KB - Virtual size: 1.6MB

_RDATA
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 95KB - Virtual size: 94KB

01
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

c0:75:ed:6f:ef:5e:c6:ed:dd:86:22:16:46:9a:8a:29
Certificate

19:d5:76:74:4a:32:fe:49:b5:57:c6:6c:cb:e9:24:77:f7:72:23:d7
Signer

.text
Size: 883KB - Virtual size: 882KB

.rdata
Size: 196KB - Virtual size: 195KB

.data
Size: 20KB - Virtual size: 48KB

.pdata
Size: 30KB - Virtual size: 30KB

text
Size: 9KB - Virtual size: 9KB

data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 883KB - Virtual size: 882KB

01
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

c0:75:ed:6f:ef:5e:c6:ed:dd:86:22:16:46:9a:8a:29
Certificate

08:6b:e9:8c:e3:81:32:7e:51:b2:c8:2f:18:c7:e1:24:e6:ca:70:3b
Signer

.rsrc
Size: 448KB - Virtual size: 447KB

.reloc
Size: 512B - Virtual size: 8B

01
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

c0:75:ed:6f:ef:5e:c6:ed:dd:86:22:16:46:9a:8a:29
Certificate

c0:ea:dc:03:c3:b4:e6:a9:08:df:55:b4:7a:c5:3f:3f:b7:66:e3:94
Signer