ebcebae95196909233387d4dfd115dd4cbe69513bbd3724a8a1db04a9f36adb9

Sharing

Copy URL Twitter E-mail

General

Target

ebcebae95196909233387d4dfd115dd4cbe69513bbd3724a8a1db04a9f36adb9
Size

14.5MB
MD5

adb52362873e37165d6ffc23f8ea1741
SHA1

42df69a7129bc8cbbcdb7698e326574785ae9fae
SHA256

ebcebae95196909233387d4dfd115dd4cbe69513bbd3724a8a1db04a9f36adb9
SHA512

1d42ffc3ee5328f0c3e0b3c778850615947406ea09ac7ed2d336720f4e7e6d246cfd3177189263e58cbec9fffea68d111f0175e2bfb5e862f13274fe8c3b4c24
SSDEEP

393216:k+9tZ5bT9gs3B0Bdz1xSt92ZsqiXRHAjt:k+rB0vxxo2ZpiXS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/激活工具/IDM_6.4x_Crack_v19.7.exe

Files

ebcebae95196909233387d4dfd115dd4cbe69513bbd3724a8a1db04a9f36adb9
.zip
idman642build11.exe
.exe windows:4 windows x86 arch:x86

537bdcfbc92564b518f9e6a7cca8f970

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:b4:f1:90:dd:df:d8:4c:e2:fd:14:62:f5:f3:36:a1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/10/2022, 00:00

Not After

25/10/2025, 23:59

Subject

SERIALNUMBER=4038361,CN=Tonec Inc.,O=Tonec Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:36:54:fc:45:7f:dd:30:a3:6e:5a:57:10:0b:48:7e:b7:b9:30:b9:5b:46:29:68:c4:76:98:ed:13:29:63:29
Signer

Actual PE Digest

9a:36:54:fc:45:7f:dd:30:a3:6e:5a:57:10:0b:48:7e:b7:b9:30:b9:5b:46:29:68:c4:76:98:ed:13:29:63:29

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_wsplitpath
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
free
calloc
memcpy
_except_handler3
memchr
memcmp
_itoa
strlen
??2@YAPAXI@Z
??3@YAXPAX@Z
wcsstr
strstr
wcschr
wcslen
wcscat
memset
wcsncpy
__CxxFrameHandler
wcscpy

kernel32

GetStartupInfoA
GetFileSize
CreateFileMappingA
GetFileTime
SetFileTime
MapViewOfFile
ExitThread
UnmapViewOfFile
FormatMessageA
CreateFileW
SetFilePointer
WriteFile
lstrlenA
LocalFree
GetCurrentProcess
WaitForSingleObject
GetExitCodeThread
GetModuleFileNameW
CreateProcessW
CloseHandle
CreateMutexA
ExitProcess
GetVersionExA
GetTempPathW
GetFileAttributesW
CreateDirectoryW
CreateThread
LoadLibraryA
FreeLibrary
GetDiskFreeSpaceW
GetProcAddress
GetModuleHandleA
GetLastError

user32

SetForegroundWindow
ShowWindow
FindWindowA
wsprintfA
DestroyWindow
MessageBoxA
SetWindowTextA
SendMessageA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfW
PostQuitMessage
CreateDialogParamA

advapi32

RegDeleteValueW
RegQueryValueExW
RegOpenKeyExA
RegCloseKey

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
卸载工具/geek.exe
.exe windows:6 windows x86 arch:x86

5f9dc9a8e05da850629092e4e2c5d8cf

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:0f:fa:00:a5:0c:fa:4e:38:9f:6b:7f:4d:93:2d:4f
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10/04/2023, 00:00

Not After

09/07/2026, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,ST=West-Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:0f:fa:00:a5:0c:fa:4e:38:9f:6b:7f:4d:93:2d:4f
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10/04/2023, 00:00

Not After

09/07/2026, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,ST=West-Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:8a:a5:af:c8:63:43:cf:af:07:df:1f:31:b5:79:77:2e:03:4e:bc:38:a5:a6:40:07:ec:03:52:03:8d:59:c9
Signer

Actual PE Digest

e2:8a:a5:af:c8:63:43:cf:af:07:df:1f:31:b5:79:77:2e:03:4e:bc:38:a5:a6:40:07:ec:03:52:03:8d:59:c9

Digest Algorithm

sha256

PE Digest Matches

true

6c:0e:da:bf:d3:94:0f:bb:cd:fb:65:da:29:98:82:67:6c:ed:4c:2f
Signer

Actual PE Digest

6c:0e:da:bf:d3:94:0f:bb:cd:fb:65:da:29:98:82:67:6c:ed:4c:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Projects\uninstall-tool\Ready\geek.pdb

Imports

kernel32

FlushFileBuffers
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalGetAtomNameW
GetFileSizeEx
GlobalFlags
GetSystemDefaultUILanguage
SetErrorMode
GetUserDefaultLCID
IsProcessorFeaturePresent
UnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetDriveTypeW
ReadConsoleW
GetConsoleOutputCP
SetFilePointerEx
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
GetPrivateProfileIntW
HeapQueryInformation
VirtualQuery
GetSystemInfo
GetCommandLineA
GetFileType
SetStdHandle
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetCPInfo
CompareStringEx
LCMapStringEx
GetStringTypeW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
SuspendThread
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
GetACP
OpenEventW
OpenMutexW
CreateMutexW
GlobalFree
lstrlenA
ExitProcess
CompareStringW
EnumResourceLanguagesW
EnumResourceTypesW
EnumResourceNamesW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpA
ResumeThread
SetThreadPriority
CreateThread
CreateDirectoryW
GetTimeFormatW
GetDateFormatW
GetModuleHandleA
LocalUnlock
LocalLock
GetVersionExW
VirtualFree
VirtualAlloc
ExpandEnvironmentStringsW
SetFilePointer
GlobalLock
GlobalUnlock
GlobalAlloc
lstrcatW
lstrcpyW
GetNativeSystemInfo
GetVersion
SetUnhandledExceptionFilter
K32GetModuleFileNameExW
GetThreadLocale
K32EnumProcessModules
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
FormatMessageW
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
GetCurrentThread
GetExitCodeProcess
GetProcessTimes
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
OutputDebugStringW
DebugBreak
IsDebuggerPresent
FileTimeToLocalFileTime
CompareFileTime
GetTempFileNameW
GetFullPathNameW
FindNextFileW
FindFirstFileW
FindClose
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
GetConsoleMode
GetStdHandle
GetDynamicTimeZoneInformation
GetFileAttributesW
WriteConsoleW
GetWindowsDirectoryW
SetFileAttributesW
RemoveDirectoryW
IsBadWritePtr
IsBadReadPtr
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
MoveFileExW
SystemTimeToFileTime
GetSystemTime
CreateProcessW
GetComputerNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileAttributesExW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetLongPathNameW
GetExitCodeThread
GetTickCount
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
lstrcmpW
SearchPathW
ReadFile
GetFileSize
GetCommandLineW
GetLocalTime
Sleep
GetCurrentDirectoryW
lstrcpynW
LoadLibraryExW
VirtualProtect
LoadLibraryA
FreeLibrary
lstrlenW
OpenProcess
TerminateProcess
GetLastError
MulDiv
GetLocaleInfoW
VerifyVersionInfoW
VerSetConditionMask
LocalFree
LocalAlloc
GetProcAddress
GetTickCount64
WideCharToMultiByte
GetCurrentThreadId
DeleteCriticalSection
CreateFileW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetUserDefaultUILanguage
GetModuleHandleW
GetCurrentProcess
GetTempPathW
WriteFile
DeleteFileW
MultiByteToWideChar
GetCurrentProcessId
FindResourceW
SizeofResource
LockResource
LoadResource
TerminateThread
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
SetLastError
CloseHandle
LCMapStringW

user32

CopyAcceleratorTableW
LoadAcceleratorsW
IsWindowEnabled
MapVirtualKeyExW
GetKeyNameTextW
GetKeyboardState
IsCharLowerW
CharUpperW
IsIconic
GetKeyboardLayout
GetKeyboardLayoutList
ToUnicodeEx
GetMenuItemCount
GetMenuItemInfoW
GetMenuItemID
SetParent
GetTopWindow
UpdateWindow
LoadMenuW
MapVirtualKeyW
wsprintfW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
CreateIconIndirect
CreateIconFromResourceEx
LoadBitmapW
DrawStateW
RegisterClipboardFormatW
GetNextDlgTabItem
GetSysColorBrush
AdjustWindowRectEx
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetDesktopWindow
InvertRect
LockWindowUpdate
GetDCEx
TabbedTextOutW
GrayStringW
DrawTextExW
GetSubMenu
ReleaseCapture
SetCapture
GetCapture
CheckMenuItem
SetMenuItemBitmaps
EnableWindow
GetWindowTextW
EnumWindows
WinHelpW
IsDialogMessageW
GetWindow
GetLastActivePopup
MessageBeep
RedrawWindow
IsZoomed
EnableMenuItem
GetSystemMenu
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
CreateDialogIndirectParamW
MoveWindow
DestroyWindow
PostQuitMessage
WaitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
LoadStringW
EnumDisplaySettingsW
FindWindowExW
FindWindowW
MessageBoxW
WaitForInputIdle
GetMenuCheckMarkDimensions
EmptyClipboard
SetClipboardData
CloseClipboard
GetDoubleClickTime
GetMenu
SetMenu
GetMenuState
GetClassLongW
SetCursorPos
CallWindowProcW
IsWindowUnicode
GetWindowLongA
SetWindowLongA
GetTabbedTextExtentA
MapDialogRect
GetWindowPlacement
SetWindowPlacement
TranslateAcceleratorW
DrawFocusRect
OpenClipboard
BringWindowToTop
ShowWindow
CreateWindowExW
DefWindowProcW
GetMessageW
CharLowerBuffW
CharLowerBuffA
FillRect
InsertMenuW
SetWindowTextW
GetDlgItem
CharLowerW
IsClipboardFormatAvailable
MapWindowPoints
IsMenu
IsChild
GetDlgCtrlID
GetWindowRgn
HideCaret
ShowCaret
SetActiveWindow
SetWindowRgn
UnionRect
GetMenuStringW
LookupIconIdFromDirectoryEx
GetCursor
WindowFromPoint
DrawIcon
DrawEdge
SendMessageW
GetSysColor
GetParent
EnumChildWindows
GetFocus
GetSystemMetrics
DrawTextW
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRgn
GetWindowTextLengthW
GetClientRect
GetWindowRect
GetCursorPos
FrameRect
InflateRect
IntersectRect
PtInRect
GetWindowLongW
GetClassNameW
RegisterWindowMessageW
PostMessageW
IsWindow
GetKeyState
InvalidateRect
SetCursor
ScreenToClient
SetRect
UnpackDDElParam
OffsetRect
LoadCursorW
DestroyIcon
LoadImageW
DrawIconEx
GetIconInfo
LoadIconW
SetWindowPos
SetWindowLongW
SendMessageTimeoutW
GetWindowThreadProcessId
DrawFrameControl
GetMessagePos
CreatePopupMenu
AppendMenuW
CopyRect
SetClassLongW
SystemParametersInfoW
GetForegroundWindow
SetRectEmpty
IsRectEmpty
EqualRect
GetActiveWindow
UnregisterClassW
IsWindowVisible
TrackPopupMenu
GetMenuDefaultItem
SetForegroundWindow
SetTimer
KillTimer
ClientToScreen
CopyIcon
SetMenuItemInfoW
GetMessageTime
RegisterClassW
GetClassInfoW
SendDlgItemMessageA
GetClassInfoExW
ValidateRect
GetScrollPos
SetScrollRange
SetPropW
GetPropW
RemovePropW
MonitorFromWindow
GetMonitorInfoW
EndDialog
ShowOwnedPopups
GetWindowDC
CharNextW
DestroyMenu
SetWindowContextHelpId
DrawMenuBar
DefFrameProcW
TranslateMDISysAccel
InsertMenuItemW
PostThreadMessageW
GetNextDlgGroupItem
RealChildWindowFromPoint
DeleteMenu
ReuseDDElParam
SetFocus

gdi32

GetCharWidthW
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetTextAlign
GetTextExtentPoint32A
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
ExtSelectClipRgn
BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
MoveToEx
PolyBezierTo
OffsetViewportOrgEx
GetRgnBox
GetBkColor
RestoreDC
RealizePalette
SaveDC
SetDIBitsToDevice
ExcludeClipRect
SelectClipRgn
Ellipse
SetMapMode
SetTextAlign
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
SetRectRgn
DPtoLP
StretchDIBits
CreatePatternBrush
CombineRgn
Polyline
CreateFontW
GetViewportOrgEx
GetBitmapBits
ExtCreateRegion
PtInRegion
CreateRectRgn
GetTextMetricsW
GetCurrentObject
CreateDIBSection
SetStretchBltMode
StretchBlt
GetDIBits
CreateBitmap
Polygon
TextOutW
SetPixel
RectVisible
PtVisible
Escape
EnumFontFamiliesExW
CreateRectRgnIndirect
BitBlt
DeleteDC
CreateDCW
GetTextColor
RoundRect
Rectangle
GetTextExtentPoint32W
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
DeleteObject
CreatePen
ExtTextOutW
SetTextColor
SetBkMode
SetBkColor
SelectObject
PatBlt
GetStockObject
GetDeviceCaps
GetPixel
CreateSolidBrush

msimg32

GradientFill

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumValueW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryInfoKeyW
RegDeleteKeyW
GetTokenInformation
IsValidSid
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegEnumKeyExW
ConvertSidToStringSidW

shell32

DragFinish
DragQueryFileW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHFileOperationW
CommandLineToArgvW
SHGetFileInfoW
ExtractIconExW
ShellExecuteW

comctl32

ImageList_Draw
ImageList_GetIconSize
ord410
ord412
ord413
ord381
ImageList_AddMasked
_TrackMouseEvent
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIcon
ImageList_Destroy
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetImageInfo

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
ord487
PathStripPathW
PathMatchSpecW
PathRemoveFileSpecW
PathAddBackslashW
StrFormatByteSizeW
PathIsDirectoryW
PathParseIconLocationW
PathFileExistsW
PathUnquoteSpacesW
PathRemoveArgsW
UrlUnescapeW

uxtheme

GetThemeColor
GetThemeInt
SetWindowTheme
BeginBufferedPaint
EndBufferedPaint
BufferedPaintSetAlpha
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeBackgroundContentRect

ole32

CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
CoGetClassObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoTaskMemAlloc
PropVariantClear
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysFreeString
SysAllocStringLen
SysAllocString
OleLoadPicturePath
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeTypeEx
VarDateFromStr
VarBstrFromDate
VarUdateFromDate
VariantClear
SysStringLen
SafeArrayGetDim
SafeArrayGetElemsize
LoadTypeLi
VariantCopy
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect

oledlg

OleUIBusyW
OleUIAddVerbMenuW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdiplus

GdiplusShutdown
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipImageRotateFlip
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdiplusStartup
GdipCloneImage
GdipDrawRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipAddPathArcI
GdipClosePathFigure
GdipStartPathFigure
GdipResetPath
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipDrawPath

winmm

PlaySoundW

oleacc

LresultFromObject
CreateStdAccessibleObject

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装教程.txt
激活工具/IDM_6.4x_Crack_v19.7.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.dosx
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fish
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

537bdcfbc92564b518f9e6a7cca8f970

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:b4:f1:90:dd:df:d8:4c:e2:fd:14:62:f5:f3:36:a1Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9a:36:54:fc:45:7f:dd:30:a3:6e:5a:57:10:0b:48:7e:b7:b9:30:b9:5b:46:29:68:c4:76:98:ed:13:29:63:29Signer

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

Sections

.text Size: 15KB - Virtual size: 15KB

.data Size: 7KB - Virtual size: 7KB

.rsrc Size: 18KB - Virtual size: 17KB

5f9dc9a8e05da850629092e4e2c5d8cf

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

df:0f:fa:00:a5:0c:fa:4e:38:9f:6b:7f:4d:93:2d:4fCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

df:0f:fa:00:a5:0c:fa:4e:38:9f:6b:7f:4d:93:2d:4fCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e2:8a:a5:af:c8:63:43:cf:af:07:df:1f:31:b5:79:77:2e:03:4e:bc:38:a5:a6:40:07:ec:03:52:03:8d:59:c9Signer

6c:0e:da:bf:d3:94:0f:bb:cd:fb:65:da:29:98:82:67:6c:ed:4c:2fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:b4:f1:90:dd:df:d8:4c:e2:fd:14:62:f5:f3:36:a1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9a:36:54:fc:45:7f:dd:30:a3:6e:5a:57:10:0b:48:7e:b7:b9:30:b9:5b:46:29:68:c4:76:98:ed:13:29:63:29
Signer

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 18KB - Virtual size: 17KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

df:0f:fa:00:a5:0c:fa:4e:38:9f:6b:7f:4d:93:2d:4f
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

df:0f:fa:00:a5:0c:fa:4e:38:9f:6b:7f:4d:93:2d:4f
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e2:8a:a5:af:c8:63:43:cf:af:07:df:1f:31:b5:79:77:2e:03:4e:bc:38:a5:a6:40:07:ec:03:52:03:8d:59:c9
Signer

6c:0e:da:bf:d3:94:0f:bb:cd:fb:65:da:29:98:82:67:6c:ed:4c:2f
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 456KB - Virtual size: 456KB

.data
Size: 45KB - Virtual size: 64KB

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

.dosx
Size: - Virtual size: 180KB

.fish
Size: 54KB - Virtual size: 56KB

.rsrc
Size: 4KB - Virtual size: 4KB