Sanpellegrino MediaKit[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Sanpellegrino MediaKit.rar
Size

372.5MB
MD5

04ca9dbd584040bc1ee92f2c860c9567
SHA1

a3b59bd94ff5ea42845c412bf3e4aa36d785fae0
SHA256

6489c5b11aa7721e92798832815b49e63908536c3ea1324ba92a0ab2bcdc2f72
SHA512

f5fe97b289018f045c55502b0bcf4cf5fd0bc5862f462cb6b7103f0d55e6fa9e7fa7b09842dcbc29a16a975048b5fa0dac0f938d5a23a0dc2927ba69ba6f43cc
SSDEEP

6291456:oqL6o7/qLr0TWibEBVQYcRf4ZsX2JXr2l3zedx5uD7Tu6X9:oqmo7yLryzbmVQYQAZOxW5uDfu6X9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Sanpellegrino MediaKit/msimg32.dll

Files

Sanpellegrino MediaKit.rar
.rar

Password: pellegrino
Sanpellegrino MediaKit/S.Pellegrino advertising contract and payment terms for partners on YouTube URL version.exe
.exe windows:5 windows x86 arch:x86

Password: pellegrino

e456fbce099e309bfeaff191fcf3b1ee

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:e1:85:c2:92:81:e4:14:ea:62:0e:1d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

13/11/2017, 16:48

Not After

13/02/2021, 16:48

Subject

CN=Haihaisoft Limited,O=Haihaisoft Limited,L=Hong Kong,ST=Hong Kong,C=HK,1.2.840.113549.1.9.1=#0c156a6f7365706840686169686169736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

40:cb:42:89:5c:3e:74:94:26:97:ad:2f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2017, 10:00

Not After

24/02/2028, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 001-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7
Signer

Actual PE Digest

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

m:\sumatrapdf\hpreader-windows-standard\hpreader\Release\hpreader.pdb

Imports

wininet

HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
FtpCommandA
FtpFindFirstFileA
HttpEndRequestW
InternetWriteFile
HttpSendRequestExA
InternetQueryOptionW
HttpSendRequestA
InternetGetCookieA
InternetGetLastResponseInfoW
InternetConnectA
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetSetOptionW
InternetOpenA
InternetCreateUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetReadFile
InternetOpenUrlW
HttpOpenRequestA
InternetOpenW

gdiplus

GdipGetImageWidth
GdipInvertMatrix
GdipCloneImage
GdipDeleteMatrix
GdipSaveImageToFile
GdipTransformMatrixPoints
GdipCreateHBITMAPFromBitmap
GdipGetImageEncoders
GdipRotateMatrix
GdipDisposeImage
GdipGetImageEncodersSize
GdipTranslateMatrix
GdipDrawImageI
GdipGetImageVerticalResolution
GdipSetWorldTransform
GdipSetClipRectI
GdipCreateMatrix
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipScaleMatrix
GdipCloneBitmapAreaI
GdipGetImageHorizontalResolution
GdipCreateBitmapFromStreamICM
GdipFillEllipseI
GdipCreatePen1
GdipDrawLineI
GdipFillRectangleI
GdipSetCompositingQuality
GdipCreateFromHDC
GdipSetPageUnit
GdipAlloc
GdipCreateSolidFill
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCloneBrush
GdipDeletePen
GdipFree
GdiplusShutdown
GdipDeleteBrush
GdipSetPenDashOffset
GdipSetPenLineJoin
GdipSetPixelOffsetMode
GdipCreatePath
GdipCloneFontFamily
GdipRestoreGraphics
GdipBitmapLockBits
GdipStringFormatGetGenericTypographic
GdipSetInterpolationMode
GdipGetCellAscent
GdipFillPath
GdipCreateFontFamilyFromName
GdipCreateRegion
GdipDeletePrivateFontCollection
GdipFillRectangle
GdipTranslateWorldTransform
GdipSetCompositingMode
GdipGetWorldTransform
GdipNewPrivateFontCollection
GdipDrawString
GdipCreateImageAttributes
GdipGetGenericFontFamilySansSerif
GdipClonePath
GdipDeleteRegion
GdipTransformPath
GdipGetClipBoundsI
GdipDeletePath
GdipCreateRegionPath
GdipCreateFont
GdipCreateMatrix2
GdipSaveGraphics
GdiplusStartup
GdipDisposeImageAttributes
GdipBitmapUnlockBits
GdipIsStyleAvailable
GdipSetClipRegion
GdipGetFontCollectionFamilyList
GdipCreatePath2
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipGetEmHeight
GdipAddPathPath
GdipFillPolygon
GdipPrivateAddFontFile
GdipGetFamilyName
GdipDrawImagePointsRect
GdipSetTextRenderingHint
GdipSetPageScale
GdipDrawPath
GdipGetClip
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipGetDpiY
GdipSetPenDashArray
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipGetFontCollectionFamilyCount
GdipGetMatrixElements
GdipTransformRegion
GdipCreateRegionRectI
GdipGetRegionBounds
GdipSetPenLineCap197819
GdipWidenPath
GdipCreatePen2
GdipDeleteFontFamily
GdipSetPenMiterLimit

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

WaitForMultipleObjects
QueryPerformanceCounter
SetThreadExecutionState
QueryPerformanceFrequency
GetSystemTime
GetTickCount
CreateFileA
GetFileSize
SetFilePointer
ReadFile
LocalFree
FormatMessageW
SetLastError
GetVersionExA
GetModuleHandleW
lstrcmpW
LoadLibraryA
CompareStringW
GlobalFindAtomW
FreeResource
GetModuleFileNameW
MoveFileW
GetThreadLocale
WriteFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
FileTimeToLocalFileTime
GetFileAttributesExW
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesW
GetFileSizeEx
GetFileTime
InterlockedExchange
CompareStringA
LoadLibraryExW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
WritePrivateProfileStringW
ResetEvent
GlobalGetAtomNameW
RaiseException
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrlenA
GlobalFlags
SetErrorMode
GetSystemDirectoryW
GetStartupInfoW
HeapAlloc
HeapFree
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetDriveTypeW
HeapReAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetFileAttributesA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTimeZoneInformation
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateProcessA
GetProcessHeap
FreeEnvironmentStringsA
GetEnvironmentStrings
SetEnvironmentVariableA
GetDriveTypeA
GetFullPathNameA
GetLongPathNameW
AllocConsole
CreateProcessW
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GetVersion
InterlockedCompareExchange
CreateDirectoryA
FindFirstFileA
FindNextFileA
DeleteFileA
IsDBCSLeadByte
SetFileAttributesA
DeviceIoControl
lstrcpynW
GetWindowsDirectoryW
GetOverlappedResult
ReadDirectoryChangesW
ResumeThread
SuspendThread
GetCurrentProcessId
Module32NextW
GetCurrentThreadId
GetModuleHandleA
GetModuleFileNameA
GetSystemInfo
Module32FirstW
GlobalMemoryStatusEx
OpenThread
CreateFileW
Thread32Next
GetVersionExW
Thread32First
FormatMessageA
GetCurrentThread
SetEvent
SetUnhandledExceptionFilter
VirtualQuery
GetLocaleInfoA
GetThreadContext
GetLogicalDrives
GetShortPathNameW
GetTempPathW
GetExitCodeProcess
GetTempFileNameW
GetEnvironmentVariableW
GetUserDefaultUILanguage
GetTimeFormatW
GetLocaleInfoW
GetDateFormatW
DeleteCriticalSection
CreateEventW
EnterCriticalSection
GetPrivateProfileIntW
LeaveCriticalSection
InitializeCriticalSection
GetPrivateProfileStringW
GetSystemTimeAsFileTime
GetCommandLineW
GlobalAddAtomW
GlobalDeleteAtom
GlobalUnlock
WaitForSingleObject
GetProfileStringW
GlobalLock
InterlockedIncrement
MulDiv
InterlockedDecrement
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
lstrcatW
lstrcpyW
QueryDosDeviceW
lstrcmpiW
GetLogicalDriveStringsW
GlobalFree
GlobalAlloc
TerminateProcess
OpenProcess
TerminateThread
GetACP
WideCharToMultiByte
SetFileAttributesW
CreateDirectoryW
FileTimeToSystemTime
lstrlenW
Sleep
SystemTimeToFileTime
GetLocalTime
FindClose
DeleteFileW
FindResourceW
LoadResource
LockResource
SizeofResource
FindNextFileW
FindFirstFileW
Process32NextW
Process32FirstW
GetLastError
CreateToolhelp32Snapshot
CreateThread
MultiByteToWideChar
CloseHandle
MoveFileA

user32

SetWindowTextW
IsWindowEnabled
GetWindowThreadProcessId
CharUpperW
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
GetDesktopWindow
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
LoadMenuW
TranslateAcceleratorW
BringWindowToTop
SetRectEmpty
InsertMenuItemW
LoadAcceleratorsW
InflateRect
GetSysColorBrush
GetMenuItemInfoW
UnregisterClassW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
PostThreadMessageW
MonitorFromWindow
OemToCharA
CharToOemA
CharLowerA
CharUpperA
CharToOemBuffW
OemToCharBuffA
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetDlgCtrlID
CopyRect
PtInRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemCount
GetSubMenu
IsCharAlphaNumericW
wsprintfA
GetMonitorInfoW
MonitorFromRect
FindWindowExW
LoadImageW
GetNextDlgGroupItem
ClientToScreen
SetWindowRgn
DrawFocusRect
OffsetRect
DrawEdge
WindowFromPoint
HideCaret
ShowCaret
SetClassLongW
PostQuitMessage
IsZoomed
IsDialogMessageW
TrackMouseEvent
IsCharUpperW
CharLowerW
GetForegroundWindow
GetScrollInfo
LoadBitmapW
ShowScrollBar
GetCursor
IsWindowVisible
UnregisterHotKey
SetScrollInfo
GetScrollPos
DialogBoxIndirectParamW
DialogBoxParamW
EndDialog
SendDlgItemMessageW
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
SetDlgItemTextW
SetActiveWindow
CloseClipboard
SetCapture
GetCapture
EmptyClipboard
OpenClipboard
ReleaseCapture
SetClipboardData
PostMessageW
ReuseDDElParam
MessageBeep
UnpackDDElParam
GetDlgItem
EndPaint
SetCursor
ScreenToClient
DrawTextW
BeginPaint
GetDC
ReleaseDC
GetSysColor
SetWindowPos
GetCursorPos
DrawFrameControl
GetMenuItemID
GetParent
ModifyMenuW
CheckMenuRadioItem
SetMenu
InsertMenuW
CheckMenuItem
GetMenu
DrawIcon
GetSystemMetrics
IsIconic
FillRect
wsprintfW
MoveWindow
SetParent
IsWindow
FindWindowW
DestroyWindow
GetWindowRect
TrackPopupMenu
SetForegroundWindow
CreateMenu
SetFocus
GetWindowLongW
AppendMenuW
EnableMenuItem
SetWindowLongW
RedrawWindow
CreatePopupMenu
RemoveMenu
MapWindowPoints
DestroyMenu
SetMenuItemInfoW
CallWindowProcW
GetMessagePos
RegisterClassExW
LoadIconW
CreateWindowExW
UpdateWindow
DefWindowProcW
EnableWindow
InvalidateRect
KillTimer
GetFocus
SetTimer
RegisterHotKey
ShowWindow
SystemParametersInfoW
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendMessageW
LoadCursorW
GetClientRect
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
GetKeyState
GetClassInfoExW
MessageBoxW

gdi32

GetObjectW
BitBlt
GetPixel
CreateRectRgn
CombineRgn
CreateDIBitmap
GetClipBox
SaveDC
RestoreDC
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
CreateCompatibleBitmap
ScaleWindowExtEx
LineTo
ExtSelectClipRgn
CreatePatternBrush
CreateBitmap
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
Rectangle
StretchBlt
GetDIBits
SelectClipRgn
SetDIBits
CreateCompatibleDC
ExcludeClipRect
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
CreateRoundRectRgn
CreatePen
RoundRect
GetStockObject
EndPage
StartPage
DeleteDC
CreateDCW
SetMapMode
StartDocW
EndDoc
AbortDoc
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkColor
SetBkMode
SelectObject
CreateSolidBrush
DeleteObject
GetTextExtentPoint32W
CreateFontW
SetWindowExtEx
FloodFill
MoveToEx

msimg32

AlphaBlend

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
PrintDlgExW
GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ord203
ClosePrinter

advapi32

RegOpenKeyExW
SetFileSecurityA
SetFileSecurityW
RegQueryValueExW
RegDeleteValueW
RegQueryValueExA
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegCreateKeyExW

shell32

SHGetFileInfoW
SHChangeNotify
SHAddToRecentDocs
DragQueryFileW
DragFinish
SHGetFolderPathW
SHGetDesktopFolder
ShellExecuteExW
SHBindToParent
DragAcceptFiles
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx
CreatePropertySheetPageW
_TrackMouseEvent
ImageList_Draw

shlwapi

StrStrW
StrRStrIW
StrStrIW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
SHDeleteKeyW
PathAppendW
SHSetValueW
PathIsRelativeW

oledlg

OleUIBusyW

ole32

CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
VariantChangeType
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString

psapi

EnumProcesses
GetProcessImageFileNameW

ws2_32

closesocket
recv
gethostname
gethostbyname
WSAStartup
socket
htons
bind
listen
WSAGetLastError
accept
send
connect

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 399KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Sanpellegrino MediaKit/Videos Examples/Video Script
Sanpellegrino MediaKit/Videos Examples/[1] Promotional Video｜S.Pellegrino S.p.A.mp4
Sanpellegrino MediaKit/Videos Examples/[2] Promotional Video｜S.Pellegrino S.p.A.mp4
Sanpellegrino MediaKit/logo.png
.png

Password: pellegrino
Sanpellegrino MediaKit/msimg32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

Password: pellegrino

8a750bf910e26f401e6725747d15674a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\641453\out\Release_i18n\safemon.pdb

Imports

kernel32

GetSystemInfo
GetCurrentProcessId
OpenProcess
GetModuleFileNameA
lstrcmpiA
OutputDebugStringW
GetShortPathNameW
Sleep
GetCommandLineW
LoadLibraryExW
GetPrivateProfileIntW
TlsGetValue
GetTickCount
ExpandEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
GetPrivateProfileIntA
CreateThread
CreateFileA
CreateFileMappingA
MapViewOfFileEx
UnmapViewOfFile
VirtualAllocEx
VirtualFreeEx
GetVersionExA
CreateDirectoryA
SetEndOfFile
SetUnhandledExceptionFilter
GetSystemDirectoryA
CreateRemoteThread
VirtualAlloc
VirtualFree
IsBadStringPtrW
VirtualProtect
CreateFileMappingW
MapViewOfFile
GetPrivateProfileStringA
GetPrivateProfileSectionW
CreateEventW
SetEvent
WaitForMultipleObjects
GlobalSize
GlobalLock
GlobalUnlock
GetProcessHeap
HeapAlloc
lstrcpynW
lstrcmpA
OpenFileMappingW
GetLocalTime
IsDebuggerPresent
OpenMutexW
GetModuleHandleA
CreateDirectoryW
CopyFileW
IsBadCodePtr
GetSystemTime
SystemTimeToFileTime
LoadLibraryA
CreateProcessW
GetExitCodeThread
GetTempPathW
GetTempFileNameW
HeapFree
GetEnvironmentVariableW
ResetEvent
lstrcmpW
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
CreateMutexW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
GetPrivateProfileStringW
SetFilePointer
GetVersionExW
FreeResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
HeapCreate
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SuspendThread
LocalAlloc
GetFileAttributesW
LoadLibraryW
GetSystemDirectoryW
LocalFree
SearchPathW
VirtualQuery
GetLongPathNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GetFileAttributesExW
lstrcpynA
WideCharToMultiByte
lstrlenW
TerminateProcess
MultiByteToWideChar
InterlockedCompareExchange
lstrlenA
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileW
SetLastError
RaiseException
lstrcmpiW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetCurrentThread
SetErrorMode
IsBadReadPtr
TlsSetValue
GetModuleFileNameW
FreeLibrary
GetModuleHandleW
TlsFree
TlsAlloc
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
SetThreadContext
GetThreadContext
ResumeThread
DeviceIoControl
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
InterlockedExchange
DebugBreak

user32

CallWindowProcW
SetParent
SetWindowPos
IsWindow
ShowWindow
GetClientRect
MoveWindow
GetWindowLongW
GetSystemMetrics
RedrawWindow
SetWindowLongW
GetParent
DefWindowProcW
GetWindowRect
UnregisterClassA
ScreenToClient
InvalidateRect
EnumChildWindows
IsWindowVisible
DestroyWindow
GetClassNameW
FindWindowExW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
PostQuitMessage
EnumThreadWindows
EndDialog
DialogBoxParamW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClassW
GetMonitorInfoW
MonitorFromPoint
DestroyMenu
EndPaint
BeginPaint
AppendMenuW
TrackPopupMenu
CreatePopupMenu
DrawTextW
RegisterWindowMessageW
InflateRect
OffsetRect
CopyRect
KillTimer
SetTimer
SendMessageW
GetWindowTextW
SetWindowTextW
SetRectEmpty
SetRect
DrawIconEx
PostMessageW
PtInRect
GetDC
ReleaseDC
GetCursorPos
wsprintfW
FindWindowW
LoadImageW
CharNextW
SendMessageTimeoutW
UnhookWindowsHookEx
BroadcastSystemMessageW
SetWindowsHookExW
CallNextHookEx

gdi32

CreateFontIndirectW
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
GetStockObject
BitBlt
CreateDIBSection
SetStretchBltMode
StretchBlt
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
GetObjectW
SetViewportOrgEx
CreateCompatibleBitmap
CreateBitmap
SetPixel
PatBlt

advapi32

RegQueryValueExA
CryptAcquireContextW
LookupAccountNameW
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
ConvertSidToStringSidW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
CryptGenRandom
CryptReleaseContext
RegQueryValueExW

shell32

ord51
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathA
SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
StringFromCLSID
StringFromGUID2
GetHGlobalFromStream
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

SysStringByteLen
SysAllocStringByteLen
UnRegisterTypeLi
SysAllocStringLen
VariantClear
SysFreeString
DispCallFunc
SysStringLen
LoadTypeLi
VariantInit
VarUI4FromStr
LoadRegTypeLi
SysAllocString
VarBstrCmp

shlwapi

StrCmpW
StrChrW
StrDupW
PathIsDirectoryW
PathFindExtensionW
StrCmpNIA
PathRemoveFileSpecW
StrCmpNW
UrlGetPartW
StrCmpNIW
StrStrIA
PathGetArgsW
UrlUnescapeW
PathFileExistsA
PathRemoveFileSpecA
PathCombineA
StrStrW
PathMatchSpecW
SHSetValueW
SHDeleteKeyW
PathRemoveExtensionW
PathRemoveBackslashW
PathIsRootW
PathIsPrefixW
UrlGetPartA
StrDupA
StrChrA
wnsprintfW
PathAppendW
PathFindFileNameW
StrRChrIW
StrRStrIW
StrChrIW
StrCmpIW
StrStrIW
SHGetValueW
PathFileExistsW
StrCpyNW
PathCombineW

psapi

EnumProcessModules
GetModuleInformation
GetModuleBaseNameW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

oleacc

AccessibleObjectFromPoint

urlmon

UrlMkSetSessionOption
UrlMkGetSessionOption

ws2_32

htonl
ntohl
WSASetLastError
getpeername
inet_ntoa
inet_addr

netapi32

NetApiBufferFree
NetWkstaUserGetInfo

Exports

Exports

AlphaBlend
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetSafeVedioVersion
GetUrlSiteType
IsTraystupidRealRunning
SetMailGuardCallback
SetNetpayGuardState
SetSafeVedioVersion
SetWDPayProPopWndState
Start
StartF
Stop
Update
pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_malloc
pcre_stack_free
pcre_stack_malloc
safemon_100
safemon_101
safemon_102
safemon_103
safemon_104
safemon_105
safemon_106
safemon_107
safemon_108
safemon_109
safemon_110
safemoninit

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 885KB - Virtual size: 885KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: pellegrino

Password: pellegrino

e456fbce099e309bfeaff191fcf3b1ee

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

6a:e1:85:c2:92:81:e4:14:ea:62:0e:1dCertificate

Extended Key Usages

Key Usages

40:cb:42:89:5c:3e:74:94:26:97:ad:2fCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

gdiplus

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

ws2_32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 399KB - Virtual size: 496KB

.rsrc Size: 187KB - Virtual size: 186KB

Password: pellegrino

Password: pellegrino

8a750bf910e26f401e6725747d15674a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

version

oleacc

urlmon

ws2_32

netapi32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 187KB - Virtual size: 188KB

.data Size: 52KB - Virtual size: 152KB

.share Size: 512B - Virtual size: 4KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

6a:e1:85:c2:92:81:e4:14:ea:62:0e:1d
Certificate

40:cb:42:89:5c:3e:74:94:26:97:ad:2f
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

20:3e:9f:9c:65:a4:62:ce:88:5d:59:c6:1d:1c:ac:b2:d0:fa:2e:e7
Signer

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 399KB - Virtual size: 496KB

.rsrc
Size: 187KB - Virtual size: 186KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 187KB - Virtual size: 188KB

.data
Size: 52KB - Virtual size: 152KB

.share
Size: 512B - Virtual size: 4KB

.SHARE
Size: 512B - Virtual size: 4KB

.rsrc
Size: 885KB - Virtual size: 885KB