6E537A7A10084948A7B7CE43195693E285425986

Sharing

Copy URL

Twitter E-mail

General

Target

6E537A7A10084948A7B7CE43195693E285425986
Size

1.0MB
MD5

1021d19d566516038226b11df94bd678
SHA1

cd13a0d0593f39dda87b4f98f49811a28d076908
SHA256

f25b0322ec826b79bb2c088a3c017e00f6d5afe724acba9807a5c3bd6bc4f694
SHA512

ccf3c3a349acf6dfa544ae0dbc4176730d1e30a61080eea55aa183373ef50273f65d7d1b367c6fd6ebdccd1d9b18a7442c1f912daec4c252bad3286e2041a3e3
SSDEEP

24576:RvfK9izZ2EpV4NKp/9St21TXZqJuT/t8NODg0QY/c+oPTQcRY:RnK0cEplStsZwX0DqYziy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/plugins/NetworkTools.dll

Files

6E537A7A10084948A7B7CE43195693E285425986
.zip
Setup.exe
.exe windows:5 windows x86 arch:x86

04de0ad9c37eb7bd52043d2ecac958df

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-10-2013 00:00

Not After

04-01-2017 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-10-2013 00:00

Not After

04-01-2017 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24-12-2015 00:00

Not After

07-01-2025 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0d:50:34:d9:d5:b2:74:e3:7b:42:9c:b2:20:c0:e4:f0:a0:be:42:30:5f:68:9d:f1:2c:5e:79:08:f0:27:e1
Signer

Actual PE Digest

04:0d:50:34:d9:d5:b2:74:e3:7b:42:9c:b2:20:c0:e4:f0:a0:be:42:30:5f:68:9d:f1:2c:5e:79:08:f0:27:e1

Digest Algorithm

sha256

PE Digest Matches

true

be:c9:d8:3f:06:9b:df:1c:14:7d:4a:b1:44:ad:e3:46:1e:7a:46:c3
Signer

Actual PE Digest

be:c9:d8:3f:06:9b:df:1c:14:7d:4a:b1:44:ad:e3:46:1e:7a:46:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\processhacker2\bin\Release32\ProcessHacker.pdb

Imports

ntdll

NtCreateTimer
NtAlertThread
NtSetTimer
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
NtCreateSemaphore
LdrGetProcedureAddress
NtQueryObject
NtClearEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlGetVersion
NtDeviceIoControlFile
NtSetInformationObject
NtQueryFullAttributesFile
NtQueryValueKey
NtOpenFile
NtQuerySecurityObject
NtOpenSection
NtQueryDirectoryFile
NtCreateFile
NtCreateKey
RtlCreateUserThread
NtQueryDirectoryObject
NtFsControlFile
NtOpenDirectoryObject
RtlPrefixUnicodeString
NtSetSecurityObject
NtOpenProcess
NtQuerySymbolicLinkObject
RtlConvertSidToUnicodeString
NtOpenKey
NtQueueApcThread
NtUnloadDriver
RtlEqualUnicodeString
NtOpenSymbolicLinkObject
NtOpenThread
NtDeleteKey
NtQueryKey
NtGetContextThread
NtQueryInformationFile
NtFlushBuffersFile
NtLockFile
NtSetInformationFile
NtUnlockFile
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
NtAllocateVirtualMemory
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteN
RtlExpandEnvironmentStrings_U
RtlGetDaclSecurityDescriptor
RtlCreateUserProcess
RtlNtStatusToDosError
RtlCreateProcessParameters
NtFilterToken
RtlStringFromGUID
RtlFindMessage
NtQueryAttributesFile
RtlAddAce
RtlDestroyProcessParameters
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlGetAce
RtlRandomEx
NtDuplicateToken
RtlGetFullPathName_U
NtSetInformationToken
NtPowerInformation
NtTestAlert
NtOpenThreadToken
RtlTimeToSecondsSince1980
RtlEqualSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlFirstEntrySList
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
NtSuspendThread
NtQueryInformationProcess
NtRemoveProcessDebug
NtTerminateThread
NtResumeProcess
RtlAbsoluteToSelfRelativeSD
RtlLengthSid
RtlUnwind
NtCreateSection
NtQueryMutant
NtReleaseSemaphore
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlSecondsSince1970ToTime
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
NtQueryInformationToken
NtCreateMutant
NtOpenProcessToken
NtAdjustPrivilegesToken
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtMapViewOfSection
NtQuerySection
RtlSetHeapInformation
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlQueryEnvironmentVariable_U
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
NtSetValueKey
RtlDetermineDosPathNameType_U
NtDeleteValueKey
NtAddAtom
RtlGUIDFromString
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtDelayExecution
NtSetInformationThread
NtFreeVirtualMemory

winsta

WinStationSendMessageW
WinStationShadow
WinStationGetAllProcesses
WinStationFreeGAPMemory
WinStationRegisterConsoleNotification
WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationReset
WinStationDisconnect
WinStationConnectW

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_Remove
CreatePropertySheetPageW
InitCommonControlsEx
PropertySheetW
ImageList_Replace

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

uxtheme

IsThemeActive
GetThemeInt
SetWindowTheme
CloseThemeData
DrawThemeBackground
OpenThemeData
IsThemePartDefined
EnableThemeDialogTexture

kernel32

GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
ReadFile
SizeofResource
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GlobalLock
GlobalUnlock
LocalAlloc
VirtualQuery
GlobalSize
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
GetStdHandle
WriteFile
WideCharToMultiByte
GetModuleHandleExW
HeapFree
CreateRemoteThread
CreateThread
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
GetSystemDefaultLangID
GetSystemDirectoryW
GetLocaleInfoW
GetUserDefaultLangID
SearchPathW
LocalFree
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
ExitProcess
SetErrorMode
GetTickCount
AllocConsole
GetConsoleWindow
FreeConsole
SetConsoleCtrlHandler
CreateProcessW
FileTimeToLocalFileTime
FileTimeToSystemTime
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
WriteConsoleW
DecodePointer
RaiseException
HeapAlloc
GetModuleHandleW
GetProcAddress
GetLastError

user32

ReleaseCapture
PtInRect
SetScrollPos
ShowCaret
EnableScrollBar
SetCapture
DestroyCaret
DragDetect
GetClipboardData
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
GetDCEx
BeginPaint
ScreenToClient
SetCursorPos
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
GetCapture
GetAsyncKeyState
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetUpdateRgn
GetIconInfo
EndPaint
EmptyClipboard
CloseClipboard
OpenClipboard
GetActiveWindow
GetFocus
TrackPopupMenu
DestroyMenu
CreatePopupMenu
FrameRect
InsertMenuItemW
DialogBoxParamW
SetDlgItemTextW
EndDialog
LockWorkStation
ExitWindowsEx
SendMessageW
IsWindowVisible
EnableWindow
GetParent
GetDlgItem
SetPropW
IsWindowEnabled
RemovePropW
GetPropW
GetClassNameW
GetWindowThreadProcessId
IsIconic
InvalidateRect
SetForegroundWindow
GetClientRect
SetWindowLongW
FindWindowW
SetLayeredWindowAttributes
MoveWindow
ClientToScreen
GetMonitorInfoW
GetWindowInfo
RedrawWindow
ShowWindow
GetSubMenu
GetWindowPlacement
GetMenuItemCount
MonitorFromRect
SetWindowPos
GetMenu
FindWindowExW
PostMessageW
GetKeyState
GetMenuItemInfoW
GetWindowLongW
MapWindowPoints
SetWindowTextW
GetWindowRect
MapDialogRect
DestroyIcon
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
SetCursor
LoadCursorW
CreateDialogParamW
GetSysColorBrush
GetSysColor
CopyIcon
SetDlgItemInt
SetTimer
DestroyWindow
ReleaseDC
SystemParametersInfoW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
DispatchMessageW
LoadAcceleratorsW
GetSystemMetrics
GetDC
SendMessageTimeoutW
GetMessageW
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
AppendMenuW
EndDeferWindowPos
DrawMenuBar
LoadIconW
SetFocus
SetMenuInfo
SetMenuItemInfoW
BeginDeferWindowPos
IsWindow
RegisterClassExW
CreateWindowExW
ShowWindowAsync
LoadMenuW
DefWindowProcW
DeferWindowPos
GetCursorPos
DrawIconEx
DrawTextW
TrackMouseEvent
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
CallWindowProcW
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
FillRect
GetDlgItemInt
GetGuiResources
GetWindowTextLengthW
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
EnumDesktopsW
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
GetWindowTextW
CreateDialogIndirectParamW
GetDesktopWindow
SetClipboardData
InternalGetWindowText

gdi32

GetDeviceCaps
CreateFontW
DeleteObject
GetTextColor
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
SetDCPenColor
SetDCBrushColor
Polyline
GetStockObject
CreateCompatibleDC
CreateDIBSection
DeleteDC
BitBlt
SetTextColor
Rectangle
GetCharWidthW
TextOutW
SetBoundsRect
CreateCompatibleBitmap
GdiAlphaBlend
IntersectClipRect
CombineRgn
RestoreDC
ExcludeClipRect
SelectClipRgn
GetClipRgn
SaveDC
GetDIBits
SetBkColor
GetObjectW
CreateRectRgn
CreateFontIndirectW
SetBkMode

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
ChooseFontW

advapi32

LogonUserW
SystemFunction036
SetSecurityInfo
GetSecurityInfo
LsaLookupSids
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaLookupPrivilegeName
StartServiceW
ControlService
DeleteService
CloseServiceHandle
LsaClose
LsaAddAccountRights
ChangeServiceConfigW
ChangeServiceConfig2W
OpenSCManagerW
CreateServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
LsaFreeMemory
LsaEnumerateAccounts
RegisterServiceCtrlHandlerExW
OpenServiceW
QueryServiceConfig2W
CreateProcessAsUserW
EnumServicesStatusExW
LsaEnumeratePrivilegesOfAccount
LsaOpenAccount
CreateProcessWithLogonW
QueryServiceConfigW

shell32

SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
ExtractIconExW
DuplicateIcon

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

Exports

Exports

PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddTabControlTab
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhAutoDereferenceObject
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhDecodeUnicodeDecoder
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteStringBuilder
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDestroyEMenu
PhDestroyEMenuItem
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFullPath
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMessage
PhGetModuleFromAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStockApplicationIcon
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHashBytes
PhHashStringRef
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeStringBuilder
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvokeCallback
PhIsExecutablePacked
PhIsExecutingInWow64
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadIcon
PhLoadListViewColumnSettings
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLocalTimeToSystemTime
PhLockFileStream
PhLoggedCallback
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhProcessAddedEvent
PhProcessModifiedEvent
PhProcessRemovedEvent
PhProcessesUpdatedEvent
PhQueryFullAttributesFileWin32
PhQueryKey
PhQueryRegistryString
PhQueryServiceVariableSize
PhQuerySystemTime
PhQueryTimeZoneBias
PhQueryValueKey
PhQueueItemWorkQueue
PhQueueItemWorkQueueEx
PhReAllocate
PhReAllocateSafe
PhReadFileStream
PhReferenceEmptyString
PhReferenceObject
PhReferenceObjectEx
PhReferenceObjectSafe
PhReferenceObjects
PhRegisterCallback
PhRegisterCallbackEx
PhRemoveAllEMenuItems
PhRemoveEMenuItem
PhRemoveElementAvlTree
PhRemoveEntryHashtable
PhRemoveItemArray
PhRemoveItemList
PhRemoveItemPointerList
PhRemoveItemSimpleHashtable
PhRemoveItemsArray
PhRemoveItemsList
PhRemoveListViewItem
PhRemoveStringBuilder
PhResizeArray
PhResizeCircularBuffer_FLOAT
PhResizeCircularBuffer_PVOID
PhResizeCircularBuffer_ULONG
PhResizeCircularBuffer_ULONG64
PhResizeList
PhResolveDevicePrefix
PhRoundUpToPowerOfTwo
PhSaveListViewColumnSettings
PhSeekFileStream
PhSelectComboBoxString
PhServiceAddedEvent
PhServiceModifiedEvent
PhServiceRemovedEvent
PhServicesUpdatedEvent
PhSetClipboardString
PhSetControlTheme
PhSetExtendedListView
PhSetFileDialogFileName
PhSetFileDialogFilter
PhSetFileDialogOptions
PhSetFileSize
PhSetFlagsAllEMenuItems
PhSetFlagsEMenuItem
PhSetGraphText
PhSetHeaderSortIcon
PhSetImageListBitmap
PhSetListViewItemImageIndex
PhSetListViewSubItem
PhSetObjectSecurity
PhSetOptionsSymbolProvider
PhSetSeObjectSecurity
PhSetSearchPathSymbolProvider
PhSetServiceDelayedAutoStart
PhSetStateAllListViewItems
PhSetTokenIsVirtualizationEnabled
PhSetTokenPrivilege
PhSetTokenPrivilege2
PhSetTokenSessionId
PhShellExecute
PhShellExecuteEx
PhShellExploreFile
PhShellOpenKey
PhShellProperties
PhShowConfirmMessage
PhShowContinueStatus
PhShowEMenu
PhShowFileDialog
PhShowMessage
PhShowMessage_V
PhShowStatus
PhSidToStringSid
PhSplitStringRefAtChar
PhSplitStringRefAtLastChar
PhSplitStringRefAtString
PhSplitStringRefEx
PhStackWalk
PhStdGetClientIdName
PhStdGetObjectSecurity
PhStdSetObjectSecurity
PhStringToDouble
PhStringToInteger64
PhSuccessorElementAvlTree
PhSystemBasicInformation
PhSystemTimeToLocalTime
PhTerminateProcess
PhTransceiveNamedPipe
PhTrimStringRef
PhUnloadDllProcess
PhUnloadDriver
PhUnlockFileStream
PhUnregisterCallback
PhUpdateDosDevicePrefixes
PhUpdateHash
PhUpdateMupDevicePrefixes
PhUpperBoundElementAvlTree
PhUpperDualBoundElementAvlTree
PhVerifyFile
PhVerifyFileStream
PhWaitForNamedPipe
PhWaitForWorkQueue
PhWalkThreadStack
PhWriteFileStream
PhWriteMiniDumpProcess
PhWriteStringAsUtf8FileStream
PhWriteStringAsUtf8FileStream2
PhWriteStringAsUtf8FileStreamEx
PhWriteStringFormatAsUtf8FileStream
PhWriteStringFormatAsUtf8FileStream_V
PhWriteUnicodeDecoder

Sections

.text
Size: 865KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/NetworkTools.dll
.dll windows:6 windows x86 arch:x86

a7333368867e60415d9e1986c2d6a964

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
GetNumaHighestNodeNumber
GetSystemFirmwareTable
GetPrivateProfileStructW
GetStartupInfoW
GetCPInfoExW
SetSystemTimeAdjustment
InitializeSRWLock
FindStringOrdinal
TryEnterCriticalSection
GetLogicalDrives
GetThreadPriorityBoost
QueryInformationJobObject
FindFirstVolumeMountPointW
SetNamedPipeHandleState
EnumResourceTypesExW
CloseThreadpool
StartThreadpoolIo
FindFirstFileW
GetFileSizeEx
GetNumaAvailableMemoryNodeEx
GetProcessShutdownParameters
SetHandleInformation
EnumResourceLanguagesExW
FindFirstFileExW
RtlUnwind
SetEventWhenCallbackReturns
SetProcessAffinityUpdateMode
SetWaitableTimer
CompareStringW
GetConsoleAliasesW
SetThreadDescription
FindFirstVolumeW
GetSystemDefaultLCID
VirtualProtect
CopyFileTransactedW
GetConsoleScreenBufferInfo
CreateSemaphoreExW
SetLastError
SetPriorityClass
GetCommProperties
AddDllDirectory
SetLocalTime
EnterCriticalSection
GetCommandLineW
GetHandleInformation
SetConsoleActiveScreenBuffer
IsThreadpoolTimerSet
EnumCalendarInfoExEx
FindVolumeMountPointClose
IsDBCSLeadByteEx
GetCurrentProcess
SetProcessAffinityMask
GetThreadErrorMode
CreateWaitableTimerW
EnumCalendarInfoW
ReleaseSemaphore
SetFileShortNameW
SetDynamicTimeZoneInformation
WriteFile
Wow64DisableWow64FsRedirection
GetThreadIdealProcessorEx
lstrcpynW
RegisterWaitForSingleObject
RemoveDllDirectory
GetModuleHandleExW
ExpandEnvironmentStringsW
CreatePrivateNamespaceW
UnregisterWait
GetDiskFreeSpaceW
GetTimeFormatEx
RtlPcToFileHeader
GetStringTypeExW
SetFileBandwidthReservation
GetNumberOfConsoleMouseButtons
TerminateProcess
RemoveDirectoryW
GetFinalPathNameByHandleW
GetProcessAffinityMask
PrefetchVirtualMemory
WakeAllConditionVariable
SetFileTime
GetUserDefaultLangID
AddSecureMemoryCacheCallback
FindFirstStreamTransactedW
CreateThreadpoolIo
DeleteFiber
CreateNamedPipeW
GetThreadLocale
GetGeoInfoW
SetConsoleWindowInfo
GetNumaProcessorNodeEx
GetUserDefaultLocaleName
Wow64SetThreadContext
GetCompressedFileSizeTransactedW
GetNumaNodeNumberFromHandle
DeleteTimerQueueEx
GetUserDefaultUILanguage
GetConsoleFontSize
CompareStringOrdinal
SetSystemFileCacheSize
DnsHostnameToComputerNameW
DeleteAtom
GetProcessVersion
LeaveCriticalSection
GetConsoleAliasExesW
FoldStringW
SetErrorMode
InitializeConditionVariable
SetFilePointer
InitOnceInitialize
GetProcessMitigationPolicy
TryAcquireSRWLockShared
EnumUILanguagesW
GetNumaAvailableMemoryNode
GetNumaProcessorNode
OpenFileById
GetConsoleAliasW
GetSystemPowerStatus
WaitForThreadpoolIoCallbacks
UnlockFileEx
PeekNamedPipe
FatalExit
EnumCalendarInfoExW
GetTempPathW
InitializeCriticalSectionEx
GetPrivateProfileSectionW
WaitForThreadpoolTimerCallbacks
WaitForMultipleObjectsEx
GetLocaleInfoW
IsNLSDefinedString
WaitForSingleObject
GetNumberFormatEx
UnregisterBadMemoryNotification
MapViewOfFileExNuma
DebugActiveProcessStop
GetVersionExW
EnumSystemCodePagesW
GetThreadDescription
GetPrivateProfileSectionNamesW
UnregisterApplicationRecoveryCallback
SetSearchPathMode
IsSystemResumeAutomatic
HeapWalk
IsBadCodePtr
QueryMemoryResourceNotification
GlobalDeleteAtom
GetUILanguageInfo
MapUserPhysicalPages
UnmapViewOfFile
DuplicateHandle
DisconnectNamedPipe
RtlCaptureStackBackTrace
LCIDToLocaleName
SetProcessMitigationPolicy
CloseThreadpoolWait
RemoveSecureMemoryCacheCallback
SetFileAttributesTransactedW
MultiByteToWideChar
GetSystemWow64DirectoryW
WritePrivateProfileStructW
CancelSynchronousIo
LocalFileTimeToFileTime
EnumSystemLanguageGroupsW
GetTickCount64
OpenWaitableTimerW
SetCalendarInfoW
GetMaximumProcessorCount
Wow64RevertWow64FsRedirection
FlsSetValue
GetLastError
GetLargestConsoleWindowSize
GetCurrencyFormatEx
WaitForThreadpoolWaitCallbacks
ChangeTimerQueueTimer
GetCalendarInfoW
EscapeCommFunction
GetConsoleAliasesLengthW
TzSpecificLocalTimeToSystemTime
ReleaseSRWLockExclusive
SetCriticalSectionSpinCount
GetConsoleProcessList
SetFileInformationByHandle
GetMaximumProcessorGroupCount
ConvertDefaultLocale
FindNextVolumeMountPointW
FillConsoleOutputCharacterW
ReadConsoleInputW
GetThreadUILanguage
GetUserDefaultLCID
GetLogicalProcessorInformation
FileTimeToSystemTime
CloseThreadpoolTimer
GetNamedPipeHandleStateW
GetDiskFreeSpaceExW
OfferVirtualMemory
InterlockedFlushSList
AcquireSRWLockExclusive
TerminateThread
GetActiveProcessorGroupCount
EnumDateFormatsExEx
FindCloseChangeNotification
LoadLibraryA
GetApplicationRestartSettings
SetWaitableTimerEx
CreateThreadpoolWait
PulseEvent
GetFullPathNameTransactedW
QueryPerformanceFrequency
GetCommState
CreateHardLinkTransactedW
GlobalAlloc
DeleteFileW
InterlockedPushListSListEx
TransmitCommChar
GetSystemDEPPolicy
MoveFileTransactedW
WriteConsoleOutputAttribute
CreateThreadpoolCleanupGroup
SetThreadpoolTimer
GetNumberFormatW
FreeConsole
GetSystemInfo
CreateSymbolicLinkTransactedW
PowerClearRequest
GetProcessHeaps
WriteProfileSectionW
BindIoCompletionCallback
SetThreadpoolWait
ReadFileEx
CreateThreadpoolTimer
LoadLibraryW
CancelIoEx
IsDBCSLeadByte
ScrollConsoleScreenBufferW
SetComputerNameW
LoadResource
GlobalFindAtomW
HeapAlloc
WriteConsoleInputW
Wow64SuspendThread
ClearCommError
FileTimeToLocalFileTime
QueueUserAPC
GetLocalTime
GetUserGeoID
GetQueuedCompletionStatusEx
UpdateResourceW
GetOverlappedResult
CloseThreadpoolIo
SetCommMask
SwitchToThread
SetVolumeMountPointW
FindNextFileNameW
HeapDestroy
QueryIdleProcessorCycleTimeEx
IsThreadAFiber
GetCurrentProcessorNumber
GetDurationFormatEx
GetThreadContext
CreateFileMappingFromApp
GetWindowsDirectoryW
PeekConsoleInputW
GetErrorMode
SetThreadPriorityBoost
VirtualLock
GetPriorityClass
Beep
GetProcAddress
VirtualAllocEx
UnregisterWaitEx
DebugActiveProcess
LocalFree
GetProcessorSystemCycleTime
ReplaceFileW
GetFileSize
SetDefaultCommConfigW
CreateMemoryResourceNotification
DeleteCriticalSection
ExitProcess
FindAtomW
LCMapStringW
ReadProcessMemory
SetProtectedPolicy
FindVolumeClose
DisableThreadProfiling
SetConsoleCP
FindFirstStreamW
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
IsValidLocale
CreateSemaphoreW
IsValidLanguageGroup
TransactNamedPipe
FlushInstructionCache
CreateSymbolicLinkW
WinExec
RemoveVectoredContinueHandler
WritePrivateProfileSectionW
GetThreadTimes
BeginUpdateResourceW
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW
ReadConsoleOutputCharacterW
CommConfigDialogW
GetFileMUIInfo
SetConsoleOutputCP
GetSystemTimeAsFileTime
EnumSystemGeoID
TerminateJobObject
LocalFlags
EnumSystemFirmwareTables
GlobalMemoryStatus
GetFirmwareType
DeleteVolumeMountPointW
IsBadReadPtr
SetProcessWorkingSetSize
CreateFileMappingW
BackupRead
GetProcessPriorityBoost
GetSystemWindowsDirectoryW
SetThreadContext
FindNextVolumeW
SetFileValidData
BackupSeek
QueryPerformanceCounter
GetNLSVersion
GetSystemRegistryQuota
HeapUnlock
InitializeSListHead
FreeLibraryWhenCallbackReturns
OpenMutexW
FindNextStreamW
WaitNamedPipeW
GetTimeZoneInformationForYear
FlsFree
SetCommState
SetCommConfig
GetCalendarInfoEx
SetConsoleTitleW
InitializeSynchronizationBarrier
MapViewOfFileEx
VirtualQuery
RegisterApplicationRestart
CreateFiber
GetVolumeInformationByHandleW
GetDriveTypeW
GetFileTime
InterlockedPopEntrySList
GlobalReAlloc
GenerateConsoleCtrlEvent
DebugSetProcessKillOnExit
CheckRemoteDebuggerPresent
IsBadStringPtrW
CreateThreadpoolWork
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindClose
HeapReAlloc
ReadConsoleW
ReadFile
EnumSystemLocalesW
CloseHandle
HeapFree
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
GetStdHandle
SetFilePointerEx
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
GetCurrentThreadId
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
WideCharToMultiByte

user32

CreateWindowExW
DdeSetQualityOfService
GetGuiResources
LockSetForegroundWindow
SetWindowRgn
CalculatePopupWindowPosition
GetPropW
DeregisterShellHookWindow
GetCaretPos
GetDC
InflateRect
ToAsciiEx
GetFocus
GetMenu
GetLastInputInfo
CheckMenuRadioItem
VkKeyScanExW
CharLowerW
GetClassWord
EnumWindowStationsW
ModifyMenuW
CreateDialogParamW
DrawAnimatedRects
DestroyWindow
GetMenuBarInfo
TileWindows
GetWindowPlacement
DrawIcon
GetThreadDesktop
GetActiveWindow
ReplyMessage
CopyAcceleratorTableW
CloseDesktop
LookupIconIdFromDirectory
SetTimer
SetSysColors
GetInputState
GetWindowInfo
DestroyAcceleratorTable
PaintDesktop
CreateCaret
OemKeyScan
SetCoalescableTimer
GetQueueStatus
UnregisterPointerInputTarget
GetKBCodePage
SendDlgItemMessageW
MessageBoxA
RegisterHotKey
GetSysColor
DialogBoxIndirectParamW
IsWindowEnabled
SetMenu
IsDlgButtonChecked
UnhookWindowsHookEx
DdeQueryStringW
WinHelpW
SetLayeredWindowAttributes
IntersectRect
SetWindowContextHelpId
EnumDisplayDevicesW
GetProcessDefaultLayout
GetWindowDC
EndDeferWindowPos
InsertMenuW
IsZoomed
UnloadKeyboardLayout
DdeNameService
DdeGetData
CreateDialogIndirectParamW
RegisterPointerInputTargetEx
UserHandleGrantAccess
DdeFreeStringHandle
DialogBoxParamW
LoadCursorFromFileW
UnhookWinEvent
GetAncestor
GetNextDlgTabItem
SendMessageCallbackW
SetWindowTextW

Exports

Exports

Cokgsoigjseoigjse
Hoisdgjfiosjgie

Sections

.text
Size: 464KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 291KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04de0ad9c37eb7bd52043d2ecac958df

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7fCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

04:0d:50:34:d9:d5:b2:74:e3:7b:42:9c:b2:20:c0:e4:f0:a0:be:42:30:5f:68:9d:f1:2c:5e:79:08:f0:27:e1Signer

be:c9:d8:3f:06:9b:df:1c:14:7d:4a:b1:44:ad:e3:46:1e:7a:46:c3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

winsta

comctl32

version

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 865KB - Virtual size: 864KB

.rdata Size: 243KB - Virtual size: 243KB

.data Size: 16KB - Virtual size: 31KB

.gfids Size: 512B - Virtual size: 228B

.rsrc Size: 239KB - Virtual size: 239KB

.reloc Size: 50KB - Virtual size: 49KB

a7333368867e60415d9e1986c2d6a964

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 464KB - Virtual size: 463KB

.data Size: 291KB - Virtual size: 295KB

.cdata Size: 76KB - Virtual size: 75KB

.reloc Size: 12KB - Virtual size: 11KB

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

04:0d:50:34:d9:d5:b2:74:e3:7b:42:9c:b2:20:c0:e4:f0:a0:be:42:30:5f:68:9d:f1:2c:5e:79:08:f0:27:e1
Signer

be:c9:d8:3f:06:9b:df:1c:14:7d:4a:b1:44:ad:e3:46:1e:7a:46:c3
Signer

.text
Size: 865KB - Virtual size: 864KB

.rdata
Size: 243KB - Virtual size: 243KB

.data
Size: 16KB - Virtual size: 31KB

.gfids
Size: 512B - Virtual size: 228B

.rsrc
Size: 239KB - Virtual size: 239KB

.reloc
Size: 50KB - Virtual size: 49KB

.text
Size: 464KB - Virtual size: 463KB

.data
Size: 291KB - Virtual size: 295KB

.cdata
Size: 76KB - Virtual size: 75KB

.reloc
Size: 12KB - Virtual size: 11KB