794f59492c6ec05b0b19e84c901992ce099eb3b821cc812e52bd717517c49746

Sharing

Copy URL Twitter E-mail

General

Target

794f59492c6ec05b0b19e84c901992ce099eb3b821cc812e52bd717517c49746
Size

689KB
MD5

4e8697710b88365276f1b718f7127558
SHA1

362dc6e2982885f7ecdb243f0442687ff67ab245
SHA256

794f59492c6ec05b0b19e84c901992ce099eb3b821cc812e52bd717517c49746
SHA512

243659c3fab6a1a611404ddb44cf3c3a0ba9bdc3adc530acce6ad48d8c426c359452cfa0e0e1cd43bed950805b32575d0c1558e96728fc0bb41458420020bd24
SSDEEP

12288:4cjvBfYIcs5KGCQtuEpa6ZQA5kQRV9C1f5vYTNpvUFj+sIR/zdXTwTVnydua03TY:nGrsgGCQkI/ZD5kQRVE1Bv6p7Twhnyse

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
794f59492c6ec05b0b19e84c901992ce099eb3b821cc812e52bd717517c49746
unpack001/$0/Profiles/$6/extensions/[email protected]/bt-uninst.exe
unpack002/$PLUGINSDIR/nsExec.dll
unpack002/$PLUGINSDIR/nsProcess.dll
unpack002/atlogon.exe
unpack001/$0/Profiles/$6/extensions/[email protected]/components/ReducBarre.dll
unpack001/$0/Profiles/$6/extensions/[email protected]/components/ReducBarre.new
unpack001/$PLUGINSDIR/AccessControl.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/atlogon.exe
unpack001/gpscarbu.dll
unpack001/update.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$0/Profiles/$6/extensions/[email protected]/bt-uninst.exe	nsis_installer_1
static1/unpack001/$0/Profiles/$6/extensions/[email protected]/bt-uninst.exe	nsis_installer_2

Files

794f59492c6ec05b0b19e84c901992ce099eb3b821cc812e52bd717517c49746
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/Profiles/$6/extensions/[email protected]/bt-uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
atlogon.exe
.exe windows:5 windows x86 arch:x86

8305998f209d2e05528275c0535c8b5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\reducbarre\IE\ToolBand58\setup toolbar\atlogon_RC4\bin\Win32\Release\atlogon.pdb

Imports

kernel32

GetLastError
LocalFree
InterlockedDecrement
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
SetFilePointer
HeapAlloc
HeapFree
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
WideCharToMultiByte
HeapSize
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupAccountSidW

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/Profiles/$6/extensions/[email protected]/chrome.manifest
$0/Profiles/$6/extensions/[email protected]/components/ReducBarre.dll
.dll windows:5 windows x86 arch:x86

58aeebfd774eee20b04896ff0c21ca69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringA
RpcStringFreeA

urlmon

URLDownloadToFileA

wininet

HttpOpenRequestA
InternetOpenA
InternetQueryOptionA
InternetGetLastResponseInfoA
HttpSendRequestA
InternetSetOptionA
HttpQueryInfoA
InternetReadFile
InternetErrorDlg
InternetCloseHandle
InternetConnectA

xpcom

NS_GetComponentManager
NS_Free
NS_CStringSetData
NS_CStringContainerInit
NS_Alloc
NS_CStringGetData
NS_GetServiceManager
NS_CStringContainerFinish

kernel32

CreateFileA
MultiByteToWideChar
RaiseException
EnterCriticalSection
LeaveCriticalSection
lstrlenA
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceA
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
LockResource
LoadResource
lstrcpyA
CompareStringA
GetModuleFileNameA
lstrcmpiA
lstrlenW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrcmpA
MulDiv
WideCharToMultiByte
SetLastError
GlobalUnlock
GlobalLock
WriteFile
GlobalFree
GetTempPathA
GlobalHandle
GetVersionExA
OutputDebugStringA
Sleep
FormatMessageA
GetModuleHandleA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadLibraryExA
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetStdHandle
ExitProcess
HeapReAlloc
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
CreateThread
ResumeThread
ExitThread
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LocalFree
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
ReadFile
CloseHandle
SetEndOfFile
CreateFileW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetConsoleCP

user32

GetWindowLongA
MoveWindow
DefWindowProcA
SetWindowLongA
GetParent
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindowRect
UnregisterClassA
SendDlgItemMessageA
GetSystemMetrics
SetForegroundWindow
MapDialogRect
SetWindowContextHelpId
GetMessagePos
SetActiveWindow
KillTimer
SetTimer
ShowWindow
CreateDialogIndirectParamA
RegisterWindowMessageA
GetActiveWindow
CreateAcceleratorTableA
MessageBeep
SetDlgItemTextA
RegisterClassExA
GetWindow
EndDialog
SetRectEmpty
DestroyCursor
GetSysColor
CreateWindowExA
LoadCursorA
GetClassInfoExA
GetDesktopWindow
DestroyAcceleratorTable
GetDlgItem
IsChild
RedrawWindow
InvalidateRgn
ClientToScreen
DialogBoxParamA
GetClassNameA
CreateCursor
OffsetRect
GetCapture
ReleaseCapture
ReleaseDC
GetDC
EndPaint
BeginPaint
CharNextA
GetFocus
GetCursorPos
SetCursor
DrawFocusRect
DrawTextA
PtInRect
FillRect
CallWindowProcA
IsWindow
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
SendMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DestroyWindow

gdi32

CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
CreateFontIndirectA
DeleteDC
GetObjectA
SelectObject
SetBkMode
DeleteObject
GetDeviceCaps
SetTextColor

advapi32

RegQueryInfoKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoTaskMemRealloc
CoCreateGuid
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning

oleaut32

SysAllocString
SysAllocStringByteLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
DispCallFunc
VarUI4FromStr
SysAllocStringLen
SysStringLen
SysFreeString

comctl32

_TrackMouseEvent

nspr4

PR_AtomicIncrement
PR_AtomicDecrement

Exports

Exports

NSGetModule

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/Profiles/$6/extensions/[email protected]/components/ReducBarre.new
.dll windows:5 windows x86 arch:x86

58aeebfd774eee20b04896ff0c21ca69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidToStringA
RpcStringFreeA

urlmon

URLDownloadToFileA

wininet

HttpOpenRequestA
InternetOpenA
InternetQueryOptionA
InternetGetLastResponseInfoA
HttpSendRequestA
InternetSetOptionA
HttpQueryInfoA
InternetReadFile
InternetErrorDlg
InternetCloseHandle
InternetConnectA

xpcom

NS_GetComponentManager
NS_Free
NS_CStringSetData
NS_CStringContainerInit
NS_Alloc
NS_CStringGetData
NS_GetServiceManager
NS_CStringContainerFinish

kernel32

CreateFileA
MultiByteToWideChar
RaiseException
EnterCriticalSection
LeaveCriticalSection
lstrlenA
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceA
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
LockResource
LoadResource
lstrcpyA
CompareStringA
GetModuleFileNameA
lstrcmpiA
lstrlenW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrcmpA
MulDiv
WideCharToMultiByte
SetLastError
GlobalUnlock
GlobalLock
WriteFile
GlobalFree
GetTempPathA
GlobalHandle
GetVersionExA
OutputDebugStringA
Sleep
FormatMessageA
GetModuleHandleA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadLibraryExA
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetStdHandle
ExitProcess
HeapReAlloc
HeapDestroy
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
CreateThread
ResumeThread
ExitThread
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LocalFree
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
ReadFile
CloseHandle
SetEndOfFile
CreateFileW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetConsoleCP

user32

GetWindowLongA
MoveWindow
DefWindowProcA
SetWindowLongA
GetParent
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindowRect
UnregisterClassA
SendDlgItemMessageA
GetSystemMetrics
SetForegroundWindow
MapDialogRect
SetWindowContextHelpId
GetMessagePos
SetActiveWindow
KillTimer
SetTimer
ShowWindow
CreateDialogIndirectParamA
RegisterWindowMessageA
GetActiveWindow
CreateAcceleratorTableA
MessageBeep
SetDlgItemTextA
RegisterClassExA
GetWindow
EndDialog
SetRectEmpty
DestroyCursor
GetSysColor
CreateWindowExA
LoadCursorA
GetClassInfoExA
GetDesktopWindow
DestroyAcceleratorTable
GetDlgItem
IsChild
RedrawWindow
InvalidateRgn
ClientToScreen
DialogBoxParamA
GetClassNameA
CreateCursor
OffsetRect
GetCapture
ReleaseCapture
ReleaseDC
GetDC
EndPaint
BeginPaint
CharNextA
GetFocus
GetCursorPos
SetCursor
DrawFocusRect
DrawTextA
PtInRect
FillRect
CallWindowProcA
IsWindow
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
ScreenToClient
SendMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DestroyWindow

gdi32

CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
CreateFontIndirectA
DeleteDC
GetObjectA
SelectObject
SetBkMode
DeleteObject
GetDeviceCaps
SetTextColor

advapi32

RegQueryInfoKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoTaskMemRealloc
CoCreateGuid
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning

oleaut32

SysAllocString
SysAllocStringByteLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
DispCallFunc
VarUI4FromStr
SysAllocStringLen
SysStringLen
SysFreeString

comctl32

_TrackMouseEvent

nspr4

PR_AtomicIncrement
PR_AtomicDecrement

Exports

Exports

NSGetModule

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/Profiles/$6/extensions/[email protected]/components/ReducBarre.xpt
$0/Profiles/$6/extensions/[email protected]/content/captain.js
.js
$0/Profiles/$6/extensions/[email protected]/content/captain.old
.js
$0/Profiles/$6/extensions/[email protected]/content/contents.rdf
.xml
$0/Profiles/$6/extensions/[email protected]/content/contents.rdf-bluefish
.xml
$0/Profiles/$6/extensions/[email protected]/content/firefoxOverlay.xul
.js .xml polyglot
$0/Profiles/$6/extensions/[email protected]/install.rdf
.xml
$0/Profiles/$6/extensions/[email protected]/locale/en-US/reducbarre.dtd
$0/Profiles/$6/extensions/[email protected]/locale/en-US/reducbarre.properties
$0/Profiles/$6/extensions/[email protected]/[email protected]
$0/Profiles/$6/extensions/[email protected]/skin/alert.png
.png
$0/Profiles/$6/extensions/[email protected]/skin/cancel.png
.png
$0/Profiles/$6/extensions/[email protected]/skin/contents.rdf
.xml
$0/Profiles/$6/extensions/[email protected]/skin/help.png
.png
$0/Profiles/$6/extensions/[email protected]/skin/info.png
.png
$0/Profiles/$6/extensions/[email protected]/skin/menu.png
.png
$0/Profiles/$6/extensions/[email protected]/skin/money.png
.png
$0/Profiles/$6/extensions/[email protected]/skin/overlay.css
$0/Profiles/$6/extensions/[email protected]/skin/yes1.png
.png
$0/Profiles/$6/extensions/[email protected]/skin/yes2.png
.png
$PLUGINSDIR/AccessControl.dll
.dll windows:4 windows x86 arch:x86

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

ConvertStringSidToSidA
LookupAccountNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
GetUserNameA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
OpenProcessToken
LookupAccountSidA
ConvertSidToStringSidA
GetSidSubAuthority
GetSidSubAuthorityCount

kernel32

lstrcmpiA
lstrcpyA
LocalAlloc
lstrlenA
LocalFree
GetLastError
GlobalFree
lstrcpynA
GlobalAlloc
GetFileAttributesA
CloseHandle
GetCurrentProcess
lstrcatA

user32

wsprintfA

Exports

Exports

ClearOnFile
ClearOnRegKey
DenyOnFile
DenyOnRegKey
DisableFileInheritance
DisableRegKeyInheritance
EnableFileInheritance
EnableRegKeyInheritance
GetCurrentUserName
GetFileGroup
GetFileOwner
GetRegKeyGroup
GetRegKeyOwner
GrantOnFile
GrantOnRegKey
IsUserTheAdministrator
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner
SidToName

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
atlogon.exe
.exe windows:5 windows x86 arch:x86

8305998f209d2e05528275c0535c8b5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\reducbarre\IE\ToolBand58\setup toolbar\atlogon_RC4\bin\Win32\Release\atlogon.pdb

Imports

kernel32

GetLastError
LocalFree
InterlockedDecrement
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
SetFilePointer
HeapAlloc
HeapFree
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
WideCharToMultiByte
HeapSize
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupAccountSidW

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gpscarbu.dll
.dll regsvr32 windows:5 windows x86 arch:x86

352102cbb7f3b61971ee5083d35be31d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\reducbarre\IE\ToolBand58\ReleaseMinDependency\ReducBarre.pdb

Imports

rpcrt4

UuidToStringA
RpcStringFreeA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shlwapi

StrToIntA

wininet

InternetCloseHandle
InternetErrorDlg
InternetReadFile
InternetSetOptionA
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetQueryOptionA
FindCloseUrlCache
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
GetUrlCacheEntryInfoA
InternetGetLastResponseInfoA
FindNextUrlCacheEntryA

ws2_32

inet_addr
gethostbyname
sendto
WSAGetLastError
recvfrom
closesocket
WSACleanup
inet_ntoa
WSASocketA
WSAStartup
setsockopt

urlmon

URLDownloadToFileA

kernel32

EnterCriticalSection
LeaveCriticalSection
lstrlenA
InterlockedIncrement
FlushInstructionCache
GetCurrentProcess
GlobalAlloc
FindResourceA
InterlockedDecrement
GetCurrentThreadId
LockResource
LoadResource
lstrlenW
GetLastError
lstrcmpA
MulDiv
WideCharToMultiByte
GetModuleFileNameA
GlobalUnlock
GlobalLock
SetLastError
lstrcpyA
CompareStringA
lstrcmpiA
CloseHandle
WriteFile
CreateFileA
GlobalFree
GetTempPathA
GlobalHandle
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadLibraryExA
GetModuleHandleA
DisableThreadLibraryCalls
DebugBreak
OutputDebugStringA
Sleep
TerminateThread
RaiseException
GetCurrentProcessId
FormatMessageA
DeleteFileA
ReadFile
GetFileSize
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
WaitForSingleObject
CreateProcessA
HeapAlloc
GetProcessHeap
MoveFileExA
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
ExitProcess
HeapReAlloc
FatalAppExitA
HeapDestroy
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetLocalTime
GetSystemTimeAsFileTime
CreateThread
ResumeThread
ExitThread
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
LocalFree
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapFree
InterlockedCompareExchange
MultiByteToWideChar
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileW
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
OpenFile

user32

KillTimer
GetKeyState
TranslateMessage
DispatchMessageA
GetComboBoxInfo
SetActiveWindow
TrackPopupMenu
CreatePopupMenu
CheckMenuRadioItem
AppendMenuA
CheckMenuItem
ShowWindow
SetWindowsHookExA
CallNextHookEx
SetForegroundWindow
GetSysColorBrush
GetMenuItemInfoA
InflateRect
DrawEdge
FrameRect
IsWindowVisible
DrawFrameControl
DestroyMenu
SystemParametersInfoA
CharUpperBuffA
GetWindowDC
GetMessagePos
LoadImageA
CopyRect
MapDialogRect
SetWindowContextHelpId
UnregisterClassA
UnhookWindowsHookEx
SetWindowLongA
GetWindowLongA
MoveWindow
DefWindowProcA
EndDialog
SendDlgItemMessageA
GetParent
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoA
MonitorFromWindow
GetWindowRect
GetWindow
SetRectEmpty
DialogBoxParamA
SetTimer
MessageBoxA
wvsprintfA
CharNextW
CreateDialogIndirectParamA
RegisterWindowMessageA
CreateAcceleratorTableA
GetActiveWindow
GetCapture
GetCursorPos
SetCursor
DrawFocusRect
PtInRect
GetDlgCtrlID
IsWindowEnabled
UpdateWindow
OffsetRect
MessageBeep
DrawTextA
SetDlgItemTextA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
SendMessageA
GetDesktopWindow
GetFocus
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
DestroyWindow
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
CharNextA
GetSysColor
GetSystemMetrics

gdi32

CreatePatternBrush
PatBlt
SetBkColor
SetBrushOrgEx
CreateFontIndirectA
SetTextColor
SetBkMode
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateDIBSection
GetTextExtentPointA
EnumFontFamiliesExA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
CreateBitmap
DeleteObject

advapi32

RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

OleUninitialize
OleRun
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
CoInitialize
CoCreateGuid
OleInitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
OleLockRunning
CoUninitialize
RegisterDragDrop
StringFromGUID2
ReleaseStgMedium

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
VariantInit
VariantClear
SetErrorInfo
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
DispCallFunc
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VarBstrCmp
VariantChangeType
SysStringByteLen
VariantCopy
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
GetErrorInfo
CreateErrorInfo

comctl32

ImageList_AddMasked
ImageList_Draw
ImageList_LoadImageA
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
InitCommonControlsEx
_TrackMouseEvent

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt
update.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 410B

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 646B

.data Size: - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 146B

8305998f209d2e05528275c0535c8b5c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 410B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 646B

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 146B

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 222KB - Virtual size: 221KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 11KB - Virtual size: 18KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 222KB - Virtual size: 221KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 11KB - Virtual size: 18KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 348B