65ewe[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

65ewe.zip
Size

37.4MB
MD5

612f55abe38fde2136df8e3a56a2d90d
SHA1

0b014e42631de33c2fa12c078338dec382ec8461
SHA256

f8f04c79d0c8d1bb0fdf960974e20f8fedcdc1ae08a7abad607e8939832b8af1
SHA512

806b95c11aff4c213a351dcf3bef385de4efcae497c3aeafadcd7b63db60c9eea8914c435af0509777efc7df15342d4e485b840912e397dbcaa34f42cc79856d
SSDEEP

786432:h0hpRR730kCsQ2YbYaoEHeJ+v6L6FiS2+wHAi1RoS9pVivXMaj0l+OV2FT1tJzh:h0hpRR73hS2YcanFif+wDzELl51tJzh

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/7zxa.dll
unpack001/unrar.dll

Files

65ewe.zip
.zip
7zxa.dll
.dll windows:6 windows x86 arch:x86

4d1042c294934c68633e048fc30ccdb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathCanonicalizeW
PathCombineW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CopyImage
MoveWindow
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
SetCaretPos
GetCaretPos
ScrollWindowEx
GetDlgCtrlID
GetUpdateRgn
FrameRect
RegisterWindowMessageW
FillRect
GetMenuStringW
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoW
GetScrollRange
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
SendNotifyMessageW
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
ChildWindowFromPointEx
CreatePopupMenu
ShowCaret
GetMenuItemID
CharLowerBuffW
ChangeDisplaySettingsW
PostMessageW
SetWindowLongW
RegisterClassExW
DrawMenuBar
SetParent
IsZoomed
InvalidateRgn
SetSystemCursor
GetClientRect
IsChild
IntersectRect
IsIconic
CallNextHookEx
CloseDesktop
ShowWindow
SetForegroundWindow
GetWindowTextW
GetAsyncKeyState
GetWindowTextLengthW
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetFocus
GetDC
SetThreadDesktop
GetThreadDesktop
SetFocus
ReleaseDC
mouse_event
GetClassLongW
OpenDesktopA
DrawTextW
SetScrollRange
ChangeDisplaySettingsExA
PeekMessageA
TabbedTextOutW
MessageBeep
SetClassLongW
SetRectEmpty
RemovePropW
LockWindowUpdate
GetSubMenu
EqualRect
OpenInputDesktop
DestroyIcon
IsWindowVisible
DispatchMessageA
PtInRect
UnregisterClassW
GetTopWindow
SendMessageW
DragDetect
GetTabbedTextExtentW
GetMessageTime
NotifyWinEvent
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetWindowRgn
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
CharLowerBuffA
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
DrawIconEx
keybd_event
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetSysColors
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
IsRectEmpty
ValidateRect
GetCursor
KillTimer
BeginDeferWindowPos
WaitMessage
CreateDesktopW
TranslateMDISysAccel
GetWindowPlacement
GetClipboardFormatNameW
CreateIconIndirect
CreateWindowExW
EnumDisplaySettingsA
ChildWindowFromPoint
OpenDesktopW
GetMessageW
GetDCEx
SetProcessWindowStation
PeekMessageW
MonitorFromWindow
GetUpdateRect
SetTimer
WindowFromPoint
BeginPaint
DrawStateW
RegisterClipboardFormatW
MapVirtualKeyW
OffsetRect
IsWindowUnicode
DispatchMessageW
CreateAcceleratorTableW
DefMDIChildProcW
GetSystemMenu
SetScrollPos
GetScrollPos
InflateRect
DrawFocusRect
ReleaseCapture
LoadCursorW
GetGUIThreadInfo
ScrollWindow
GetLastActivePopup
UnionRect
SetMenuInfo
GetMenuInfo
GetSystemMetrics
EnumDisplayDevicesA
CharUpperBuffW
ClientToScreen
SetClipboardData
GetClipboardData
SetWindowPlacement
SetCaretBlinkTime
GetCaretBlinkTime
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
EnableWindow
GetWindowThreadProcessId
RedrawWindow
GetListBoxInfo
EndPaint
MsgWaitForMultipleObjectsEx
GetUserObjectInformationA
LoadKeyboardLayoutW
EnumDisplaySettingsW
ActivateKeyboardLayout
GetParent
MonitorFromRect
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
EnumWindowStationsW
UpdateWindow
MsgWaitForMultipleObjects
VkKeyScanW
DestroyMenu
SetWindowsHookExW
CloseWindowStation
EmptyClipboard
GetDoubleClickTime
GetAncestor
GetDlgItem
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
OpenWindowStationA
LookupIconIdFromDirectoryEx
SetKeyboardState
GetKeyboardState
OemToCharBuffW
DrawFrameControl
ScreenToClient
WindowFromDC
BringWindowToTop
SetCursor
CreateIcon
GetDialogBaseUnits
RemoveMenu
AppendMenuW
SubtractRect
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
PostMessageA
UpdateLayeredWindow
CharUpperBuffA
CopyIcon
PostQuitMessage
GetProcessWindowStation
ShowScrollBar
EnableMenuItem
LoadImageW
DeferWindowPos
EndDeferWindowPos
HideCaret
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetWindow
GetWindowLongW
GetWindowRect
ToUnicode
InsertMenuW
MenuItemFromPoint
PostThreadMessageW
IsWindowEnabled
IsDialogMessageA
GetMenuDefaultItem
FindWindowW
DeleteMenu
GetKeyboardLayout

oleaut32

SafeArrayPutElement
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
SafeArrayCreateVector
SafeArrayGetElemsize
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType

advapi32

RegSetValueExW
RegSetValueExA
RegConnectRegistryW
RegCreateKeyA
GetUserNameW
GetUserNameA
LookupAccountNameW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegReplaceKeyW
GetTokenInformation
LookupAccountSidW
RegCreateKeyExW
RegLoadKeyW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExA
RegOpenKeyExW
OpenProcessToken
RegDeleteValueW
RegFlushKey
RegQueryValueExA
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegRestoreKeyW

msvcrt

isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
sprintf
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
tolower
islower

netapi32

NetWkstaGetInfo

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
GetFileTime
GetFileType
SetFileTime
QueryDosDeviceW
GetACP
GetExitCodeProcess
GetStringTypeExW
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TlsAlloc
OpenFileMappingW
QueryPerformanceFrequency
lstrcmpiW
TerminateThread
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
FindNextChangeNotification
GetCPInfoExW
GlobalSize
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
DosDateTimeToFileTime
GetUserDefaultLCID
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
OpenMutexW
lstrlenA
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
CreateMutexW
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
MoveFileW
RaiseException
GlobalAddAtomW
FindFirstChangeNotificationW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetStringTypeW
GetCurrentThread
GetLogicalDrives
LocalFileTimeToFileTime
GetFileAttributesExW
IsBadReadPtr
GetMailslotInfo
ExpandEnvironmentStringsW
LockResource
LoadLibraryExW
TerminateProcess
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
SetVolumeLabelW
EnterCriticalSection
ReleaseMutex
SetFilePointer
FlushFileBuffers
GetStringTypeExA
LoadResource
SuspendThread
GetTickCount
WaitForMultipleObjects
CreateMailslotW
GetTempFileNameW
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
VerLanguageNameW
GetThreadPriority
GetCurrentProcess
GlobalLock
SetThreadPriority
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
WinExec
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetProcessTimes
GetWindowsDirectoryW
LCMapStringW
SignalObjectAndWait
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
lstrlenW
CompareStringA
QueryPerformanceCounter
SetEndOfFile
WaitForSingleObjectEx
lstrcmpW
InitializeCriticalSectionAndSpinCount
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
SystemTimeToFileTime
EnumResourceNamesW
GetSystemDirectoryW
DeleteFileW
IsDBCSLeadByteEx
FindCloseChangeNotification
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
GetSystemPowerStatus
GetOEMCP
WriteFile
CreateFileMappingW
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
GetTimeFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
TzSpecificLocalTimeToSystemTime
SetComputerNameW
IsValidLocale
SleepEx
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

shfolder

SHGetFolderPathW

wsock32

select
setsockopt
getsockopt
WSACleanup
gethostbyname
bind
gethostname
closesocket
WSAGetLastError
connect
inet_addr
send
ntohs
htons
accept
WSAStartup
__WSAFDIsSet
getsockname
listen
recv
socket
inet_ntoa
ioctlsocket
shutdown

gdiplus

GdipFillEllipseI
GdipCloneImage
GdipDrawBezier
GdipDrawImagePointsRectI
GdipSetPenDashOffset
GdipGetPenDashOffset
GdipCreateFontFromDC
GdipClonePath
GdipIsVisibleRegionRect
GdipSetClipHrgn
GdipSetPixelOffsetMode
GdipGetLineColors
GdipSetClipPath
GdipGetEmHeight
GdipGetRegionBoundsI
GdipDrawPie
GdipFillRectangle
GdipGetPageUnit
GdipSetPageUnit
GdipGetLineGammaCorrection
GdipGetRegionDataSize
GdipFillClosedCurveI
GdipAddPathPolygon
GdipCombineRegionPath
GdipCreateMetafileFromFile
GdipRestoreGraphics
GdipResetPath
GdipGetFontSize
GdipResetImageAttributes
GdipAddPathEllipse
GdipCreateHBITMAPFromBitmap
GdipSetPathGradientTransform
GdipGetPathGradientTransform
GdipSetImageAttributesRemapTable
GdipFillPie
GdipDrawCurve2
GdipCreateHatchBrush
GdipSetLineGammaCorrection
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipGetLineBlendCount
GdipGetSolidFillColor
GdipGetImageBounds
GdipSetSolidFillColor
GdipSetLineLinearBlend
GdipLoadImageFromFile
GdipGetPenCompoundCount
GdipAddPathEllipseI
GdipScaleMatrix
GdipSetLineWrapMode
GdipGetLineWrapMode
GdipSetLineColors
GdipCloneBrush
GdipGetMetafileHeaderFromFile
GdipSaveAdd
GdipGetGenericFontFamilyMonospace
GdipRecordMetafileI
GdipCreateFromHDC
GdipGetClipBounds
GdipSetImageAttributesOutputChannelColorProfile
GdipDeletePath
GdipIsVisibleClipEmpty
GdipIsVisibleRegionRectI
GdipIsVisiblePoint
GdipGetPenWidth
GdipSetPenWidth
GdipShearMatrix
GdipSetClipGraphics
GdipGetStringFormatDigitSubstitution
GdipDisposeImageAttributes
GdipCreateMatrix3
GdipRecordMetafileFileName
GdipCreatePathGradient
GdipGetFontUnit
GdipGetImageRawFormat
GdipSetLinePresetBlend
GdipRecordMetafileStream
GdipDrawImagePointsI
GdipCreateBitmapFromStream
GdipTranslateRegion
GdipEnumerateMetafileDestPoint
GdipGetLineRect
GdipGetVisibleClipBoundsI
GdipDeleteCachedBitmap
GdipSetImageAttributesColorMatrix
GdipGetHatchStyle
GdipDrawClosedCurve2
GdipSetPathGradientCenterPointI
GdipDrawArc
GdipAlloc
GdipClosePathFigure
GdipDrawImageI
GdipAddPathCurve
GdipGetPenMiterLimit
GdipSetPenMiterLimit
GdipAddPathLineI
GdipGetStringFormatTrimming
GdipSetPropertyItem
GdipGetPropertyItem
GdipAddPathCurveI
GdipCreatePath
GdipCreatePen1
GdipFlattenPath
GdipVectorTransformMatrixPoints
GdipClonePen
GdipDrawCurveI
GdipGetFontStyle
GdipGetImageAttributesAdjustedPalette
GdipDeletePen
GdipGetPathGradientCenterColor
GdipCreateBitmapFromStreamICM
GdipSetPathGradientCenterColor
GdipEnumerateMetafileDestPointsI
GdipGetPageScale
GdipSetPageScale
GdipCreateFromHDC2
GdipTransformPath
GdipCreateLineBrushFromRectWithAngleI
GdipMultiplyLineTransform
GdipFree
GdipCreateTexture2
GdipBeginContainer
GdipResetTextureTransform
GdipAddPathPolygonI
GdipReversePath
GdipGetFontHeight
GdipGetPenCompoundArray
GdipGetLineSpacing
GdipTranslateWorldTransform
GdipGetPenMode
GdipDrawLinesI
GdipAddPathClosedCurve2I
GdipCreateRegionHrgn
GdipEnumerateMetafileSrcRectDestRectI
GdipCreateRegionPath
GdipSetPenCustomEndCap
GdiplusStartup
GdipImageRotateFlip
GdipVectorTransformMatrixPointsI
GdipGetTextureTransform
GdipMultiplyMatrix
GdipDrawCurve
GdipAddPathBeziersI
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromWmf
GdipDisposeImage
GdipSetClipRect
GdipCreatePath2I
GdipGetHatchForegroundColor
GdipGetCustomLineCapStrokeCaps
GdipGetClipBoundsI
GdipSetCustomLineCapStrokeCaps
GdipClosePathFigures
GdipMultiplyPenTransform
GdipGetClip
GdipCreateBitmapFromHBITMAP
GdipSetPathGradientSigmaBlend
GdipCreateRegion
GdipScaleLineTransform
GdipAddPathClosedCurve2
GdipGetPenDashArray
GdipSetPenDashArray
GdipResetClip
GdipAddPathStringI
GdipDrawCachedBitmap
GdipGetRegionScansCount
GdipGetTextureImage
GdipEnumerateMetafileSrcRectDestRect
GdipGetImageType
GdipDrawBezierI
GdipSetImageAttributesThreshold
GdipGetMetafileDownLevelRasterizationLimit
GdipSetMetafileDownLevelRasterizationLimit
GdipGetWorldTransform
GdipIsVisiblePathPoint
GdipGetPathWorldBoundsI
GdipAddPathLine2
GdipCombineRegionRectI
GdipSetWorldTransform
GdipGetAllPropertyItems
GdipAddPathCurve2I
GdipAddPathCurve3I
GdipResetPathGradientTransform
GdipDrawPolygonI
GdipRecordMetafileFileNameI
GdipGetGenericFontFamilySerif
GdipDrawLine
GdipEnumerateMetafileDestPoints
GdipDrawCurve3
GdipGetPathWorldBounds
GdipGetHemfFromMetafile
GdipDrawPath
GdipGetPenFillType
GdipDrawRectangle
GdipCreateBitmapFromHICON
GdipTranslateTextureTransform
GdipSetImageAttributesNoOp
GdipTranslateMatrix
GdipFillRectangles
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipSetCompositingMode
GdipGetPathGradientPath
GdipGetPropertyIdList
GdipDeleteStringFormat
GdipGetCompositingQuality
GdipSetCompositingQuality
GdipTranslateClipI
GdipSetLineSigmaBlend
GdipGetDpiX
GdipTransformMatrixPoints
GdipGetPathGradientRectI
GdipIsVisiblePathPointI
GdipCreateSolidFill
GdipBitmapSetResolution
GdipDrawRectangles
GdipGetGenericFontFamilySansSerif
GdipCreateBitmapFromGraphics
GdipGetPathGradientWrapMode
GdipGetMetafileHeaderFromStream
GdipSetImageAttributesGamma
GdipScaleWorldTransform
GdipIsMatrixInvertible
GdipDrawDriverString
GdipCreateFontFamilyFromName
GdipCreateMatrix2
GdipCreateBitmapFromResource
GdipIsVisibleRegionPoint
GdipCreateMetafileFromEmf
GdipCreateMetafileFromWmf
GdipCreateRegionRect
GdipCreateMatrix
GdipEndContainer
GdipComment
GdipSetPathGradientBlend
GdipGetPathGradientBlend
GdipGetImageVerticalResolution
GdipLoadImageFromStreamICM
GdipGetStringFormatTabStopCount
GdipCreateMetafileFromWmfFile
GdipGetCustomLineCapBaseInset
GdipSetCustomLineCapBaseInset
GdipIsInfiniteRegion
GdipResetWorldTransform
GdipImageGetFrameCount
GdipEnumerateMetafileSrcRectDestPointsI
GdipDrawImagePointsRect
GdipDrawPolygon
GdipDrawEllipse
GdipGetPathPoints
GdipAddPathArc
GdipIsClipEmpty
GdipGetPathGradientGammaCorrection
GdipSetPathGradientGammaCorrection
GdipGetCellDescent
GdipCreatePen2
GdipDrawClosedCurve
GdipCreatePathGradientFromPath
GdipGetMetafileHeaderFromMetafile
GdipDrawArcI
GdipRotateMatrix
GdipIsEqualRegion
GdipDrawPieI
GdipGetRenderingOrigin
GdipDeleteFont
GdipDeleteCustomLineCap
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipCreateCachedBitmap
GdipMeasureDriverString
GdipRemovePropertyItem
GdipGetRegionHRgn
GdipIsStyleAvailable
GdipResetLineTransform
GdipSetPenCompoundArray
GdipGetImagePixelFormat
GdipGetImageHeight
GdipSaveGraphics
GdipCreateImageAttributes
GdipCombineRegionRegion
GdipCreateLineBrush
GdipFillPolygon
GdipDrawImageRect
GdipAddPathBezier
GdipFillEllipse
GdipDrawImageRectI
GdipRotatePenTransform
GdipSetTextureTransform
GdipGetFontHeightGivenDPI
GdipMeasureString
GdipAddPathBeziers
GdipEmfToWmfBits
GdipFillClosedCurve
GdipFillPolygonI
GdipMultiplyPathGradientTransform
GdipBitmapLockBits
GdipLoadImageFromStream
GdipGetStringFormatTabStops
GdipCreateFont
GdipDrawImage
GdipAddPathRectangles
GdipCreateLineBrushFromRectI
GdipDrawClosedCurveI
GdipIsMatrixIdentity
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipFillPath
GdipFillClosedCurve2I
GdipCreateTexture2I
GdipCloneImageAttributes
GdipEnumerateMetafileDestRect
GdipBeginContainerI
GdipGetTextureWrapMode
GdipDeleteFontFamily
GdipGetLogFontA
GdipGraphicsClear
GdipAddPathPie
GdipDeleteRegion
GdipGetPropertySize
GdipAddPathCurve3
GdipCreateHalftonePalette
GdipLoadImageFromFileICM
GdipBitmapGetPixel
GdipCreateTexture
GdipBitmapSetPixel
GdipGetPenColor
GdipSetPenColor
GdipGetPathGradientRect
GdipGetPenTransform
GdipSetPenTransform
GdipDrawLines
GdipCreateMetafileFromStream
GdipCreateFromHWND
GdipGetCellAscent
GdipCreateRegionRgnData
GdipCreateBitmapFromFile
GdipAddPathLine
GdipWindingModeOutline
GdipGetRegionBounds
GdipCreateHICONFromBitmap
GdipSetPathGradientPath
GdipGetPixelOffsetMode
GdipGetImageThumbnail
GdipGetImagePaletteSize
GdipAddPathString
GdipGetImageWidth
GdipSaveAddImage
GdipTranslateLineTransform
GdipGetBrushType
GdipGetEncoderParameterListSize
GdipIsOutlineVisiblePathPointI
GdipGetHatchBackgroundColor
GdipTransformRegion
GdipSetPathMarker
GdipGetLinePresetBlendCount
GdipGetFontCollectionFamilyList
GdipAddPathPath
GdipSetStringFormatTrimming
GdipRotateLineTransform
GdipStringFormatGetGenericDefault
GdipGetPathLastPoint
GdipAddPathClosedCurveI
GdipGetFamilyName
GdipRecordMetafile
GdipCreateStringFormat
GdipFillPieI
GdipIsVisibleRect
GdipBeginContainer2
GdipDeleteMatrix
GdipFillClosedCurve2
GdipDrawBeziers
GdipMultiplyWorldTransform
GdipPlayMetafileRecord
GdipGetLogFontW
GdipIsOutlineVisiblePathPoint
GdipCreateLineBrushFromRectWithAngle
GdipGetPathTypes
GdipAddPathLine2I
GdipGetImageDimension
GdipSetPenLineCap197819
GdipEnumerateMetafileSrcRectDestPointI
GdipCreateFontFromLogfontW
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipCloneStringFormat
GdipCreateFromHWNDICM
GdipDeleteGraphics
GdipCreateBitmapFromFileICM
GdipGetLinePresetBlend
GdipCloneBitmapArea
GdipGetLineTransform
GdipSetLineTransform
GdipFillRectangleI
GdipGetStringFormatHotkeyPrefix
GdipCloneFontFamily
GdipSetPenMode
GdipGetPenCustomStartCap
GdipSetPenCustomStartCap
GdipScalePenTransform
GdipAddPathArcI
GdipMultiplyTextureTransform
GdipDrawRectangleI
GdipCreateRegionRectI
GdipCreateLineBrushI
GdipGetLineRectI
GdipTransformMatrixPointsI
GdipDrawImageRectRect
GdipSaveImageToStream
GdipResetPenTransform
GdipAddPathPieI
GdipEnumerateMetafileSrcRectDestPoint
GdipFlush
GdipTranslateRegionI
GdipGetPointCount
GdipTranslateClip
GdipCreateMatrix3I
GdipDrawImagePointRectI
GdipGetPathGradientSurroundColorCount
GdipTransformPoints
GdipTranslatePathGradientTransform
GdipGetLineBlend
GdipSetLineBlend
GdipBitmapUnlockBits
GdipCloneBitmapAreaI
GdipDrawRectanglesI
GdipImageSelectActiveFrame
GdipCreateBitmapFromGdiDib
GdipIsEmptyRegion
GdipCreateBitmapFromScan0
GdipCreateLineBrushFromRect
GdipAddPathClosedCurve
GdipAddPathRectangle
GdipTransformPointsI
GdipDrawImagePointRect
GdipDrawString
GdipGetImageGraphicsContext
GdipRotatePathGradientTransform
GdipGetMatrixElements
GdipCreateTextureIA
GdipSetImagePalette
GdipGetImagePalette
GdipGetStringFormatMeasurableCharacterRangeCount
GdipStartPathFigure
GdipSetMatrixElements
GdipIsMatrixEqual
GdipIsVisibleRectI
GdipGetPenCustomEndCap
GdipStringFormatGetGenericTypographic
GdipScalePathGradientTransform
GdipGetStringFormatLineAlign
GdipSetStringFormatLineAlign
GdipGetTextContrast
GdipSetTextContrast
GdipDrawEllipseI
GdipGetImageHorizontalResolution
GdipAddPathCurve2
GdipImageGetFrameDimensionsCount
GdipSetPathGradientWrapMode
GdipEnumerateMetafileSrcRectDestPoints
GdipCreatePath2
GdipCreateFontFromLogfontA
GdipGetPathGradientCenterPoint
GdipSetClipRectI
GdipGetPathGradientPointCount
GdipSetPathGradientCenterPoint
GdipGetFamily
GdipDrawCurve2I
GdipDrawCurve3I
GdipGetRegionScansI
GdipSaveImageToFile
GdipCloneRegion
GdipIsVisiblePointI
GdipSetStringFormatMeasurableCharacterRanges
GdipSetImageAttributesToIdentity
GdipFillRectanglesI
GdipGetCustomLineCapStrokeJoin
GdipSetCustomLineCapStrokeJoin
GdipGetNearestColor
GdipSetStringFormatDigitSubstitution
GdipGetDpiY
GdipSetEmpty
GdipSetImageAttributesColorKeys
GdipGetPathPointsI
GdipGetPropertyCount
GdipGetRegionData
GdipInvertMatrix
GdipGetStringFormatAlign
GdipSetStringFormatAlign
GdipGetPathGradientFocusScales
GdipSetPathGradientFocusScales
GdipCloneFont
GdipCreatePathGradientI
GdipGetPathGradientPresetBlendCount
GdipAddPathBezierI
GdipRotateWorldTransform
GdipGetVisibleClipBounds
GdipSetRenderingOrigin
GdipImageGetFrameDimensionsList
GdipSetInfinite
GdipScaleTextureTransform

gdi32

Pie
SetBkMode
GetTextCharsetInfo
GetRandomRgn
CreateCompatibleBitmap
CreatePolygonRgn
BeginPath
GetEnhMetaFileHeader
CloseEnhMetaFile
RectVisible
AngleArc
TranslateCharsetInfo
ResizePalette
SetAbortProc
SetTextColor
GetTextColor
StretchBlt
PathToRegion
GetCharABCWidthsFloatW
GetGlyphIndicesW
ExtSelectClipRgn
ExtEscape
RoundRect
SelectClipRgn
RectInRegion
RestoreDC
FillPath
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
GetTextCharset
CreateDCW
CreateICW
CreatePen
FillRgn
PolyBezierTo
GetStockObject
CreateSolidBrush
GetFontUnicodeRanges
GetBkMode
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
ModifyWorldTransform
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetEnhMetaFileBits
GetSystemPaletteEntries
OffsetWindowOrgEx
CreatePenIndirect
GetEnhMetaFilePaletteEntries
SetMapMode
CreateFontIndirectW
PolyBezier
DPtoLP
GetNearestColor
EndDoc
GetObjectW
GetCurrentObject
GetFontData
GetWinMetaFileBits
SetROP2
GetTextExtentExPointW
GetROP2
GetOutlineTextMetricsW
GetEnhMetaFileDescriptionW
PtVisible
CreateEllipticRgnIndirect
ArcTo
CreateEnhMetaFileW
Arc
CreateRectRgnIndirect
TextOutW
SelectPalette
SetGraphicsMode
SetLayout
ExcludeClipRect
SetTextJustification
SetWindowOrgEx
MaskBlt
GetCharacterPlacementW
CreatePatternBrush
EndPage
EndPath
EqualRgn
DeleteEnhMetaFile
Chord
SetDIBits
UpdateColors
SetViewportOrgEx
GetViewportOrgEx
CreateRectRgn
SetPixelFormat
RealizePalette
GetObjectType
GetDIBColorTable
SetDIBColorTable
GetGlyphOutlineW
OffsetClipRgn
GetTextMetricsA
CreateBrushIndirect
StrokePath
PatBlt
SelectClipPath
SetEnhMetaFileBits
CreateDCA
CreateEllipticRgn
ChoosePixelFormat
Rectangle
DeleteDC
SaveDC
GetWorldTransform
BitBlt
FrameRgn
SetWorldTransform
GetDeviceCaps
GetTextExtentPoint32W
PtInRegion
GetClipBox
GetClipRgn
Polyline
IntersectClipRect
CombineTransform
CreateBitmap
CombineRgn
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
GetDIBits
SetStretchBltMode
CreateFontIndirectA
LineTo
GetRgnBox
EnumFontFamiliesW
EnumFontsW
SetWindowExtEx
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
OffsetRgn
SetBkColor
CreateCompatibleDC
GetObjectA
GetDCOrgEx
GetBrushOrgEx
GetCurrentPositionEx
SetDCPenColor
GetNearestPaletteIndex
SetTextAlign
GetTextAlign
CreateRoundRectRgn
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
GetTextFaceW
SetViewportExtEx
SetPixel
PolyPolyline
EnumFontFamiliesExW
StretchDIBits
WidenPath
GetPaletteEntries

magnification

MagSetWindowSource
MagInitialize
MagSetWindowTransform
MagSetImageScalingCallback
MagSetWindowFilterList

mpr

WNetEnumResourceW
WNetGetUniversalNameW
WNetCloseEnum
WNetOpenEnumW

winmm

auxGetNumDevs
waveOutGetDevCapsW
midiOutGetDevCapsW
auxSetVolume
waveOutSetVolume
waveOutGetNumDevs
auxGetDevCapsW
midiOutGetNumDevs
waveOutGetVolume
PlaySoundW
midiOutSetVolume
midiOutGetVolume
auxGetVolume

wininet

InternetCloseHandle
InternetReadFile
InternetOpenW
InternetOpenA
InternetOpenUrlW
InternetOpenUrlA
InternetSetOptionW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_AddMasked
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

DragQueryFileW
SHGetSpecialFolderLocation
Shell_NotifyIconW
DragAcceptFiles
SHGetSpecialFolderPathW
SHCreateShellItem
SHGetPathFromIDListW
ShellExecuteExW
DragFinish
SHGetMalloc
ILCreateFromPathW
SHGetFileInfoW
SHGetFolderPathW
SHGetDesktopFolder
SHChangeNotify
ILFree
SHFileOperationW
SHAppBarMessage
ShellExecuteW
ExtractIconExW

urlmon

URLDownloadToFileW

ole32

RevokeDragDrop
CreateBindCtx
MkParseDisplayName
CoCreateGuid
CoCreateInstance
CoUninitialize
CLSIDFromString
RegisterDragDrop
IsEqualGUID
OleInitialize
ProgIDFromCLSID
CLSIDFromProgID
CoInitializeEx
OleUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
DoDragDrop

iphlpapi

GetExtendedTcpTable
SetTcpEntry

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode
TMethodImplementationIntercept
TMethodImplementationIntercept
__dbk_fcall_wrapper
__dbk_fcall_wrapper
dbkFCallWrapperAddr
dbkFCallWrapperAddr

Sections

.text
Size: 58.6MB - Virtual size: 58.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 817KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 453B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13.2MB - Virtual size: 13.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CSRPS.dll
CSRPS.exe
.exe windows:4 windows x86 arch:x86

c1be74c22b279b64bb64d44a8bbb4a1b

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:fe
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:84:8d:21:4b:8c:9e:d3:9d:1e:26:b7:d7:63:eb:04
Certificate

Issuer

CN=COMODO Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04-08-2011 00:00

Not After

03-08-2014 23:59

Subject

CN=Scooter Software Inc,O=Scooter Software Inc,POSTALCODE=53705,STREET=Ste 112+STREET=2828 Marshall Ct,L=Madison,ST=WI,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

df:a3:95:03:4d:75:1e:69:e1:54:72:21:c9:ba:2c:ba:6c:c0:5a:82
Signer

Actual PE Digest

df:a3:95:03:4d:75:1e:69:e1:54:72:21:c9:ba:2c:ba:6c:c0:5a:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SysAllocString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl
ReportEventW
RegisterEventSourceA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegFlushKey
RegEnumValueW
RegEnumValueA
RegEnumKeyA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegConnectRegistryW
RegConnectRegistryA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
InitializeSecurityDescriptor
GetUserNameW
GetUserNameA
GetTokenInformation
GetSecurityDescriptorControl
FreeSid
DeregisterEventSource
AllocateAndInitializeSid
AdjustTokenPrivileges
CryptGetKeyParam
CryptSetKeyParam
CryptSetProvParam
CryptGetProvParam
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
CryptImportKey
CryptExportKey
CryptReleaseContext
CryptDestroyKey
CryptGetUserKey
CryptAcquireContextA
CryptDecrypt

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExW
CreateWindowExA
wvsprintfA
WindowFromPoint
WaitMessage
VkKeyScanW
ValidateRect
UpdateWindow
UnregisterClassW
UnregisterClassA
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TranslateAcceleratorA
TrackPopupMenu
TileWindows
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowsHookExA
SetWindowTextW
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropA
SetParent
SetMenuItemInfoW
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongA
SetCaretPos
SetCapture
SetActiveWindow
SendNotifyMessageA
SendMessageTimeoutA
SendMessageW
SendMessageA
SendDlgItemMessageA
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassW
RegisterClassA
RedrawWindow
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
OpenInputDesktop
OpenClipboard
OffsetRect
OemToCharBuffA
OemToCharA
MsgWaitForMultipleObjects
MessageBoxW
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyW
MapVirtualKeyA
LockWindowUpdate
LoadStringW
LoadStringA
LoadKeyboardLayoutA
LoadImageA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetUserObjectInformationA
GetUpdateRgn
GetUpdateRect
GetTopWindow
GetThreadDesktop
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageW
GetMessageA
GetMenuStringW
GetMenuStringA
GetMenuState
GetMenuItemInfoW
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameA
GetClipboardData
GetClientRect
GetClassNameW
GetClassNameA
GetClassLongA
GetClassInfoW
GetClassInfoA
GetCaretPos
GetCapture
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DrawCaption
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcW
DefWindowProcA
DefMDIChildProcW
DefMDIChildProcA
DefFrameProcW
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateMDIWindowW
CreateIcon
CreateCaret
CopyImage
CloseDesktop
CloseClipboard
ClipCursor
ClientToScreen
ChildWindowFromPointEx
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CascadeWindows
CallWindowProcW
CallWindowProcA
CallNextHookEx
BringWindowToTop
BeginPaint
BeginDeferWindowPos
AttachThreadInput
AppendMenuW
AppendMenuA
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharUpperA
CharToOemBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
CreateDirectoryA
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrlenW
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpW
lstrcmpA
_lwrite
_lread
_lopen
_llseek
_lcreat
_lclose
WriteProfileStringA
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
WaitForMultipleObjects
VirtualUnlock
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerLanguageNameW
VerLanguageNameA
UnmapViewOfFile
UnlockFile
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetVolumeLabelA
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetFileAttributesA
SetEvent
SetErrorMode
SetEnvironmentVariableW
SetEnvironmentVariableA
SetEndOfFile
SetCurrentDirectoryW
SetCurrentDirectoryA
ResumeThread
ResetEvent
RemoveDirectoryW
RemoveDirectoryA
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
OpenProcess
OpenFileMappingA
MultiByteToWideChar
MulDiv
MoveFileW
MoveFileA
MapViewOfFile
LockResource
LockFileEx
LockFile
LocalSize
LocalFree
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryW
LoadLibraryA
LeaveCriticalSection
LCMapStringA
IsValidCodePage
IsBadReadPtr
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetVolumeInformationW
GetVolumeInformationA
GetVersionExW
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathW
GetTempPathA
GetTempFileNameW
GetTempFileNameA
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDirectoryA
GetStringTypeExW
GetStringTypeExA
GetStdHandle
GetShortPathNameW
GetShortPathNameA
GetProfileStringA
GetProcessHeap
GetProcAddress
GetPrivateProfileStringA
GetPriorityClass
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoW
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileType
GetFileTime
GetFileSize
GetFileInformationByHandle
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableW
GetEnvironmentVariableA
GetDriveTypeW
GetDriveTypeA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetCurrentDirectoryA
GetComputerNameW
GetComputerNameA
GetCommandLineW
GetCommandLineA
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageW
FormatMessageA
FlushInstructionCache
FlushFileBuffers
FindResourceA
FindNextFileW
FindNextFileA
FindNextChangeNotification
FindFirstFileW
FindFirstFileA
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExitThread
ExitProcess
EnumSystemCodePagesA
EnumCalendarInfoA
EnterCriticalSection
DuplicateHandle
DosDateTimeToFileTime
DeviceIoControl
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateThread
CreateSemaphoreA
CreateRemoteThread
CreateProcessW
CreateProcessA
CreatePipe
CreateMutexA
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileA
CompareStringW
CompareStringA
CloseHandle
Beep
Sleep
RtlUnwind
MulDiv
FindFirstChangeNotificationW
FindFirstChangeNotificationA
GetVersionExW

gdi32

UnrealizeObject
TextOutA
StretchDIBits
StretchBlt
StartPage
StartDocA
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetStretchBltMode
SetRectRgn
SetROP2
SetPixelV
SetPixel
SetPaletteEntries
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyPolyline
PlayEnhMetaFile
PatBlt
OffsetClipRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
GetTextExtentPoint32A
GetTextExtentExPointW
GetTextColor
GetTextAlign
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutW
ExtTextOutA
ExtCreatePen
ExcludeClipRect
EnumFontsA
EnumFontFamiliesExA
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICA
CreateHalftonePalette
CreateFontIndirectA
CreateFontA
CreateEnhMetaFileA
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
CloseEnhMetaFile
BitBlt
AbortDoc

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA

mpr

WNetOpenEnumW
WNetOpenEnumA
WNetGetUniversalNameW
WNetGetUniversalNameA
WNetGetLastErrorA
WNetGetConnectionW
WNetGetConnectionA
WNetEnumResourceW
WNetEnumResourceA
WNetCloseEnum
WNetCancelConnection2W
WNetCancelConnection2A
WNetAddConnection3W
WNetAddConnection3A
WNetAddConnection2W
WNetAddConnection2A

ole32

CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
IsAccelerator
ReleaseStgMedium
OleDraw
OleSetMenuDescriptor
OleGetClipboard
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoDisconnectObject
CoGetClassObject
CoUninitialize
CoInitializeEx
CoInitialize
IsEqualGUID
IsEqualGUID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
DoDragDrop
CoCreateGuid

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_LoadImageA
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA

shell32

ShellExecuteExA
ShellExecuteW
ShellExecuteA
SHGetFileInfoA
SHFileOperationW
SHFileOperationA
DragQueryFileW
DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderW
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetMalloc
SHGetDesktopFolder
SHGetInstanceExplorer

comdlg32

PrintDlgA
ChooseFontA
ChooseColorA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA

wsock32

__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
shutdown
setsockopt
sendto
send
select
recvfrom
recv
ntohs
ioctlsocket
inet_ntoa
inet_addr
htons
getsockname
connect
closesocket
bind

imm32

ImmGetVirtualKey

winspool.drv

OpenPrinterA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

winmm

PlaySoundA
mciSendCommandW
mciSendCommandA

crypt32

CertSetCertificateContextProperty
CertGetCertificateContextProperty
CertOpenStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertDeleteCertificateFromStore
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CertCloseStore
CertOpenSystemStoreA

Exports

Exports

madTraceProcess

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 69KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 456B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
unrar.dll
.dll windows:5 windows x86 arch:x86

8172f4807e8cfbadc9f0eaf500b7eb40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\WinRAR\rar\build\unrardll32\Release\unrar.pdb

Imports

kernel32

SetEndOfFile
GetFileType
CreateFileA
CreateFileW
ReadFile
GetStdHandle
WriteFile
GetProcAddress
GetModuleHandleA
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
GetFullPathNameA
DeleteFileA
DeleteFileW
DeviceIoControl
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
SetFilePointer
GetVersionExA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
CompareStringA
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
GetCPInfo
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
MoveFileA
SetFileTime
Sleep
GetCurrentProcess
GetLastError
CloseHandle
FindFirstFileW
GetLocaleInfoA
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
RaiseException
GetModuleHandleW
ExitProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetVersion
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
WriteConsoleW

user32

CharUpperW
CharLowerW
CharLowerA
CharToOemA
CharUpperA
CharToOemBuffA
OemToCharA
OemToCharBuffA

advapi32

SetFileSecurityA
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d1042c294934c68633e048fc30ccdb3

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

user32

oleaut32

advapi32

msvcrt

netapi32

winhttp

kernel32

shfolder

wsock32

gdiplus

gdi32

magnification

mpr

winmm

wininet

winspool.drv

comdlg32

comctl32

shell32

urlmon

ole32

iphlpapi

Exports

Exports

Sections

.text Size: 58.6MB - Virtual size: 58.6MB

.itext Size: 48KB - Virtual size: 48KB

.data Size: 346KB - Virtual size: 346KB

.bss Size: - Virtual size: 817KB

.idata Size: 41KB - Virtual size: 40KB

.didata Size: 5KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 453B

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 13.2MB - Virtual size: 13.2MB

c1be74c22b279b64bb64d44a8bbb4a1b

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:feCertificate

Key Usages

3b:84:8d:21:4b:8c:9e:d3:9d:1e:26:b7:d7:63:eb:04Certificate

Extended Key Usages

Key Usages

df:a3:95:03:4d:75:1e:69:e1:54:72:21:c9:ba:2c:ba:6c:c0:5a:82Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

mpr

ole32

comctl32

wininet

shell32

comdlg32

wsock32

imm32

winspool.drv

winmm

crypt32

.text
Size: 58.6MB - Virtual size: 58.6MB

.itext
Size: 48KB - Virtual size: 48KB

.data
Size: 346KB - Virtual size: 346KB

.bss
Size: - Virtual size: 817KB

.idata
Size: 41KB - Virtual size: 40KB

.didata
Size: 5KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 453B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 13.2MB - Virtual size: 13.2MB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:fe
Certificate

3b:84:8d:21:4b:8c:9e:d3:9d:1e:26:b7:d7:63:eb:04
Certificate

df:a3:95:03:4d:75:1e:69:e1:54:72:21:c9:ba:2c:ba:6c:c0:5a:82
Signer

.text
Size: 6.7MB - Virtual size: 6.7MB

.itext
Size: 31KB - Virtual size: 30KB

.data
Size: 394KB - Virtual size: 393KB

.bss
Size: - Virtual size: 69KB

.idata
Size: 24KB - Virtual size: 23KB

.edata
Size: 512B - Virtual size: 79B

.tls
Size: - Virtual size: 456B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 6KB - Virtual size: 32KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB