remcos | shitty rat and stealer collection NEW![.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

shitty rat and stealer collection NEW!.zip
Size

8.1MB
MD5

db256a79d74671e4d32f9da396a8a7c4
SHA1

ea2317fcf400211338e0bf0d39e92c2c5dfcfb90
SHA256

e36e49e1cea0dd836cfb1dec293f5fc5c7c197c4eb2df035458a6a5d00265137
SHA512

f4f5db220fe7b4cfbb650cd871ca0efcaaf4523de7e0c6ee0ca4a84b316ab4ae3aca250bb47cf3cbcb6b81d62ccfa760f935eec80f27587c61690b4d8d7db39b
SSDEEP

196608:V/S3A3rlandL+7IVhRTYsw18HpZjPDFjQSJrU+u:V/S32rcdbVHbj7llpu

Score

10^/10

remotehost stealer remcos vidar

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

stopeet.camdvr.org:2404

amalar.camdvr.org:2404

prosir.casacam.net:2404

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
abj.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
b2bhdjdhbvduhdi3ed-F3Q5YI
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;

Extracted

Family

vidar

https://t.me/sc1phell

https://steamcommunity.com/profiles/76561199819539662

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
static1/unpack001/noyjhoadw.exe	family_vidar_v7

Remcos family
remcos
Vidar family
vidar

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Enalib.exe
unpack001/RDriver.exe
unpack001/SDriver.exe
unpack001/T.exe
unpack001/e.exe
unpack001/noyjhoadw.exe

Files

shitty rat and stealer collection NEW!.zip
.zip
36.exe
.exe windows:6 windows x86 arch:x86

c67ef5a5a21b6fceb58b3ff6fde243b5

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

26/04/2023, 03:04

Not After

26/04/2026, 03:04

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

db:41:b8:4a:16:46:7c:2f:dc:ba:2f:ea:6d:0d:ca:b2:94:f3:53:50:9b:c6:3a:15:fc:15:b0:4c:a9:96:89:97
Signer

Actual PE Digest

db:41:b8:4a:16:46:7c:2f:dc:ba:2f:ea:6d:0d:ca:b2:94:f3:53:50:9b:c6:3a:15:fc:15:b0:4c:a9:96:89:97

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\目录\2025工作站\主控工程\主控修复上线包\shellcode\注入自身进程\Release\注入自身进程.pdb

Imports

kernel32

CreateThread
GetVersionExA
VirtualAlloc
GetModuleFileNameA
ExitProcess
Process32FirstW
Process32NextW
WriteConsoleW
CreateFileW
ReadConsoleW
GetCurrentProcess
CloseHandle
ReadFile
GetFileSize
CreateToolhelp32Snapshot
CreateFileA
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
MultiByteToWideChar
GetFileAttributesExW
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
DecodePointer

user32

MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
InitializeAcl
SetSecurityInfo

shell32

ShellExecuteExA
ord680

Sections

.text
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Enalib.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\2023CryptsDone\Document_26390\bin\Debug\Secured\Enalib.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RDriver.exe
.exe windows:6 windows x64 arch:x64

c5de145613243b56049bc813390996d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\danie\source\repos\noconsole\x64\Release\noconsole.pdb

Imports

urlmon

URLDownloadToFileW

kernel32

WaitForSingleObject
MultiByteToWideChar
GetLastError
GetModuleFileNameW
ExitProcess
CreateProcessA
FormatMessageA
OutputDebugStringA
WriteConsoleW
CloseHandle
SetFilePointerEx
GetCurrentThreadId
LocalFree
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetModuleHandleW
GetProcAddress
GetFileInformationByHandleEx
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCPInfo
GetModuleHandleExW
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileType
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

shell32

ShellExecuteExW

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDriver.exe
.exe windows:6 windows x86 arch:x86

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 211KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
T.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\2023CryptsDone\Document_26390\bin\Debug\Secured\Enalib.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autoruns.exe
.exe windows:6 windows x86 arch:x86

fc18756ef5e758178da800fd88864516

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:09

Not After

14/11/2024, 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:fe:61:71:c4:fb:54:63:d4:79:62:5a:b9:4b:2c:00:46:a2:24:cf:b3:6c:c9:39:e9:d3:ba:c2:f4:1a:75:de
Signer

Actual PE Digest

99:fe:61:71:c4:fb:54:63:d4:79:62:5a:b9:4b:2c:00:46:a2:24:cf:b3:6c:c9:39:e9:d3:ba:c2:f4:1a:75:de

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\Win32\Release\Autoruns.pdb

Imports

kernel32

ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetConsoleCP
ExitProcess
VirtualProtect
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
FlushFileBuffers
QueryPerformanceCounter
LCMapStringEx
InitOnceBeginInitialize
InitOnceComplete
AcquireSRWLockShared
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetFullPathNameW
GetNativeSystemInfo
IsWow64Process
GetFileTime
QueryDosDeviceW
GetLogicalDrives
SearchPathW
K32GetMappedFileNameW
WaitForMultipleObjects
CreateSemaphoreW
CreateEventW
SetEnvironmentVariableW
FindClose
FindNextFileW
FindFirstFileW
ReleaseSemaphore
SetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
FileTimeToLocalFileTime
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
ReadFile
WriteConsoleW
LocalAlloc
GetFileType
GetStdHandle
GetVersionExW
GetTickCount64
GetSystemDirectoryW
TerminateThread
CreateThread
WaitForSingleObject
WideCharToMultiByte
OpenProcess
Sleep
ExpandEnvironmentStringsW
GetStartupInfoW
CreateProcessW
GetCommandLineW
VerifyVersionInfoW
GetComputerNameW
lstrcmpW
LocalFree
VirtualQuery
GetCurrentProcessId
VerSetConditionMask
MoveFileW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetNumberFormatEx
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GlobalAlloc
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
lstrcmpiW
LoadLibraryExW
SetThreadPriority
GetCurrentThread
ReadConsoleW
DecodePointer
SetCurrentDirectoryW
FormatMessageW
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
lstrlenW
MulDiv
LoadLibraryW
FreeLibrary
GetThreadId
CloseHandle
GetTempPathW
WriteFile
GetTempFileNameW
DeleteFileW
CreateFileW
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalLock
GlobalUnlock

user32

EmptyClipboard
OpenClipboard
SendMessageW
DialogBoxIndirectParamW
CloseClipboard
EnumDisplaySettingsW
FindWindowExW
FindWindowW
SetForegroundWindow
WaitForInputIdle
IsDlgButtonChecked
CheckDlgButton
EnableWindow
GetDlgItemTextW
MonitorFromPoint
IsDialogMessageW
DestroyMenu
SetMenuItemInfoW
GetSysColor
LoadImageW
IsRectEmpty
SetClipboardData
DrawIconEx
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
CheckMenuRadioItem
GetWindowThreadProcessId
GetDesktopWindow
SetRectEmpty
SetRect
WindowFromPoint
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
MessageBeep
AdjustWindowRectEx
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenuEx
DeleteMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
EnableMenuItem
CreatePopupMenu
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetActiveWindow
CharLowerW
GetDlgCtrlID
DialogBoxParamW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
IsMenu
PostQuitMessage
GetMessagePos
DrawFrameControl
DrawEdge
TrackMouseEvent
RegisterWindowMessageW
LoadStringA
EnumChildWindows
MessageBoxW
LoadMenuW
LoadAcceleratorsW
CharNextW
DestroyWindow
IsWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
LoadIconW
GetDlgItem
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
EndDialog
GetAncestor
GetWindowModuleFileNameW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongW
PtInRect
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
GetSystemMetrics
IsWindowEnabled
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetSysColorBrush
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectObject
SetBkColor
ExtTextOutW
SetViewportOrgEx
CreateFontIndirectW
SetBkMode
SetTextColor
GetObjectW
CreateSolidBrush
CreatePen
GetDeviceCaps
GetStockObject
GetTextExtentPoint32W
LineTo
Rectangle
SetTextAlign
MoveToEx
TextOutW
Polyline
CreateBitmap
CreatePatternBrush
GetCurrentObject
CreateDIBSection
Polygon
SetBrushOrgEx
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
PatBlt
ExcludeClipRect

comdlg32

PrintDlgW
ChooseFontW
FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteKeyW
CryptAcquireContextW
CryptReleaseContext
CryptHashData
CryptGetHashParam
RegLoadMUIStringW
LookupPrivilegeValueW
AdjustTokenPrivileges
QueryServiceConfig2W
RegGetValueW
RegOpenKeyW
RegCreateKeyW
RegRenameKey
RegEnumValueW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
ConvertStringSidToSidW
LookupAccountSidW
RegCopyTreeW
RegDeleteTreeW
RegQueryValueExW
ConvertSidToStringSidW
RegLoadKeyW
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
GetServiceDisplayNameW
RegCreateKeyExW
RegCloseKey
CryptDestroyHash
CryptCreateHash

shell32

SHGetStockIconInfo
SHEvaluateSystemCommandTemplate
ExtractIconExW
SHGetKnownFolderPath
ShellExecuteW
ExtractAssociatedIconW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
StringFromGUID2
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StgCreateStorageEx
StgOpenStorageEx
CoInitializeEx

oleaut32

SysStringLen
VariantClear
VariantInit
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

SHCreateStreamOnFileW
SHAutoComplete

comctl32

ImageList_GetImageCount
ImageList_Destroy
ImageList_Draw
ImageList_DrawIndirect
ImageList_WriteEx
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Duplicate
CreateStatusWindowW
ImageList_DragShowNolock
InitCommonControlsEx
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIconSize
ImageList_DrawEx
ImageList_AddMasked
ImageList_Create

uxtheme

IsThemeActive
SetWindowTheme
IsAppThemed

msimg32

GradientFill

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpConnect

crypt32

CertGetNameStringW

Sections

.text
Size: 711KB - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e.exe
.exe windows:5 windows x86 arch:x86

029a987f21e33b48f24d21b6f9ff1129

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
CreateToolhelp32Snapshot
OpenMutexA
Process32NextW
LoadLibraryA
Process32FirstW
GetProcAddress
VirtualProtect
SetLastError
VirtualFree
VirtualAlloc
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
FreeLibrary
IsBadReadPtr
GetTempPathW
OpenProcess
lstrcatW
GetCurrentProcessId
GetTempFileNameW
GetCurrentProcess
GetSystemDirectoryA
GlobalAlloc
GlobalLock
GetTickCount
GlobalUnlock
WriteProcessMemory
ResumeThread
GetThreadContext
VirtualAllocEx
ReadProcessMemory
CreateProcessW
SetThreadContext
LocalAlloc
GlobalFree
MulDiv
SizeofResource
GetLongPathNameW
SetFilePointer
FindResourceA
LockResource
LoadResource
LocalFree
FormatMessageA
GetModuleFileNameA
lstrcpynA
AllocConsole
CreateMutexA
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapSize
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetACP
GetStdHandle
GetModuleHandleExW
MoveFileExW
RtlUnwind
RaiseException
LoadLibraryExW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
CopyFileW
DeleteFileA
ExpandEnvironmentStringsA
FindNextFileA
FindFirstFileA
GetFileSize
TerminateThread
CreateDirectoryW
GetLastError
SetFileAttributesW
GetModuleHandleA
RemoveDirectoryW
MoveFileW
SetFilePointerEx
GetLogicalDriveStringsA
DeleteFileW
GetFileAttributesW
FindClose
lstrlenA
GetDriveTypeA
FindNextFileW
GetFileSizeEx
FindFirstFileW
ExitProcess
CreateProcessA
PeekNamedPipe
CreatePipe
TerminateProcess
ReadFile
HeapFree
HeapCreate
CreateEventA
GetLocalTime
CreateThread
SetEvent
CreateEventW
WaitForSingleObject
Sleep
GetModuleFileNameW
CloseHandle
ExitThread
CreateFileW
WriteFile
QueryPerformanceFrequency
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
DecodePointer
EncodePointer
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
WaitForSingleObjectEx
ResetEvent
SetEndOfFile

user32

SetForegroundWindow
SetClipboardData
EnumWindows
ExitWindowsEx
EmptyClipboard
ShowWindow
SetWindowTextW
MessageBoxW
IsWindowVisible
TranslateMessage
DispatchMessageA
GetMessageA
GetWindowTextW
wsprintfW
GetClipboardData
UnhookWindowsHookEx
GetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout
SetWindowsHookExA
CloseClipboard
OpenClipboard
GetKeyboardState
CallNextHookEx
CloseWindow
SendInput
mouse_event
DrawIcon
GetSystemMetrics
GetIconInfo
SystemParametersInfoW
GetCursorPos
RegisterClassExA
GetKeyboardLayoutNameA
GetWindowTextLengthW
GetKeyState
ToUnicodeEx
AppendMenuA
CreateWindowExA
DefWindowProcA
TrackPopupMenu
CreatePopupMenu

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
StretchBlt
GetDIBits
DeleteDC
DeleteObject
CreateDCA
GetObjectA
SelectObject

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetUserNameW
RegEnumKeyExA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
OpenSCManagerA
ControlService
StartServiceW
QueryServiceConfigW
ChangeServiceConfigW
OpenServiceW
EnumServicesStatusW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyA
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExA
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegSetValueExA
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RegDeleteKeyA

shell32

ShellExecuteW
ShellExecuteExA
Shell_NotifyIconA
ExtractIconA

shlwapi

PathFileExistsW
PathFileExistsA
StrToIntA

winmm

PlaySoundW
mciSendStringA
mciSendStringW
waveInClose
waveInAddBuffer
waveInStart
waveInOpen
waveInUnprepareHeader
waveInPrepareHeader
waveInStop

ws2_32

send
socket
connect
recv
gethostbyname
WSASetLastError
inet_addr
gethostbyaddr
getservbyport
ntohs
getservbyname
htonl
htons
inet_ntoa
closesocket
WSAGetLastError
WSAStartup

urlmon

URLDownloadToFileW
URLOpenBlockingStreamW

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipSaveImageToFile
GdipLoadImageFromStream

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fake jpg shit.lnk
.lnk
fake photo.lnk
.lnk
noyjhoadw.exe
.exe windows:6 windows x86 arch:x86

84ba17106ada936d580064070fd488b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_itoa_s
_splitpath
atexit
free
isupper
malloc
memchr
memcmp
memcpy
memmove
memset
rand
srand
strchr
strcpy
strcpy_s
strlen
strncpy
strstr
strtok_s

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateProcessA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
GetComputerNameA
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetDriveTypeA
GetEnvironmentVariableA
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDriveStringsA
GetLogicalProcessorInformationEx
GetModuleFileNameA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetTickCount
GetTimeZoneInformation
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalSize
HeapAlloc
HeapFree
K32GetModuleFileNameExA
LoadLibraryW
LocalAlloc
LocalFree
OpenEventA
OpenProcess
Process32First
Process32Next
RaiseException
ReadFile
ReadProcessMemory
SetFilePointer
Sleep
SystemTimeToFileTime
TerminateProcess
VirtualQueryEx
WaitForSingleObject
WriteFile
lstrcatA
lstrcpyA
lstrlenA

advapi32

GetCurrentHwProfileA
GetUserNameA
GetUserNameW
RegCloseKey
RegEnumKeyExA
RegGetValueA
RegOpenKeyExA
RegQueryValueExA

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

user32

CharToOemA
CloseDesktop
CloseWindow
CreateDesktopA
EnumDisplayDevicesA
GetDC
GetDesktopWindow
GetKeyboardLayoutList
GetWindowRect
MessageBoxA
OpenDesktopA
ReleaseDC
wsprintfA
wsprintfW

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vsprintf

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteObject
GetDeviceCaps
SelectObject

shell32

SHFileOperationA
SHGetFolderPathA
ShellExecuteExA

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

ws2_32

WSACleanup
WSAStartup
closesocket
connect
freeaddrinfo
getaddrinfo
htons
recv
send
socket

shlwapi

PathFileExistsA
PathMatchSpecA
ord155
ord156
StrStrA

crypt32

CryptBinaryToStringA
CryptUnprotectData

wininet

HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA

bcrypt

BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptDestroyKey
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptSetProperty

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymInitialize
SymMatchString
SymSetOptions

Exports

Exports

_UnhandledExceptionFilter@4

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unins000.exe
.exe windows:6 windows x86 arch:x86

759c48933c0c1dbcbbe95436a5f5c2b6

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:a7:7e:b1:a8:ed:03:ed:84:5d:03:da:67:e8:d7:6e
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

29/06/2023, 00:00

Not After

28/06/2026, 23:59

Subject

CN=Jannis Tobias Petersen,O=Jannis Tobias Petersen,ST=Schleswig-Holstein,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:a7:7e:b1:a8:ed:03:ed:84:5d:03:da:67:e8:d7:6e
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

29/06/2023, 00:00

Not After

28/06/2026, 23:59

Subject

CN=Jannis Tobias Petersen,O=Jannis Tobias Petersen,ST=Schleswig-Holstein,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:f0:d9:63:62:ea:71:1a:c3:78:f8:57:1e:3d:6f:29:ce:9a:12:cc:fb:f8:21:7b:07:2c:36:98:4e:f5:a3:5c
Signer

Actual PE Digest

2b:f0:d9:63:62:ea:71:1a:c3:78:f8:57:1e:3d:6f:29:ce:9a:12:cc:fb:f8:21:7b:07:2c:36:98:4e:f5:a3:5c

Digest Algorithm

sha256

PE Digest Matches

false

1a:73:3e:3a:46:fb:4e:32:5f:64:f7:62:a5:e5:5a:58:ec:64:75:8d
Signer

Actual PE Digest

1a:73:3e:3a:46:fb:4e:32:5f:64:f7:62:a5:e5:5a:58:ec:64:75:8d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetEnumResourceW
WNetGetUniversalNameW
WNetGetConnectionW
WNetCloseEnum
WNetOpenEnumW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

comctl32

FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_Draw
ImageList_Remove

shell32

SHBrowseForFolderW
SHGetMalloc
SHGetFileInfoW
SHChangeNotify
Shell_NotifyIconW
SHAppBarMessage
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW

user32

MoveWindow
CopyImage
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
ScrollWindowEx
GetDlgCtrlID
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
SendMessageA
EnumWindows
ShowOwnedPopups
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
OemToCharBuffA
LoadBitmapW
EnumChildWindows
SendNotifyMessageW
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
ShowCaret
CreatePopupMenu
GetMenuItemID
CharLowerBuffW
PostMessageW
SetWindowLongW
IsZoomed
SetParent
DrawMenuBar
GetClientRect
IsChild
IsIconic
CallNextHookEx
ShowWindow
GetWindowTextW
SetForegroundWindow
IsDialogMessageW
DestroyWindow
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
ExitWindowsEx
GetClassLongW
SetScrollRange
DrawTextW
CharToOemBuffA
PeekMessageA
MessageBeep
SetClassLongW
SetRectEmpty
RemovePropW
GetSubMenu
DestroyIcon
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
SendMessageTimeoutW
LoadStringW
CreateMenu
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
ReplyMessage
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
DrawIconEx
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
ValidateRect
GetCursor
KillTimer
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
CreateWindowExW
GetMessageW
GetDCEx
PeekMessageW
MonitorFromWindow
GetUpdateRect
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
MapVirtualKeyW
OffsetRect
IsWindowUnicode
DispatchMessageW
DefMDIChildProcW
WaitForInputIdle
GetSystemMenu
SetScrollPos
GetScrollPos
DrawFocusRect
ReleaseCapture
LoadCursorW
ScrollWindow
GetLastActivePopup
GetSystemMetrics
CharUpperBuffW
ClientToScreen
SetWindowPlacement
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
DestroyMenu
SetWindowsHookExW
AdjustWindowRectEx
IsWindow
DrawIcon
EnumThreadWindows
InvalidateRect
GetKeyboardState
ScreenToClient
DrawFrameControl
SetCursor
CreateIcon
RemoveMenu
AppendMenuW
GetKeyboardLayoutNameW
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
DestroyCursor
PostQuitMessage
ShowScrollBar
LoadImageW
EnableMenuItem
HideCaret
FindWindowExW
LoadIconW
SystemParametersInfoW
MonitorFromPoint
GetWindow
GetWindowRect
GetWindowLongW
InsertMenuW
IsWindowEnabled
IsDialogMessageA
FindWindowW
GetKeyboardLayout
DeleteMenu

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
LoadTypeLib
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
RegisterTypeLib
VariantChangeType
VariantCopyInd

advapi32

RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
GetUserNameW
RegQueryInfoKeyW
EqualSid
GetTokenInformation
RegCreateKeyExW
SetSecurityDescriptorDacl
RegEnumKeyExW
AdjustTokenPrivileges
RegDeleteKeyW
LookupPrivilegeValueW
RegOpenKeyExW
OpenProcessToken
FreeSid
AllocateAndInitializeSid
RegDeleteValueW
RegFlushKey
RegEnumValueW
RegQueryValueExW
ConvertSidToStringSidW
RegCloseKey
InitializeSecurityDescriptor

msvcrt

memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
SetFileTime
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
SetHandleInformation
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
GetProcessHeap
ExitProcess
HeapAlloc
WriteProfileStringW
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
HeapDestroy
CompareFileTime
ReadFile
CreateProcessW
TransactNamedPipe
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
OpenMutexW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
GetSystemTimeAsFileTime
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetCurrentThread
GetLogicalDrives
LocalFileTimeToFileTime
SetNamedPipeHandleState
LoadLibraryExW
TerminateProcess
LockResource
FileTimeToSystemTime
GetShortPathNameW
GetCurrentThreadId
UnhandledExceptionFilter
MoveFileExW
PeekNamedPipe
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
FlushFileBuffers
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
DeviceIoControl
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
GetSystemDirectoryW
DeleteFileW
FormatMessageA
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateNamedPipeW
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetOverlappedResult
GetSystemDefaultUILanguage
EnumCalendarInfoW
GetProfileStringW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
GetPrivateProfileStringW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

ole32

StgCreateDocfileOnILockBytes
CoCreateInstance
CLSIDFromString
CoUninitialize
IsEqualGUID
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoDisconnectObject
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Arc
Pie
SetBkMode
SelectPalette
CreateCompatibleBitmap
ExcludeClipRect
RectVisible
SetWindowOrgEx
MaskBlt
AngleArc
Chord
SetTextColor
StretchBlt
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
RemoveFontResourceW
GetWindowOrgEx
CreatePalette
CreateBrushIndirect
PatBlt
LineDDA
PolyBezierTo
GetStockObject
CreateSolidBrush
Polygon
Rectangle
MoveToEx
DeleteDC
SaveDC
BitBlt
Ellipse
FrameRgn
GetDeviceCaps
GetBitmapBits
GetTextExtentPoint32W
GetClipBox
Polyline
IntersectClipRect
GetSystemPaletteEntries
CreateBitmap
AddFontResourceW
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
CreatePenIndirect
SetStretchBltMode
GetDIBits
CreateFontIndirectW
PolyBezier
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
SetBkColor
CreateCompatibleDC
GetObjectW
GetBrushOrgEx
GetCurrentPositionEx
SetROP2
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
ArcTo
GdiFlush
SetPixel
EnumFontFamiliesExW
GetPaletteEntries

ntdll

_allshl
_aullshr

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 43KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 88B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
use for bypassing taskmgr block.exe
.exe windows:6 windows x86 arch:x86

dbc825879296e020d5134f3622c3aca0

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:09

Not After

14/11/2024, 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:c8:72:d7:cb:39:ab:cd:04:be:9d:c4:e8:ed:53:49:0d:b2:dd:ed:06:fb:84:a0:ba:c2:56:4b:07:22:03:3a
Signer

Actual PE Digest

98:c8:72:d7:cb:39:ab:cd:04:be:9d:c4:e8:ed:53:49:0d:b2:dd:ed:06:fb:84:a0:ba:c2:56:4b:07:22:03:3a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\__w\1\s\exe\Win32\Release\procexp.pdb

Imports

shlwapi

PathIsNetworkPathW
StrCmpIW
SHAutoComplete
ColorHLSToRGB
ColorRGBToHLS
StrStrIW
ord176
UrlUnescapeW

iphlpapi

GetExtendedTcpTable
GetExtendedUdpTable

ws2_32

WSAStartup
gethostbyaddr
htons
htonl
ntohs
ntohl
getservbyport

mpr

WNetGetConnectionW

comctl32

ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ord17
PropertySheetW
CreateStatusWindowW
ord413
CreatePropertySheetPageW
ImageList_GetIcon
ord410

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

credui

CredUIPromptForCredentialsW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

crypt32

CertDuplicateCertificateContext
CertGetNameStringW

aclui

ord1

powrprof

SetSuspendState
IsPwrSuspendAllowed
IsPwrHibernateAllowed

wtsapi32

WTSDisconnectSession
WTSLogoffSession
WTSFreeMemory
WTSQuerySessionInformationW
WTSSendMessageW
WTSEnumerateSessionsW

uxtheme

DrawThemeBackground
EnableThemeDialogTexture
OpenThemeData
SetWindowTheme
CloseThemeData
GetThemePartSize

ntdll

NtSetInformationProcess
NtOpenSymbolicLinkObject
NtLoadDriver
NtCreateKey
NtOpenKey
NtQuerySymbolicLinkObject
NtQueryObject
NtQuerySemaphore
RtlUnwind
NtQuerySystemInformation
NtQueryEvent
NtQueryMutant
NtQueryInformationProcess
NtQueryInformationThread
NtQuerySection
NtSuspendThread
NtResumeThread
NtSuspendProcess
NtResumeProcess
NtOpenThread
RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
VerSetConditionMask

gdi32

GetDeviceCaps
GetStockObject
LineTo
RectInRegion
SelectClipRgn
SelectObject
GetBkMode
SetDCPenColor
SetBkMode
SetTextColor
GetTextMetricsW
MoveToEx
Polyline
ExtTextOutW
SetViewportOrgEx
CreateFontIndirectW
GetTextExtentPoint32W
Rectangle
SetTextAlign
TextOutW
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
CreateBitmap
CreatePatternBrush
ExcludeClipRect
GetCurrentObject
PatBlt
Polygon
GetTextExtentExPointW
RestoreDC
SaveDC
SetROP2
GetBkColor
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
GetObjectW
CreateDIBSection
SetBkColor

comdlg32

PrintDlgW
ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW
FindTextW

kernel32

GetLongPathNameW
WriteFile
CloseHandle
GetLastError
SetErrorMode
InitializeCriticalSection
Sleep
GetCurrentProcess
ExitThread
TlsAlloc
TlsSetValue
CreateProcessW
OpenProcess
GetVersion
GetSystemWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
IsWow64Process
GetSystemWow64DirectoryW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LocalFree
FormatMessageA
lstrlenW
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetNumberFormatW
CreateToolhelp32Snapshot
ExitProcess
Process32NextW
FindFirstFileW
GetFileAttributesW
GetPrivateProfileStringW
FreeLibrary
LoadLibraryExW
ReadFile
MultiByteToWideChar
FindClose
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
GetCurrentThread
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
CreateThread
GetExitCodeThread
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
SetLastError
GetVersionExW
GetFileSizeEx
LoadLibraryW
GetTickCount
MulDiv
GlobalAddAtomW
GetFileTime
GlobalUnlock
GlobalLock
GetPrivateProfileIntW
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentThreadId
DeleteFileW
GetTempFileNameW
GetTempPathW
GetThreadId
FormatMessageW
GetCommandLineW
GetFileType
LocalAlloc
TerminateThread
GlobalReAlloc
Module32FirstW
Module32NextW
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
IsBadStringPtrW
OpenEventW
VerifyVersionInfoW
GetEnvironmentVariableW
ReadProcessMemory
lstrcmpiW
GetSystemDirectoryW
SearchPathW
SetFilePointer
GetCurrentProcessId
IsProcessorFeaturePresent
VirtualQueryEx
OpenThread
ResumeThread
GetThreadContext
Thread32First
Thread32Next
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
IsBadReadPtr
TerminateProcess
SetPriorityClass
ProcessIdToSessionId
GetProcessId
GlobalMemoryStatusEx
GetLogicalProcessorInformation
SetProcessWorkingSetSize
GlobalFree
PulseEvent
GetComputerNameW
WTSGetActiveConsoleSessionId
GetCurrentDirectoryW
GetDriveTypeW
OutputDebugStringW
DuplicateHandle
DeviceIoControl
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
TrySubmitThreadpoolCallback
IsProcessInJob
CreateJobObjectW
QueryInformationJobObject
GetThreadGroupAffinity
SetThreadGroupAffinity
GlobalMemoryStatus
GetProcessAffinityMask
SetProcessAffinityMask
GetActiveProcessorGroupCount
GetActiveProcessorCount
WideCharToMultiByte
K32GetModuleFileNameExW
K32GetMappedFileNameW
K32QueryWorkingSet
DecodePointer
GetStartupInfoW
GetThreadIdealProcessorEx
GetTickCount64
QueryThreadCycleTime
SystemTimeToTzSpecificLocalTime
GetNativeSystemInfo
GetConsoleCP
LCMapStringEx
GetStringTypeW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetSystemInfo
VirtualProtect
VirtualQuery
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
GetFileSize
FileTimeToLocalFileTime
CreateFileW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetStdHandle
TlsGetValue
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetCPInfo
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibraryAndExitThread
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
SetEndOfFile
WriteConsoleW
GetFullPathNameW
GlobalAlloc
GetModuleHandleExW
Process32FirstW

user32

AllowSetForegroundWindow
AdjustWindowRectEx
MessageBeep
SetCursorPos
ClientToScreen
WindowFromPoint
SetRectEmpty
GetDesktopWindow
GetWindow
CheckMenuRadioItem
MonitorFromPoint
GetWindowPlacement
CheckDlgButton
IsDlgButtonChecked
EnableWindow
ModifyMenuW
TrackPopupMenu
SetMenuInfo
InvalidateRgn
EnumWindows
CopyAcceleratorTableW
TranslateAcceleratorW
DrawMenuBar
IsDialogMessageW
GetMenuBarInfo
ShowWindowAsync
IsIconic
EndTask
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ExitWindowsEx
SetLayeredWindowAttributes
CreateDialogParamW
GetDlgItemTextW
CreateMenu
GetMenuInfo
EndMenu
LoadIconW
LockWorkStation
IsHungAppWindow
SendMessageTimeoutW
SetDlgItemInt
CheckRadioButton
MsgWaitForMultipleObjects
GetGuiResources
CharNextW
SetMenuDefaultItem
GetMenuItemInfoW
TrackPopupMenuEx
RemoveMenu
AppendMenuW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
CreatePopupMenu
GetMenuStringW
LoadMenuW
LoadAcceleratorsW
GetDlgCtrlID
SetWindowPlacement
IsWindow
PostQuitMessage
GetMessagePos
PeekMessageW
DrawEdge
TrackMouseEvent
LoadStringA
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
CreateIconIndirect
DestroyWindow
EnumChildWindows
UnionRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DrawFrameControl
DialogBoxParamW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetAncestor
GetWindowModuleFileNameW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongW
PtInRect
FrameRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
GetWindowDC
IsWindowEnabled
IsZoomed
IsWindowVisible
MoveWindow
IsChild
GetSysColorBrush
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
KillTimer
GetClassInfoExW
UnregisterClassW
DrawIconEx
GetSysColor
SetMenuItemInfoW
DestroyMenu
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetScrollInfo
SetScrollInfo
GetClassLongW
SetWindowLongW
GetWindowLongW
OffsetRect
IntersectRect
InflateRect
CopyRect
SetRect
FillRect
MapWindowPoints
GetCursorPos
GetWindowRect
GetClientRect
GetPropW
SetPropW
ScrollWindowEx
ValidateRect
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
SetTimer
SendMessageW
WaitForInputIdle
ShowWindow
SetFocus
GetSystemMetrics
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
DeleteMenu
SetForegroundWindow
ReleaseCapture
SetCapture
GetKeyState
GetFocus
SetWindowPos
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetParent
SetDlgItemTextW
PostMessageW
LoadStringW
ReleaseDC
GetDC
EnumDisplaySettingsW
LoadImageW
DestroyIcon
LoadCursorW
MessageBoxW
SetCursor
FindWindowW
FindWindowExW
GetWindowThreadProcessId
GetCapture

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
DuplicateTokenEx
EqualSid
FreeSid
GetTokenInformation
ImpersonateLoggedOnUser
CreateRestrictedToken
GetAce
GetSidIdentifierAuthority
RevertToSelf
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeAcl
IsValidSid
SetTokenInformation
GetSecurityInfo
SetSecurityInfo
LookupAccountSidW
LookupAccountNameW
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaEnumerateAccountRights
ConvertSidToStringSidW
FlushTraceW
RegConnectRegistryW
CreateProcessAsUserW
GetKernelObjectSecurity
OpenProcessToken
LookupPrivilegeNameW
EnumServicesStatusExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegEnumKeyExW
SetEntriesInAclW
AddAccessAllowedAce
QueryServiceConfigW
GetLengthSid
CopySid
CloseTrace
ProcessTrace
OpenTraceW
ControlTraceW
StartTraceW
SetServiceObjectSecurity
QueryServiceObjectSecurity
LookupPrivilegeValueW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
MapGenericMask
RegGetValueW
RegCreateKeyW
StartServiceW
QueryServiceStatus
ControlService
QueryServiceConfig2W
SetKernelObjectSecurity
RegCloseKey
OpenServiceW
OpenSCManagerW
RegLoadKeyW
RegOpenKeyW
RegOpenKeyExW
GetServiceDisplayNameW
CloseServiceHandle
RegDeleteValueW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueW
RegUnLoadKeyW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
AddAce

shell32

Shell_NotifyIconW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ExtractAssociatedIconW
ShellExecuteW
SHBrowseForFolderW
ExtractIconExW
SHGetStockIconInfo
SHGetFolderPathW
SHGetFileInfoW

ole32

CoInitialize
CoSetProxyBlanket
CoGetInterfaceAndReleaseStream
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoUninitialize

oleaut32

SafeArrayGetElement
VarUI4FromStr
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SysAllocString
SysFreeString
SafeArrayGetUBound
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SafeArrayDestroy

msimg32

GradientFill

dwmapi

DwmDefWindowProc
DwmSetWindowAttribute

winhttp

WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpReadData
WinHttpCloseHandle
WinHttpConnect

Sections

.text
Size: 990KB - Virtual size: 990KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

c67ef5a5a21b6fceb58b3ff6fde243b5

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

29:5b:f8:6e:85:26:53:40:33:13:83:7bCertificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

db:41:b8:4a:16:46:7c:2f:dc:ba:2f:ea:6d:0d:ca:b2:94:f3:53:50:9b:c6:3a:15:fc:15:b0:4c:a9:96:89:97Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 298KB - Virtual size: 298KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 569KB - Virtual size: 568KB

.reloc Size: 9KB - Virtual size: 9KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 23KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

c5de145613243b56049bc813390996d0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

kernel32

advapi32

shell32

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 2KB - Virtual size: 1KB

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 211KB - Virtual size: 390KB

.idata Size: 1024B - Virtual size: 988B

.reloc Size: 99KB - Virtual size: 99KB

.symtab Size: 512B - Virtual size: 4B

.rsrc Size: 499KB - Virtual size: 498KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

db:41:b8:4a:16:46:7c:2f:dc:ba:2f:ea:6d:0d:ca:b2:94:f3:53:50:9b:c6:3a:15:fc:15:b0:4c:a9:96:89:97
Signer

.text
Size: 298KB - Virtual size: 298KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 569KB - Virtual size: 568KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 211KB - Virtual size: 390KB

.idata
Size: 1024B - Virtual size: 988B

.reloc
Size: 99KB - Virtual size: 99KB

.symtab
Size: 512B - Virtual size: 4B

.rsrc
Size: 499KB - Virtual size: 498KB

.text
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

99:fe:61:71:c4:fb:54:63:d4:79:62:5a:b9:4b:2c:00:46:a2:24:cf:b3:6c:c9:39:e9:d3:ba:c2:f4:1a:75:de
Signer

.text
Size: 711KB - Virtual size: 711KB

.rdata
Size: 196KB - Virtual size: 196KB

.data
Size: 30KB - Virtual size: 106KB

.rsrc
Size: 727KB - Virtual size: 726KB

.reloc
Size: 41KB - Virtual size: 40KB

.text
Size: 331KB - Virtual size: 330KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 3KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 1024B - Virtual size: 560B

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 14KB - Virtual size: 14KB