Google aIc Browser v1[.]4[.]1[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Google aIc Browser v1.4.1.exe
Size

83.8MB
MD5

d62de6a53a4ab61def2c33c19423fe75
SHA1

24607d81474572149837d2c06b644e328997080e
SHA256

0efc7a12733cab4458e5ffaec5060e2bc8269e198fe03e8b81e78fd3f923a3dd
SHA512

b9eb33a6b082c6f193e97d65f0ea8a01b5a66a43181e3cc2d0d469aa4e72113747c531e03a3fb55ac80131547bb84def346c34a6355d0b6915b009ad1e846908
SSDEEP

1572864:gnU4QJmFhXw6H2Pso8/5Cik3D7Mg0BoQ5QzR0FT3x0YH4eJl21MyV0q0EFxrBY:gn93Flw6H2PO5CikEg0BoQLFFZ4eJYfM

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
Google aIc Browser v1.4.1.exe
unpack001/$APPDATA/TrustAsia/Update.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll

Files

Google aIc Browser v1.4.1.exe
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/TrustAsia/Config.ini
$APPDATA/TrustAsia/Logs.vbs
.vbs
$APPDATA/TrustAsia/TrustAsia.ps1
.ps1
$APPDATA/TrustAsia/Update.dll
.dll windows:6 windows x86 arch:x86

fdf596f51b14bd5470733928cb7d0821

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringA
CompareStringW
CopyFileW
CreateFileA
CreateFileW
CreateMutexA
CreateThread
DecodePointer
DeleteCriticalSection
DeleteFileA
DeleteFileW
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProfileIntW
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetTickCount64
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapDestroy
HeapFree
HeapQueryInformation
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockFileEx
LockResource
MulDiv
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResumeThread
RtlUnwind
SearchPathW
SetEndOfFile
SetEnvironmentVariableW
SetFilePointer
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WritePrivateProfileStringW
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyW

user32

AdjustWindowRectEx
AppendMenuW
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
CharUpperBuffW
CharUpperW
CheckDlgButton
CheckMenuItem
ClientToScreen
CloseClipboard
CopyAcceleratorTableW
CopyIcon
CopyImage
CopyRect
CreateAcceleratorTableW
CreateDialogIndirectParamW
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawStateW
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EnumChildWindows
EnumDisplayMonitors
EqualRect
FillRect
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetComboBoxInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuCheckMarkDimensions
GetMenuDefaultItem
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoW
GetNextDlgGroupItem
GetNextDlgTabItem
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
GrayStringW
HideCaret
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
InvertRect
IsCharLowerW
IsChild
IsClipboardFormatAvailable
IsDialogMessageW
IsIconic
IsMenu
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsW
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
LockWindowUpdate
MapDialogRect
MapVirtualKeyExW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
ModifyMenuW
MonitorFromPoint
MonitorFromWindow
MoveWindow
NotifyWinEvent
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RealChildWindowFromPoint
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ReuseDDElParam
ScreenToClient
ScrollWindow
SendDlgItemMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetRectEmpty
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowOwnedPopups
ShowScrollBar
ShowWindow
SubtractRect
SystemParametersInfoW
TabbedTextOutW
ToUnicodeEx
TrackMouseEvent
TrackPopupMenu
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnpackDDElParam
UnregisterClassW
UpdateLayeredWindow
UpdateWindow
ValidateRect
WaitMessage
WinHelpW
WindowFromPoint

gdi32

BitBlt
CombineRgn
CopyMetaFileW
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateEllipticRgn
CreateFontIndirectW
CreateHatchBrush
CreatePalette
CreatePatternBrush
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
Ellipse
EnumFontFamiliesExW
EnumFontFamiliesW
Escape
ExcludeClipRect
ExtFloodFill
ExtSelectClipRgn
ExtTextOutW
FillRgn
FrameRgn
GetBkColor
GetBoundsRect
GetClipBox
GetDIBits
GetDeviceCaps
GetLayout
GetNearestPaletteIndex
GetObjectType
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextCharsetInfo
GetTextColor
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MoveToEx
OffsetRgn
OffsetViewportOrgEx
OffsetWindowOrgEx
PatBlt
Polygon
Polyline
PtInRegion
PtVisible
RealizePalette
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetDIBColorTable
SetLayout
SetMapMode
SetPaletteEntries
SetPixel
SetPixelV
SetPolyFillMode
SetROP2
SetRectRgn
SetTextAlign
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StretchBlt
TextOutW

shell32

DragFinish
DragQueryFileW
SHAppBarMessage
SHBrowseForFolderW
SHGetDesktopFolder
SHGetFileInfoW
SHGetFolderPathA
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW

gdiplus

GdipAlloc
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipDeleteGraphics
GdipDisposeImage
GdipDrawImageI
GdipDrawImageRectI
GdipFree
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageWidth
GdipSetInterpolationMode
GdiplusShutdown
GdiplusStartup

uxtheme

CloseThemeData
DrawThemeBackground
DrawThemeParentBackground
DrawThemeText
GetCurrentThemeName
GetThemeColor
GetThemePartSize
GetThemeSysColor
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
OpenThemeData

msimg32

AlphaBlend
TransparentBlt

ole32

CoCreateGuid
CoCreateInstance
CoDisconnectObject
CoInitialize
CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
DoDragDrop
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleDuplicateData
OleGetClipboard
OleLockRunning
OleTranslateAccelerator
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

oleaut32

LoadTypeLi
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
SystemTimeToVariantTime
VarBstrFromDate
VariantChangeType
VariantClear
VariantCopy
VariantInit
VariantTimeToSystemTime

ws2_32

WSACleanup
WSASetLastError
WSAStartup

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueW
RegSetValueExW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathRemoveFileSpecW
PathStripToRootW
StrFormatKBSizeW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

winmm

PlaySoundW

Exports

Exports

UpdateMain

Sections

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 986KB - Virtual size: 985KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

rdatas
Size: 78.3MB - Virtual size: 78.3MB

IMAGE_SCN_MEM_READ
$LOCALAPPDATA/Config.ini
$LOCALAPPDATA/Protected.ini
$LOCALAPPDATA/Protected.json
$LOCALAPPDATA/SGuardSvc32.exe
.exe windows:4 windows x86 arch:x86

086a7325b37d216501ba79c81c613cc6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

20:3f:e7:f9:6a:9f:a7:44:bf:b3:13:83:b3:d4:39:3c:99:e9:36:d1
Signer

Actual PE Digest

20:3f:e7:f9:6a:9f:a7:44:bf:b3:13:83:b3:d4:39:3c:99:e9:36:d1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\vqq_debug\release\pdb\QQWubiFace.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

kernel32

CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
DeviceIoControl
ProcessIdToSessionId
GlobalFree
GetDriveTypeW
SetEndOfFile
CreateDirectoryW
GetFileType
FreeEnvironmentStringsA
GetCurrentDirectoryA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
HeapCreate
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
LCMapStringW
LCMapStringA
GetPrivateProfileStringW
GetModuleHandleA
RtlUnwind
GetStartupInfoW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
GetPrivateProfileIntW
GetCPInfo
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
GetEnvironmentStrings
CompareStringW
SetEnvironmentVariableA
GetFullPathNameW
CreateMutexW
OpenMutexW
LocalFree
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetTickCount
FindNextFileW
GetFileAttributesW
DeleteCriticalSection
InitializeCriticalSection
GetFileSize
CopyFileW
GetProcAddress
LoadLibraryW
SetFilePointer
GetCurrentProcessId
DeleteFileW
GetModuleFileNameA
WriteFile
VirtualQueryEx
GetVersionExW
WritePrivateProfileStringW
CreateFileA
ReadProcessMemory
SetUnhandledExceptionFilter
FreeLibrary
VirtualQuery
GetCurrentThread
GetThreadSelectorEntry
GetCommandLineW
GetLongPathNameW
GetModuleFileNameW
TerminateThread
MultiByteToWideChar
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
RaiseException
SetLastError
InterlockedDecrement
FindClose
FindFirstFileW
InterlockedIncrement
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
Sleep
CreateThread
CloseHandle
ReadFile
CreateFileW
GetLastError
ReleaseMutex
WaitForSingleObject
GetDriveTypeA
ExitProcess

user32

OffsetRect
RegisterClassExW
GetClassInfoExW
UnregisterClassW
DefWindowProcW
FillRect
WindowFromPoint
RegisterClipboardFormatW
GetClipboardData
MonitorFromPoint
GetMonitorInfoW
SetPropW
ShowScrollBar
SetScrollInfo
GetParent
GetDesktopWindow
GetWindow
GetPropW
ScrollWindow
SetScrollPos
DispatchMessageW
TranslateMessage
GetMessageW
SystemParametersInfoW
SetForegroundWindow
IsIconic
IsWindowVisible
GetWindowLongW
GetDlgItem
LoadImageW
UnregisterClassA
SendMessageW
SetWindowTextW
LoadIconW
CopyRect
DestroyIcon
DestroyWindow
LoadBitmapW
SetWindowPos
ShowCursor
IsWindow
CreateWindowExW
GetCapture
ShowWindow
CreateDialogParamW
SetWindowRgn
MoveWindow
EnableWindow
CloseClipboard
ClientToScreen
EmptyClipboard
OpenClipboard
PtInRect
GetCursorPos
GetWindowRect
ScreenToClient
EndPaint
GetDC
BeginPaint
GetClientRect
PostQuitMessage
DrawTextW
KillTimer
SetTimer
UpdateWindow
InvalidateRect
TrackMouseEvent
LoadCursorW
SendInput
ReleaseDC
SetCursor
GetMessageExtraInfo
EnumClipboardFormats
SetWindowLongW
SetClipboardData

gdi32

GetDeviceCaps
CreateDIBSection
GetClipBox
SaveDC
CreateFontIndirectW
StretchBlt
GetStockObject
GetObjectW
SetTextColor
SetBkMode
CreateRoundRectRgn
CreatePen
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBkColor
CreateFontW
ExtTextOutW
DeleteDC
LineTo
DeleteObject
MoveToEx
CreateSolidBrush
SetDIBitsToDevice
SetStretchBltMode
GetDIBits
RestoreDC
BitBlt

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityInfo
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExA
LookupAccountSidW
ConvertSidToStringSidW
LookupAccountNameW
RegQueryValueExA
OpenProcessToken

shell32

SHCreateDirectoryExW
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CreateILockBytesOnHGlobal
StgOpenStorage
CoUninitialize
CoCreateGuid
CoInitialize
StgOpenStorageOnILockBytes
CoTaskMemFree
StgCreateDocfile

shlwapi

PathRemoveFileSpecW
PathFileExistsW

comctl32

ord17
_TrackMouseEvent

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAStartup
sendto
gethostbyname
closesocket
socket
htons
WSACleanup

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

Sections

.text
Size: 584KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

85f08eb0cbec010ecbc287fa68321173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
GetPrivateProfileIntW
SetFilePointer
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
GetPrivateProfileStringW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
WriteFile
GlobalAlloc

user32

PtInRect
LoadCursorW
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
MapWindowPoints

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

68b7023f8923dd087549802f8fa631c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

CharNextExA
CharNextW
CharPrevW
FindWindowExW
wsprintfW
SendMessageW

kernel32

GetCommandLineW
lstrcpynW
ExitProcess
GetCurrentProcess
GetModuleHandleA
GetProcAddress
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreatePipe
GetVersion
DeleteFileW
lstrcmpiW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CheomrSetup.exe
.exe windows:10 windows x86 arch:x86

629647668f0ee0bc0ee3b9e8a647678e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:50:cf:24:6b:26:3e:fd:85:a7:29:31:51:58:f3:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/04/2024, 00:00

Not After

10/04/2027, 23:59

Subject

SERIALNUMBER=3582691,CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=Dummy issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

1c:29:88:db:6e:30:1f:5a:19:a7:3a:52:75:4d:eb:bc:f6:37:69:8e:04:88:dc:a8:66:40:96:56:2b:97:44:25
Signer

Actual PE Digest

1c:29:88:db:6e:30:1f:5a:19:a7:3a:52:75:4d:eb:bc:f6:37:69:8e:04:88:dc:a8:66:40:96:56:2b:97:44:25

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

UpdaterSetup.exe.pdb

Imports

advapi32

AddAce
AdjustTokenPrivileges
AllocateAndInitializeSid
BuildTrusteeWithSidW
ChangeServiceConfig2W
ChangeServiceConfigW
CheckTokenMembership
CloseServiceHandle
ConvertSidToStringSidW
ConvertStringSidToSidW
CopySid
CreateProcessAsUserW
CreateProcessWithTokenW
CreateServiceW
DeleteService
DuplicateTokenEx
EqualSid
FreeSid
GetAce
GetAclInformation
GetLengthSid
GetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityInfo
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
ImpersonateLoggedOnUser
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
LookupAccountSidW
LookupPrivilegeValueW
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
OpenSCManagerW
OpenServiceW
OpenThreadToken
QueryServiceConfigW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegisterTraceGuidsW
RevertToSelf
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityInfo
TraceEvent
UnregisterTraceGuids

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

oleaut32

LoadTypeLi
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayUnaccessData
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysStringLen
SystemTimeToVariantTime
VariantClear

shell32

CommandLineToArgvW
ord680
SHGetFolderPathW
SHGetKnownFolderPath
ShellExecuteExW

shlwapi

ord437
PathMatchSpecW

user32

AllowSetForegroundWindow
CharUpperW
CreateDialogParamW
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
GetActiveWindow
GetClientRect
GetMessageW
GetMonitorInfoW
GetParent
GetQueueStatus
GetShellWindow
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowThreadProcessId
KillTimer
LoadImageW
MapWindowPoints
MessageBoxExW
MonitorFromWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostQuitMessage
RegisterClassExW
SendMessageW
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
TranslateMessage
UnregisterClassW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AssignProcessToJobObject
CloseHandle
CompareStringW
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FindResourceW
FlushFileBuffers
FlushInstructionCache
FlushViewOfFile
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessMitigationPolicy
GetProcessTimes
GetProductInfo
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTimePreciseAsFileTime
GetTempPathW
GetThreadId
GetThreadPreferredUILanguages
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserPreferredUILanguages
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalMemoryStatusEx
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetModuleInformation
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalFree
LockFileEx
LockResource
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
PostQueuedCompletionStatus
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
ReplaceFileW
ResetEvent
RtlCaptureStackBackTrace
RtlUnwind
SetCurrentDirectoryW
SetDefaultDllDirectories
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetInformationJobObject
SetLastError
SetProcessWorkingSetSize
SetStdHandle
SetThreadInformation
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnlockFileEx
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpiW

ole32

CoAddRefServerProcess
CoCreateInstance
CoGetCallContext
CoInitializeEx
CoRegisterClassObject
CoRegisterInitializeSpy
CoReleaseServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRevokeInitializeSpy
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
IIDFromString
StringFromGUID2

ntdll

NtDeleteKey

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
EnterCriticalPolicySection
LeaveCriticalPolicySection
UnloadUserProfile

secur32

GetUserNameExW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpSetStatusCallback

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 621KB - Virtual size: 621KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 345B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

malloc_h
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 126KB

.ndata Size: - Virtual size: 72KB

.rsrc Size: 18KB - Virtual size: 17KB

fdf596f51b14bd5470733928cb7d0821

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

gdiplus

uxtheme

msimg32

ole32

oleaut32

ws2_32

advapi32

shlwapi

winspool.drv

imm32

oleacc

winmm

Exports

Exports

Sections

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 23KB - Virtual size: 41KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 986KB - Virtual size: 985KB

.reloc Size: 140KB - Virtual size: 139KB

rdatas Size: 78.3MB - Virtual size: 78.3MB

086a7325b37d216501ba79c81c613cc6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

20:3f:e7:f9:6a:9f:a7:44:bf:b3:13:83:b3:d4:39:3c:99:e9:36:d1Signer

Headers

File Characteristics

PDB Paths

Imports

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 72KB

.rsrc
Size: 18KB - Virtual size: 17KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 23KB - Virtual size: 41KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 986KB - Virtual size: 985KB

.reloc
Size: 140KB - Virtual size: 139KB

rdatas
Size: 78.3MB - Virtual size: 78.3MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

20:3f:e7:f9:6a:9f:a7:44:bf:b3:13:83:b3:d4:39:3c:99:e9:36:d1
Signer

.text
Size: 584KB - Virtual size: 582KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate