cheon_H4[.]03-X64[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

cheon_H4.03-X64.exe
Size

88.8MB
MD5

ce1d8c9970b30019e5b35b7ba968107b
SHA1

b1e0898deac62e2a763bbd67e973c60d1d2b7267
SHA256

9c0f551fa5e93c3f30c90d89f49d811296f84cdb17c45c005559125c275fb7b7
SHA512

1742082598e15065880915168f9958b7ca7b2b8232047836d3f67a78538eec9ed21618c8f5e1b60f321e08a381162aeca3227ff0150cce688ef350b438f9cc2d
SSDEEP

1572864:4W3kvckR7qEWlVaDkRqDX4beH5HY+9OY0AbOb84I8FalUxTv1+:4WtW7jCcIqWeH6SOVXI8Fai1+

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
cheon_H4.03-X64.exe
unpack001/$APPDATA/TrustAsia/Update.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll

Files

cheon_H4.03-X64.exe
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/TrustAsia/Config.ini
$APPDATA/TrustAsia/Config2.ini
$APPDATA/TrustAsia/Logs.vbs
.vbs
$APPDATA/TrustAsia/TrustAsia.ps1
.ps1
$APPDATA/TrustAsia/Update.dll
.dll windows:6 windows x86 arch:x86

d181040a9e213eccfb043c56a4a65076

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetStdHandle
GetFileType
SetStdHandle
HeapQueryInformation
QueryPerformanceFrequency
VirtualQuery
GetSystemInfo
FindNextFileW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringEx
RaiseException
OutputDebugStringW
FindFirstFileExW
IsValidCodePage
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
GetOEMCP
ReleaseSRWLockExclusive
GetWindowsDirectoryW
FindResourceExW
GetUserDefaultLCID
GetTempFileNameW
Sleep
SearchPathW
GetProfileIntW
GetTickCount64
GetTempPathW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
lstrcmpiW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
VirtualProtect
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
VerifyVersionInfoW
VerSetConditionMask
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryW
GlobalReAlloc
GetFileSize
GetFileAttributesW
CreateFileW
lstrcpyW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
MultiByteToWideChar
lstrcmpA
GetVersionExW
GetCurrentThread
ResumeThread
SetThreadPriority
WaitForSingleObject
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalFree
GlobalSize
GlobalAlloc
WideCharToMultiByte
GlobalGetAtomNameW
GlobalLock
GlobalUnlock
GetCurrentProcessId
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryA
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
SetLastError
EncodePointer
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
LockFileEx
CloseHandle
DeleteFileA
CreateFileA
GetFileAttributesA
CreateMutexA
UnlockFileEx
VirtualAlloc
VirtualFree
HeapFree
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetCommandLineW
WriteConsoleW

user32

KillTimer
SetTimer
WaitMessage
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageW
DrawStateW
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
DestroyCursor
InflateRect
ClientToScreen
GetCursorPos
SetCursorPos
ReleaseDC
GetDC
SetCapture
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
ReuseDDElParam
UnpackDDElParam
LoadImageW
DestroyIcon
GetWindowThreadProcessId
GetDesktopWindow
IntersectRect
SetCursor
InvalidateRect
InsertMenuItemW
DestroyMenu
CreatePopupMenu
TranslateAcceleratorW
ReleaseCapture
GetActiveWindow
BringWindowToTop
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
CreateDialogIndirectParamW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetClassNameW
SetWindowLongW
GetWindowLongW
PtInRect
DestroyAcceleratorTable
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
SetClassLongW
DrawFrameControl
GetMenuItemInfoW
SendMessageW
EnableWindow
LoadCursorW
UpdateWindow
SetActiveWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
EndDialog
GetNextDlgTabItem
MessageBeep
SystemParametersInfoW
MonitorFromPoint
PostThreadMessageW
TrackMouseEvent
CharUpperW
GetAsyncKeyState
GetSystemMenu
DeleteMenu
WindowFromPoint
NotifyWinEvent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CopyImage
CharUpperBuffW
LockWindowUpdate
UpdateLayeredWindow
EnableScrollBar
LoadAcceleratorsW
LoadMenuW
MessageBoxA
RegisterWindowMessageW
PostMessageW
IsWindow
DestroyWindow
IsWindowVisible
SetRect
IsIconic
IsZoomed
GetCapture
GetSystemMetrics
SetForegroundWindow
SetWindowRgn
RedrawWindow
GetClientRect
GetWindowRect
SetRectEmpty
CopyRect
OffsetRect
IsRectEmpty
GetClassLongW
GetParent
SetParent
GetTopWindow
GetWindow
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
ModifyMenuW
SetLayeredWindowAttributes
GetSysColorBrush
EnumDisplayMonitors
UnionRect
DrawEdge
DrawFocusRect
DrawIconEx
InvertRect
HideCaret
GetWindowRgn
MapVirtualKeyExW
IsCharLowerW
CreateMenu
GetDoubleClickTime
GetComboBoxInfo
GetUpdateRect
SubtractRect
IsClipboardFormatAvailable
GetNextDlgGroupItem
FrameRect
CopyIcon
GetIconInfo
SetMenuDefaultItem
GetMenuDefaultItem
RegisterClipboardFormatW
EnumChildWindows
CopyAcceleratorTableW
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawIcon
MapVirtualKeyW
GetKeyNameTextW
MapDialogRect
RealChildWindowFromPoint
SendDlgItemMessageA
EqualRect

gdi32

BitBlt
CreateHatchBrush
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
CreateBitmap
ScaleWindowExtEx
GetTextExtentPoint32W
CreateRoundRectRgn
CombineRgn
GetDIBits
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
CreateDIBitmap
CreateFontIndirectW
CreateRectRgnIndirect
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
SetRectRgn
DPtoLP
LPtoDP
GetRgnBox
OffsetRgn
Rectangle
CreatePalette
GetPaletteEntries
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
EnumFontFamiliesExW
GetNearestPaletteIndex
GetSystemPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
RoundRect
GetTextFaceW
SetPixelV
PatBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateCompatibleBitmap
SetTextColor
SetBkColor
GetObjectW
CreateDIBSection
SelectObject
DeleteObject
CreateCompatibleDC
ScaleViewportExtEx
CreatePen
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

DragQueryFileW
DragFinish
SHAppBarMessage
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetFolderPathA

shlwapi

PathFindExtensionW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
PathIsUNCW
PathFindFileNameW

uxtheme

GetCurrentThemeName
GetThemeSysColor
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeColor
DrawThemeBackground
IsAppThemed
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData

ole32

OleLockRunning
OleGetClipboard
CoLockObjectExternal
DoDragDrop
CoDisconnectObject
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
RegisterDragDrop
RevokeDragDrop

oleaut32

LoadTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
SysStringLen
VariantCopy
VariantClear
VarBstrFromDate
SysFreeString
SysAllocString
VariantInit
SysAllocStringLen

gdiplus

GdipDrawImageI
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits

ws2_32

WSASetLastError
WSACleanup
WSAStartup

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

Exports

Exports

UpdateMain

Sections

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 77B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 854KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

rdatas
Size: 83.2MB - Virtual size: 83.2MB

IMAGE_SCN_MEM_READ
$LOCALAPPDATA/Config.ini
$LOCALAPPDATA/Config2.ini
$LOCALAPPDATA/Protected.ini
$LOCALAPPDATA/Protected.json
$LOCALAPPDATA/SGuardSvc32.exe
.exe windows:4 windows x86 arch:x86

086a7325b37d216501ba79c81c613cc6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

20:3f:e7:f9:6a:9f:a7:44:bf:b3:13:83:b3:d4:39:3c:99:e9:36:d1
Signer

Actual PE Digest

20:3f:e7:f9:6a:9f:a7:44:bf:b3:13:83:b3:d4:39:3c:99:e9:36:d1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\vqq_debug\release\pdb\QQWubiFace.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

kernel32

CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
DeviceIoControl
ProcessIdToSessionId
GlobalFree
GetDriveTypeW
SetEndOfFile
CreateDirectoryW
GetFileType
FreeEnvironmentStringsA
GetCurrentDirectoryA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
HeapCreate
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
LCMapStringW
LCMapStringA
GetPrivateProfileStringW
GetModuleHandleA
RtlUnwind
GetStartupInfoW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
GetPrivateProfileIntW
GetCPInfo
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
GetEnvironmentStrings
CompareStringW
SetEnvironmentVariableA
GetFullPathNameW
CreateMutexW
OpenMutexW
LocalFree
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetTickCount
FindNextFileW
GetFileAttributesW
DeleteCriticalSection
InitializeCriticalSection
GetFileSize
CopyFileW
GetProcAddress
LoadLibraryW
SetFilePointer
GetCurrentProcessId
DeleteFileW
GetModuleFileNameA
WriteFile
VirtualQueryEx
GetVersionExW
WritePrivateProfileStringW
CreateFileA
ReadProcessMemory
SetUnhandledExceptionFilter
FreeLibrary
VirtualQuery
GetCurrentThread
GetThreadSelectorEntry
GetCommandLineW
GetLongPathNameW
GetModuleFileNameW
TerminateThread
MultiByteToWideChar
FlushInstructionCache
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
RaiseException
SetLastError
InterlockedDecrement
FindClose
FindFirstFileW
InterlockedIncrement
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
Sleep
CreateThread
CloseHandle
ReadFile
CreateFileW
GetLastError
ReleaseMutex
WaitForSingleObject
GetDriveTypeA
ExitProcess

user32

OffsetRect
RegisterClassExW
GetClassInfoExW
UnregisterClassW
DefWindowProcW
FillRect
WindowFromPoint
RegisterClipboardFormatW
GetClipboardData
MonitorFromPoint
GetMonitorInfoW
SetPropW
ShowScrollBar
SetScrollInfo
GetParent
GetDesktopWindow
GetWindow
GetPropW
ScrollWindow
SetScrollPos
DispatchMessageW
TranslateMessage
GetMessageW
SystemParametersInfoW
SetForegroundWindow
IsIconic
IsWindowVisible
GetWindowLongW
GetDlgItem
LoadImageW
UnregisterClassA
SendMessageW
SetWindowTextW
LoadIconW
CopyRect
DestroyIcon
DestroyWindow
LoadBitmapW
SetWindowPos
ShowCursor
IsWindow
CreateWindowExW
GetCapture
ShowWindow
CreateDialogParamW
SetWindowRgn
MoveWindow
EnableWindow
CloseClipboard
ClientToScreen
EmptyClipboard
OpenClipboard
PtInRect
GetCursorPos
GetWindowRect
ScreenToClient
EndPaint
GetDC
BeginPaint
GetClientRect
PostQuitMessage
DrawTextW
KillTimer
SetTimer
UpdateWindow
InvalidateRect
TrackMouseEvent
LoadCursorW
SendInput
ReleaseDC
SetCursor
GetMessageExtraInfo
EnumClipboardFormats
SetWindowLongW
SetClipboardData

gdi32

GetDeviceCaps
CreateDIBSection
GetClipBox
SaveDC
CreateFontIndirectW
StretchBlt
GetStockObject
GetObjectW
SetTextColor
SetBkMode
CreateRoundRectRgn
CreatePen
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
SetBkColor
CreateFontW
ExtTextOutW
DeleteDC
LineTo
DeleteObject
MoveToEx
CreateSolidBrush
SetDIBitsToDevice
SetStretchBltMode
GetDIBits
RestoreDC
BitBlt

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityInfo
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExA
LookupAccountSidW
ConvertSidToStringSidW
LookupAccountNameW
RegQueryValueExA
OpenProcessToken

shell32

SHCreateDirectoryExW
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CreateILockBytesOnHGlobal
StgOpenStorage
CoUninitialize
CoCreateGuid
CoInitialize
StgOpenStorageOnILockBytes
CoTaskMemFree
StgCreateDocfile

shlwapi

PathRemoveFileSpecW
PathFileExistsW

comctl32

ord17
_TrackMouseEvent

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAStartup
sendto
gethostbyname
closesocket
socket
htons
WSACleanup

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

Sections

.text
Size: 584KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

85f08eb0cbec010ecbc287fa68321173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
GetPrivateProfileIntW
SetFilePointer
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
GetPrivateProfileStringW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
WriteFile
GlobalAlloc

user32

PtInRect
LoadCursorW
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
MapWindowPoints

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

68b7023f8923dd087549802f8fa631c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

CharNextExA
CharNextW
CharPrevW
FindWindowExW
wsprintfW
SendMessageW

kernel32

GetCommandLineW
lstrcpynW
ExitProcess
GetCurrentProcess
GetModuleHandleA
GetProcAddress
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreatePipe
GetVersion
DeleteFileW
lstrcmpiW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CheomraSetup.exe
.exe windows:10 windows x86 arch:x86

629647668f0ee0bc0ee3b9e8a647678e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:50:cf:24:6b:26:3e:fd:85:a7:29:31:51:58:f3:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/04/2024, 00:00

Not After

10/04/2027, 23:59

Subject

SERIALNUMBER=3582691,CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=Dummy issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

cc:0f:61:1f:3b:d3:52:60:6f:af:28:61:d7:cb:b1:c1:43:f7:75:38:25:5c:3e:13:30:06:87:91:c7:dd:cd:05
Signer

Actual PE Digest

cc:0f:61:1f:3b:d3:52:60:6f:af:28:61:d7:cb:b1:c1:43:f7:75:38:25:5c:3e:13:30:06:87:91:c7:dd:cd:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

UpdaterSetup.exe.pdb

Imports

advapi32

AddAce
AdjustTokenPrivileges
AllocateAndInitializeSid
BuildTrusteeWithSidW
ChangeServiceConfig2W
ChangeServiceConfigW
CheckTokenMembership
CloseServiceHandle
ConvertSidToStringSidW
ConvertStringSidToSidW
CopySid
CreateProcessAsUserW
CreateProcessWithTokenW
CreateServiceW
DeleteService
DuplicateTokenEx
EqualSid
FreeSid
GetAce
GetAclInformation
GetLengthSid
GetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityInfo
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
ImpersonateLoggedOnUser
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
LookupAccountSidW
LookupPrivilegeValueW
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
OpenSCManagerW
OpenServiceW
OpenThreadToken
QueryServiceConfigW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegisterTraceGuidsW
RevertToSelf
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityInfo
TraceEvent
UnregisterTraceGuids

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

oleaut32

LoadTypeLi
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayUnaccessData
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysStringLen
SystemTimeToVariantTime
VariantClear

shell32

CommandLineToArgvW
ord680
SHGetFolderPathW
SHGetKnownFolderPath
ShellExecuteExW

shlwapi

ord437
PathMatchSpecW

user32

AllowSetForegroundWindow
CharUpperW
CreateDialogParamW
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
GetActiveWindow
GetClientRect
GetMessageW
GetMonitorInfoW
GetParent
GetQueueStatus
GetShellWindow
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowThreadProcessId
KillTimer
LoadImageW
MapWindowPoints
MessageBoxExW
MonitorFromWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostQuitMessage
RegisterClassExW
SendMessageW
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
TranslateMessage
UnregisterClassW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AssignProcessToJobObject
CloseHandle
CompareStringW
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FindResourceW
FlushFileBuffers
FlushInstructionCache
FlushViewOfFile
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessMitigationPolicy
GetProcessTimes
GetProductInfo
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTimePreciseAsFileTime
GetTempPathW
GetThreadId
GetThreadPreferredUILanguages
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserPreferredUILanguages
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalMemoryStatusEx
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetModuleInformation
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalFree
LockFileEx
LockResource
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
PostQueuedCompletionStatus
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
ReplaceFileW
ResetEvent
RtlCaptureStackBackTrace
RtlUnwind
SetCurrentDirectoryW
SetDefaultDllDirectories
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetInformationJobObject
SetLastError
SetProcessWorkingSetSize
SetStdHandle
SetThreadInformation
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnlockFileEx
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpiW

ole32

CoAddRefServerProcess
CoCreateInstance
CoGetCallContext
CoInitializeEx
CoRegisterClassObject
CoRegisterInitializeSpy
CoReleaseServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRevokeInitializeSpy
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
IIDFromString
StringFromGUID2

ntdll

NtDeleteKey

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
EnterCriticalPolicySection
LeaveCriticalPolicySection
UnloadUserProfile

secur32

GetUserNameExW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpSetStatusCallback

Exports

Exports

?get_active_implementation@simdutf@@YAAAV?$atomic_ptr@$$CBVimplementation@simdutf@@@internal@1@XZ
?get_available_implementations@simdutf@@YAABVavailable_implementation_list@internal@1@XZ
GetHandleVerifier

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 377B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

malloc_h
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 126KB

.ndata Size: - Virtual size: 72KB

.rsrc Size: 30KB - Virtual size: 29KB

d181040a9e213eccfb043c56a4a65076

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

ws2_32

oleacc

imm32

winmm

Exports

Exports

Sections

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 23KB - Virtual size: 40KB

.edata Size: 512B - Virtual size: 77B

.xdata Size: 60KB - Virtual size: 59KB

.rsrc Size: 854KB - Virtual size: 854KB

.reloc Size: 139KB - Virtual size: 138KB

rdatas Size: 83.2MB - Virtual size: 83.2MB

086a7325b37d216501ba79c81c613cc6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

20:3f:e7:f9:6a:9f:a7:44:bf:b3:13:83:b3:d4:39:3c:99:e9:36:d1Signer

Headers

File Characteristics

PDB Paths

Imports

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 72KB

.rsrc
Size: 30KB - Virtual size: 29KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 23KB - Virtual size: 40KB

.edata
Size: 512B - Virtual size: 77B

.xdata
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 854KB - Virtual size: 854KB

.reloc
Size: 139KB - Virtual size: 138KB

rdatas
Size: 83.2MB - Virtual size: 83.2MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

20:3f:e7:f9:6a:9f:a7:44:bf:b3:13:83:b3:d4:39:3c:99:e9:36:d1
Signer

.text
Size: 584KB - Virtual size: 582KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate