| File Path | Type and Hashes |
|---|
| Match Rules |
|---|
| File Name: | pestudio.exe |
| File Type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| SHA1: | 58a0c1b9b119fe996450d1be3e95740bd4b1e0b5 |
| MD5: | acc0312fc392b170498facbd64c2f925 |
| First Seen Date: | 2017-04-25 06:22:49.569739 ( ) |
| Number of Clients Seen: | 3 |
| Last Analysis Date: | 2017-04-25 06:22:49.569739 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| number of sections | 4 |
| compilation time stamp | 0x58F9D70F [Fri Apr 21 09:55:27 2017 UTC] |
| LegalCopyright | Copyright \xa9 2009-2017 Marc Ochsenmeier |
| InternalName | pestudio.exe |
| FileVersion | 8, 58, 0, 0 |
| CompanyName | www.winitor.com |
| LegalTrademarks | www.winitor.com |
| Comments | Malware Initial Assessment |
| ProductName | pestudio |
| ProductVersion | 8, 58, 0, 0 |
| FileDescription | Malware Initial Assessment - www.winitor.com |
| OriginalFilename | pestudio.exe |
| Translation | 0x0000 0x04b0 |
| entry point | 0x44a8c7 (.text) |
| machine type | Intel 386 or later - 32Bit |
| file size | 534016 |
| sha256 | 1733a947d2afac151425517e6d373c35f01e6d8e88fce604e862c35205cc3cef |
| mime type | application/x-dosexec |
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x5fd7b | 0x5fe00 | 6.532193 | - |
| .rdata | 0x61000 | 0x14626 | 0x14800 | 4.755037 | - |
| .data | 0x76000 | 0x6658 | 0x2a00 | 4.119944 | - |
| .rsrc | 0x7d000 | 0xb150 | 0xb200 | 4.460908 | - |
-
KERNEL32.dll
- RaiseException
- TerminateProcess
- UnhandledExceptionFilter
- SetUnhandledExceptionFilter
- IsDebuggerPresent
- HeapAlloc
- HeapFree
- HeapReAlloc
- Sleep
- ExitProcess
- HeapSize
- GetStdHandle
- GetModuleFileNameA
- FreeEnvironmentStringsW
- GetEnvironmentStringsW
- GetCommandLineW
- SetHandleCount
- GetFileType
- GetStartupInfoA
- HeapCreate
- VirtualFree
- QueryPerformanceCounter
- GetSystemTimeAsFileTime
- RtlUnwind
- GetACP
- GetOEMCP
- IsValidCodePage
- LCMapStringA
- LCMapStringW
- VirtualAlloc
- InitializeCriticalSectionAndSpinCount
- GetTimeZoneInformation
- GetLocaleInfoA
- GetConsoleCP
- GetConsoleMode
- GetStringTypeA
- GetStringTypeW
- SetStdHandle
- WriteConsoleA
- GetConsoleOutputCP
- WriteConsoleW
- CreateFileA
- SetEnvironmentVariableA
- GetStartupInfoW
- SetErrorMode
- GetFileSizeEx
- LocalFileTimeToFileTime
- GetFileAttributesExW
- FileTimeToLocalFileTime
- GetShortPathNameW
- GetVolumeInformationW
- FindFirstFileW
- FindClose
- GetCurrentProcess
- DuplicateHandle
- GetFileSize
- SetEndOfFile
- UnlockFile
- LockFile
- FlushFileBuffers
- SetFilePointer
- ReadFile
- lstrcmpiW
- GetStringTypeExW
- DeleteFileW
- MoveFileW
- WritePrivateProfileStringW
- SystemTimeToFileTime
- FileTimeToSystemTime
- GetThreadLocale
- lstrlenA
- GlobalFlags
- InterlockedIncrement
- TlsFree
- DeleteCriticalSection
- LocalReAlloc
- TlsSetValue
- TlsAlloc
- InitializeCriticalSection
- GlobalHandle
- GlobalReAlloc
- EnterCriticalSection
- TlsGetValue
- LeaveCriticalSection
- LocalAlloc
- GlobalGetAtomNameW
- GetModuleHandleA
- GetProfileIntW
- GetTickCount
- GetDiskFreeSpaceW
- GetFullPathNameW
- GetTempFileNameW
- GetFileTime
- SetFileTime
- GetFileAttributesW
- GetCurrentProcessId
- GetCurrentThread
- ConvertDefaultLocale
- EnumResourceLanguagesW
- lstrcmpA
- GetLocaleInfoW
- CompareStringA
- InterlockedExchange
- InterlockedDecrement
- GetModuleFileNameW
- FreeResource
- GlobalAddAtomW
- GlobalFindAtomW
- GlobalDeleteAtom
- GetVersionExW
- CompareStringW
- lstrcmpW
- GetVersionExA
- GetCurrentThreadId
- GlobalFree
- FormatMessageW
- LocalFree
- lstrlenW
- MulDiv
- CreateFileW
- WriteFile
- LoadLibraryA
- CloseHandle
- FreeLibrary
- GetLastError
- SetLastError
- GetProcAddress
- GetModuleHandleW
- LoadLibraryW
- WideCharToMultiByte
- MultiByteToWideChar
- GlobalAlloc
- GlobalLock
- GlobalUnlock
- lstrcpyW
- FindResourceW
- LoadResource
- LockResource
- GetCPInfo
- SizeofResource
-
USER32.dll
- IsZoomed
- GetSysColorBrush
- UnregisterClassW
- DestroyIcon
- CharUpperW
- SetRectEmpty
- EndPaint
- BeginPaint
- GetWindowDC
- ReleaseDC
- GetDC
- GrayStringW
- DrawTextExW
- DrawTextW
- TabbedTextOutW
- FillRect
- WindowFromPoint
- ClientToScreen
- SetRect
- GetWindowThreadProcessId
- ShowOwnedPopups
- SetCursor
- DestroyMenu
- GetMenuItemInfoW
- InflateRect
- GetDesktopWindow
- CreateDialogIndirectParamW
- GetNextDlgTabItem
- EndDialog
- IsWindowEnabled
- ShowWindow
- MoveWindow
- SetWindowTextW
- IsDialogMessageW
- SetMenuItemBitmaps
- GetMenuCheckMarkDimensions
- LoadBitmapW
- ModifyMenuW
- CheckMenuItem
- LoadIconW
- SendDlgItemMessageW
- SendDlgItemMessageA
- UnpackDDElParam
- GetCapture
- GetClassLongW
- GetClassNameW
- SetPropW
- GetPropW
- RemovePropW
- GetFocus
- SetFocus
- GetWindowTextLengthW
- GetWindowTextW
- GetForegroundWindow
- GetLastActivePopup
- SetActiveWindow
- BeginDeferWindowPos
- EndDeferWindowPos
- GetDlgItem
- GetTopWindow
- DestroyWindow
- UnhookWindowsHookEx
- GetMessageTime
- GetMessagePos
- MapWindowPoints
- TrackPopupMenu
- SetMenu
- SetScrollPos
- GetScrollPos
- SetForegroundWindow
- PostMessageW
- MessageBoxW
- CreateWindowExW
- GetClassInfoExW
- GetClassInfoW
- RegisterClassW
- AdjustWindowRectEx
- GetParent
- EqualRect
- DeferWindowPos
- GetDlgCtrlID
- DefWindowProcW
- CallWindowProcW
- PtInRect
- GetMenu
- GetWindowLongW
- SetWindowLongW
- SetWindowPos
- OffsetRect
- IntersectRect
- SystemParametersInfoA
- IsIconic
- GetWindowPlacement
- GetWindow
- SetWindowsHookExW
- CallNextHookEx
- GetMessageW
- TranslateMessage
- DispatchMessageW
- ReuseDDElParam
- LoadAcceleratorsW
- InsertMenuItemW
- CreatePopupMenu
- BringWindowToTop
- TranslateAcceleratorW
- LoadCursorW
- DestroyCursor
- SetCursorPos
- ReleaseCapture
- SetCapture
- IsChild
- EnableWindow
- GetCursorPos
- EnableMenuItem
- GetMenuItemCount
- GetSubMenu
- RemoveMenu
- LoadMenuW
- PostQuitMessage
- SendMessageW
- IsWindowVisible
- IsWindow
- GetSystemMetrics
- CopyRect
- GetClientRect
- ScreenToClient
- UpdateWindow
- InvalidateRect
- CloseClipboard
- SetClipboardData
- EmptyClipboard
- OpenClipboard
- AppendMenuW
- GetSysColor
- RedrawWindow
- SetParent
- CreateIconFromResourceEx
- GetActiveWindow
- PeekMessageW
- ValidateRect
- GetMenuState
- GetMenuItemID
- GetWindowRect
- RegisterWindowMessageW
- KillTimer
- SetTimer
- ShowScrollBar
- GetKeyState
- SystemParametersInfoW
- WinHelpW
-
GDI32.dll
- SetWindowExtEx
- ScaleWindowExtEx
- DeleteDC
- CreatePatternBrush
- GetCharWidthW
- CreateFontW
- StretchDIBits
- CreateCompatibleBitmap
- PatBlt
- GetTextMetricsW
- SetViewportExtEx
- ScaleViewportExtEx
- OffsetViewportOrgEx
- SetViewportOrgEx
- SelectObject
- Escape
- TextOutW
- RectVisible
- PtVisible
- GetPixel
- CreateFontIndirectW
- DeleteObject
- IntersectClipRect
- ExcludeClipRect
- SetMapMode
- SetBkMode
- RestoreDC
- SaveDC
- GetBkColor
- GetTextExtentPoint32W
- ExtTextOutW
- BitBlt
- CreateCompatibleDC
- CreateBitmap
- SetBkColor
- SetTextColor
- GetClipBox
- GetDeviceCaps
- CreateSolidBrush
- GetCurrentObject
- GetObjectW
- GetStockObject
-
COMDLG32.dll
- GetFileTitleW
-
ADVAPI32.dll
- RegSetValueExW
- RegCreateKeyW
- RegCreateKeyExW
- GetFileSecurityW
- SetFileSecurityW
- RegQueryValueW
- RegOpenKeyW
- RegEnumKeyW
- RegDeleteKeyW
- RegOpenKeyExW
- RegQueryValueExW
- RegSetValueW
- RegCloseKey
-
SHELL32.dll
- DragAcceptFiles
- DragFinish
- DragQueryFileW
- ExtractIconW
- SHGetFileInfoW
- ShellExecuteW
-
SHLWAPI.dll
- PathFindFileNameW
- PathRemoveFileSpecW
- PathStripToRootW
- PathFindExtensionW
- PathIsUNCW
-
ole32.dll
- CoUninitialize
- RevokeDragDrop
- CoLockObjectExternal
- RegisterDragDrop
- CoTaskMemFree
- CoInitializeEx
- CoCreateInstance
- CoInitialize
-
OLEAUT32.dll
- SysAllocStringLen
- VariantClear
- VariantChangeType
- VariantInit
RT_BITMAP
RT_ICON
RT_MENU
RT_DIALOG
RT_STRING
RT_ACCELERATOR
RT_GROUP_ICON
RT_VERSION
RT_MANIFEST