XeNuM
16.08.2010, 16:08
По ICQ стали распространять следующий файл:
Это вирус, крадет пароль ICQ и меняет его на свой сразу же.
Информационный бюллетень о snatch.exe:
http://virusinfo.info/showthread.php?t=85613
Вот репорт с VirusTotal (http://www.virustotal.com/file-scan/report.html?id=41e19d03853208caec30a3c6c9bffa038e6 b03f0a021b24bbac092dbdbff788c-1281958799#):
Antivirus results
AhnLab-V3 - 2010.08.16.02 - 2010.08.16 - Malware/Win32.Generic
AntiVir - 8.2.4.34 - 2010.08.16 - -
Antiy-AVL - 2.0.3.7 - 2010.08.16 - -
Authentium - 5.2.0.5 - 2010.08.16 - W32/Infostealer.A!Maximus
Avast - 4.8.1351.0 - 2010.08.15 - -
Avast5 - 5.0.332.0 - 2010.08.15 - -
AVG - 9.0.0.851 - 2010.08.16 - -
BitDefender - 7.2 - 2010.08.16 - DeepScan:Generic.Malware.FPPkTkg.7388E5A8
CAT-QuickHeal - 11.00 - 2010.08.16 - -
ClamAV - 0.96.0.3-git - 2010.08.16 - -
Comodo - 5758 - 2010.08.16 - -
DrWeb - 5.0.2.03300 - 2010.08.16 - -
Emsisoft - 5.0.0.37 - 2010.08.16 - Win32.SuspectCrc!IK
eSafe - 7.0.17.0 - 2010.08.15 - -
eTrust-Vet - 36.1.7793 - 2010.08.16 - -
F-Prot - 4.6.1.107 - 2010.08.16 - W32/Infostealer.A!Maximus
F-Secure - 9.0.15370.0 - 2010.08.16 - DeepScan:Generic.Malware.FPPkTkg.7388E5A8
Fortinet - 4.1.143.0 - 2010.08.16 - -
GData - 21 - 2010.08.16 - DeepScan:Generic.Malware.FPPkTkg.7388E5A8
Ikarus - T3.1.1.88.0 - 2010.08.16 - Win32.SuspectCrc
Jiangmin - 13.0.900 - 2010.08.16 - -
Kaspersky - 7.0.0.125 - 2010.08.16 - -
McAfee - 5.400.0.1158 - 2010.08.16 - -
McAfee-GW-Edition - 2010.1 - 2010.08.16 - -
Microsoft - 1.6004 - 2010.08.16 - -
NOD32 - 5369 - 2010.08.16 - -
Norman - 6.05.11 - 2010.08.15 - -
nProtect - 2010-08-16.01 - 2010.08.16 - -
Panda - 10.0.2.7 - 2010.08.15 - Suspicious file
PCTools - 7.0.3.5 - 2010.08.16 - -
Prevx - 3.0 - 2010.08.16 - -
Rising - 22.61.00.04 - 2010.08.16 - -
Sophos - 4.56.0 - 2010.08.16 - -
Sunbelt - 6740 - 2010.08.16 - Trojan.Win32.Generic!BT
SUPERAntiSpyware - 4.40.0.1006 - 2010.08.16 - -
Symantec - 20101.1.1.7 - 2010.08.16 - -
TheHacker - 6.5.2.1.349 - 2010.08.16 - -
TrendMicro - 9.120.0.1004 - 2010.08.16 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.08.16 - -
VBA32 - 3.12.14.0 - 2010.08.13 - -
ViRobot - 2010.8.16.3990 - 2010.08.16 - -
VirusBuster - 5.0.27.0 - 2010.08.15 - -
File info:
MD5: 058ebc415a27694b7cff3093cfaf2f4a
SHA1: b0f3ccd65414853eb120b01e1ad7fbf25fc59690
SHA256: 41e19d03853208caec30a3c6c9bffa038e6b03f0a021b24bba c092dbdbff788c
File size: 938496 bytes
Scan date: 2010-08-16 11:39:59 (UTC)
MD5 : 058ebc415a27694b7cff3093cfaf2f4a
SHA1 : b0f3ccd65414853eb120b01e1ad7fbf25fc59690
SHA256: 41e19d03853208caec30a3c6c9bffa038e6b03f0a021b24bba c092dbdbff788c
ssdeep: 12288:nXd+LIjfE/LpHIwRHmHpoAyco8BJ3y88j0/CQn3IZfnN:nXSQKL2wRHi1LW88OCe3K
File size : 938496 bytes
First seen: 2010-08-14 13:38:20
Last seen : 2010-08-16 11:39:59
TrID:
Win32 Executable Borland Delphi 7 (66.6%)
Win32 Executable Borland Delphi 6 (26.1%)
InstallShield setup (4.2%)
Win32 Executable Delphi generic (1.4%)
Win32 Executable Generic (0.8%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: BobSoft Mini Delphi -> BoB / BobSoft
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x7F4B4
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)
[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0x7E51C, 0x7E600, 6.55, d78ea6492c93264eadaae1ceed20074f
DATA, 0x80000, 0x2C00, 0x2C00, 4.84, d44e68cf5d4c96329c627a69c4246158
BSS, 0x83000, 0x3C89, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0x87000, 0x2630, 0x2800, 4.89, c64a92d4df06da306828fe87901de092
.tls, 0x8A000, 0x10, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0x8B000, 0x18, 0x200, 0.18, 24dad9c95f5615eda29f922c58522c15
.reloc, 0x8C000, 0x8EB0, 0x9000, 6.66, 2b5c34c2b127d7fcf5ab8231b305abbe
.rsrc, 0x95000, 0x58200, 0x58200, 6.14, 616c3a01e62f0b70559ed241670f42a1
[[ 16 import(s) ]]
kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey
kernel32.dll: lstrcpyA, WriteFile, WinExec, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadProcessMemory, ReadFile, OpenProcess, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt
user32.dll: CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
kernel32.dll: Sleep
oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
ole32.dll: CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
oleaut32.dll: GetErrorInfo, SysFreeString
comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
wsock32.dll: WSACleanup, WSAStartup, WSAGetLastError, gethostbyname, socket, send, select, recv, inet_ntoa, inet_addr, htons, getsockopt, getpeername, connect, closesocket
Symantec reputation:Suspicious.Insight
Это вирус, крадет пароль ICQ и меняет его на свой сразу же.
Информационный бюллетень о snatch.exe:
http://virusinfo.info/showthread.php?t=85613
Вот репорт с VirusTotal (http://www.virustotal.com/file-scan/report.html?id=41e19d03853208caec30a3c6c9bffa038e6 b03f0a021b24bbac092dbdbff788c-1281958799#):
Antivirus results
AhnLab-V3 - 2010.08.16.02 - 2010.08.16 - Malware/Win32.Generic
AntiVir - 8.2.4.34 - 2010.08.16 - -
Antiy-AVL - 2.0.3.7 - 2010.08.16 - -
Authentium - 5.2.0.5 - 2010.08.16 - W32/Infostealer.A!Maximus
Avast - 4.8.1351.0 - 2010.08.15 - -
Avast5 - 5.0.332.0 - 2010.08.15 - -
AVG - 9.0.0.851 - 2010.08.16 - -
BitDefender - 7.2 - 2010.08.16 - DeepScan:Generic.Malware.FPPkTkg.7388E5A8
CAT-QuickHeal - 11.00 - 2010.08.16 - -
ClamAV - 0.96.0.3-git - 2010.08.16 - -
Comodo - 5758 - 2010.08.16 - -
DrWeb - 5.0.2.03300 - 2010.08.16 - -
Emsisoft - 5.0.0.37 - 2010.08.16 - Win32.SuspectCrc!IK
eSafe - 7.0.17.0 - 2010.08.15 - -
eTrust-Vet - 36.1.7793 - 2010.08.16 - -
F-Prot - 4.6.1.107 - 2010.08.16 - W32/Infostealer.A!Maximus
F-Secure - 9.0.15370.0 - 2010.08.16 - DeepScan:Generic.Malware.FPPkTkg.7388E5A8
Fortinet - 4.1.143.0 - 2010.08.16 - -
GData - 21 - 2010.08.16 - DeepScan:Generic.Malware.FPPkTkg.7388E5A8
Ikarus - T3.1.1.88.0 - 2010.08.16 - Win32.SuspectCrc
Jiangmin - 13.0.900 - 2010.08.16 - -
Kaspersky - 7.0.0.125 - 2010.08.16 - -
McAfee - 5.400.0.1158 - 2010.08.16 - -
McAfee-GW-Edition - 2010.1 - 2010.08.16 - -
Microsoft - 1.6004 - 2010.08.16 - -
NOD32 - 5369 - 2010.08.16 - -
Norman - 6.05.11 - 2010.08.15 - -
nProtect - 2010-08-16.01 - 2010.08.16 - -
Panda - 10.0.2.7 - 2010.08.15 - Suspicious file
PCTools - 7.0.3.5 - 2010.08.16 - -
Prevx - 3.0 - 2010.08.16 - -
Rising - 22.61.00.04 - 2010.08.16 - -
Sophos - 4.56.0 - 2010.08.16 - -
Sunbelt - 6740 - 2010.08.16 - Trojan.Win32.Generic!BT
SUPERAntiSpyware - 4.40.0.1006 - 2010.08.16 - -
Symantec - 20101.1.1.7 - 2010.08.16 - -
TheHacker - 6.5.2.1.349 - 2010.08.16 - -
TrendMicro - 9.120.0.1004 - 2010.08.16 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.08.16 - -
VBA32 - 3.12.14.0 - 2010.08.13 - -
ViRobot - 2010.8.16.3990 - 2010.08.16 - -
VirusBuster - 5.0.27.0 - 2010.08.15 - -
File info:
MD5: 058ebc415a27694b7cff3093cfaf2f4a
SHA1: b0f3ccd65414853eb120b01e1ad7fbf25fc59690
SHA256: 41e19d03853208caec30a3c6c9bffa038e6b03f0a021b24bba c092dbdbff788c
File size: 938496 bytes
Scan date: 2010-08-16 11:39:59 (UTC)
MD5 : 058ebc415a27694b7cff3093cfaf2f4a
SHA1 : b0f3ccd65414853eb120b01e1ad7fbf25fc59690
SHA256: 41e19d03853208caec30a3c6c9bffa038e6b03f0a021b24bba c092dbdbff788c
ssdeep: 12288:nXd+LIjfE/LpHIwRHmHpoAyco8BJ3y88j0/CQn3IZfnN:nXSQKL2wRHi1LW88OCe3K
File size : 938496 bytes
First seen: 2010-08-14 13:38:20
Last seen : 2010-08-16 11:39:59
TrID:
Win32 Executable Borland Delphi 7 (66.6%)
Win32 Executable Borland Delphi 6 (26.1%)
InstallShield setup (4.2%)
Win32 Executable Delphi generic (1.4%)
Win32 Executable Generic (0.8%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: BobSoft Mini Delphi -> BoB / BobSoft
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x7F4B4
timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype......: 0x14c (I386)
[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0x7E51C, 0x7E600, 6.55, d78ea6492c93264eadaae1ceed20074f
DATA, 0x80000, 0x2C00, 0x2C00, 4.84, d44e68cf5d4c96329c627a69c4246158
BSS, 0x83000, 0x3C89, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0x87000, 0x2630, 0x2800, 4.89, c64a92d4df06da306828fe87901de092
.tls, 0x8A000, 0x10, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0x8B000, 0x18, 0x200, 0.18, 24dad9c95f5615eda29f922c58522c15
.reloc, 0x8C000, 0x8EB0, 0x9000, 6.66, 2b5c34c2b127d7fcf5ab8231b305abbe
.rsrc, 0x95000, 0x58200, 0x58200, 6.14, 616c3a01e62f0b70559ed241670f42a1
[[ 16 import(s) ]]
kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey
kernel32.dll: lstrcpyA, WriteFile, WinExec, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadProcessMemory, ReadFile, OpenProcess, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt
user32.dll: CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
kernel32.dll: Sleep
oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
ole32.dll: CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
oleaut32.dll: GetErrorInfo, SysFreeString
comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
wsock32.dll: WSACleanup, WSAStartup, WSAGetLastError, gethostbyname, socket, send, select, recv, inet_ntoa, inet_addr, htons, getsockopt, getpeername, connect, closesocket
Symantec reputation:Suspicious.Insight