Hi all,what also seems interesting is that this variant uses anti-debugging technique.It tries to detect debugger VIA IsDebuggerPresent function.
[[KERNEL32.dll]]
GetCurrentThreadId, InterlockedIncrement, InterlockedDecrement, SetEvent, MultiByteToWideChar, SizeofResource, LoadResource, FindResourceW, LoadLibraryExW, WideCharToMultiByte, GetFileSize, CreateFileW, GetFileAttributesW, SetEndOfFile, ReadFile, WriteFile, DeleteFileW, GetLongPathNameW, RemoveDirectoryW, CreateDirectoryW, GetModuleHandleW, FindClose, FindFirstFileW, SetFileAttributesW, CopyFileW, FindNextFileW, LocalFree, LocalAlloc, GetProcAddress, lstrlenA, GetTempPathW, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, CreateEventW, CreateThread, Sleep, GetModuleFileNameW, GetUserDefaultLCID, LoadLibraryW, lstrcmpiW, WaitForSingleObject, CloseHandle, FreeLibrary, GetLastError, DeleteCriticalSection, InitializeCriticalSection, RaiseException, SetFilePointer, lstrlenW, GetStartupInfoW, InterlockedCompareExchange, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GetSystemTimeAsFileTime, GetFullPathNameW, GetDriveTypeW, SwitchToThread, LeaveCriticalSection, EnterCriticalSection, TlsSetValue, CreateSemaphoreA, TlsAlloc, TlsGetValue, TlsFree