056104d4739dc5f2e69af956f4a0bc3832ae2ff877ad2de8901287fd00fa8dd8

Sharing

Copy URL Twitter E-mail

General

Target

056104d4739dc5f2e69af956f4a0bc3832ae2ff877ad2de8901287fd00fa8dd8
Size

924KB
MD5

69332546d97162a1e722cfd9dce91082
SHA1

eddfef1336303744bbb87229d49159cff39ae8f6
SHA256

056104d4739dc5f2e69af956f4a0bc3832ae2ff877ad2de8901287fd00fa8dd8
SHA512

16c292a75801b849be2793dfc57f658ac625286726b576fd3e91f7faddcc130dfe66157942ea1c241c2064ed8f90e3f9f64dfa82316a90dc0f07ebb7581717a1
SSDEEP

12288:Gr2fWQXzrDwYgyIEQ7mv3rAJsw6diwnIdg17gfyvZA4:tDwHZy3rAJsw6diwnDKyvZL

Score

N/A

Malware Config

Signatures

Files

056104d4739dc5f2e69af956f4a0bc3832ae2ff877ad2de8901287fd00fa8dd8
.exe windows x86

8bd64e6326aad59562cf278f829b67b5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3f:86:20:c7:8f:82:c1:b6:ad:1c:0c:10:4f:5f:09:2c:b7:2c:95:4b
Signer

Actual PE Digest

3f:86:20:c7:8f:82:c1:b6:ad:1c:0c:10:4f:5f:09:2c:b7:2c:95:4b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

30/08/2010, 05:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

common

??0CTXStringW@@QAE@XZ
?IsEmpty@CTXStringW@@QBE_NXZ
?Replace@CTXStringW@@QAEH_W0@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
?GetBuffer@CTXStringW@@QAEPA_WXZ
??1CTXStringW@@QAE@XZ
?Format@CTXStringW@@QAAXPB_WZZ
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?GetLength@CTXStringW@@QBEHXZ
?Empty@CTXStringW@@QAEXXZ
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
??BCTXStringW@@QBEPB_WXZ
??0CTXStringW@@QAE@ABV0@@Z
??0CTXStringW@@QAE@PB_W@Z

mfc80u

ord3869
ord2254
ord760
ord572
ord3157
ord658
ord1939
ord1970
ord3198
ord4347
ord563
ord753
ord3645
ord776
ord642
ord3208
ord3678
ord1549
ord1628
ord4230
ord2121
ord3990
ord4101
ord3756
ord2260
ord1906
ord896
ord772
ord860
ord741
ord3311
ord4234
ord1582
ord2086
ord587
ord6251
ord3158
ord6033
ord4226
ord1536
ord5638
ord4103
ord2263
ord907
ord784
ord304
ord310
ord384
ord3331
ord629
ord5083
ord6284
ord1430
ord1156
ord284
ord781
ord2463
ord5226
ord4562
ord3942
ord2239
ord5222
ord5220
ord2925
ord1911
ord3826
ord4535
ord5378
ord6215
ord3677
ord5096
ord1007
ord3800
ord5579
ord2009
ord566
ord2054
ord757
ord4320
ord6274
ord3795
ord6272
ord1591
ord4276
ord1894
ord4716
ord3397
ord1058
ord6700
ord265
ord282
ord5558
ord1479
ord899
ord4179
ord6271
ord578
ord5067
ord1899
ord300
ord5148
ord3635
ord3940
ord2460
ord1608
ord1611
ord5398
ord4574
ord5209
ord762
ord5562
ord2832
ord4475
ord283
ord3327
ord2531
ord2725
ord2829
ord4301
ord2708
ord1472
ord2534
ord2640
ord2527
ord3712
ord605
ord3713
ord6086
ord3703
ord2638
ord3943
ord1542
ord4255
ord5971
ord577
ord3824
ord2261
ord4100
ord4032
ord266
ord4008
ord764
ord1198
ord280
ord4480
ord2856
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3176
ord3339
ord6275
ord4256
ord293
ord3395
ord2876
ord774
ord326
ord6721
ord2867
ord5911
ord1006
ord4558
ord1393
ord4232
ord3344
ord2255
ord3995
ord3224
ord4117
ord502
ord2366
ord5727
ord3789
ord4109
ord1959
ord2651
ord2579
ord6116
ord5210
ord5637
ord3296
ord5633
ord1271
ord3155
ord1925
ord5609
ord6061
ord3435
ord6063
ord2461
ord1270
ord1659
ord1106
ord2648
ord4314
ord3281
ord2361
ord2311
ord5829
ord3204
ord4119
ord1785
ord1118
ord602
ord1416
ord347
ord1920
ord2225
ord5956
ord5231
ord5229
ord354
ord920
ord1021
ord925
ord4743
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord1079
ord2392
ord2390
ord2407
ord5178
ord2402
ord4206
ord2386
ord4729
ord2409
ord4884
ord2397
ord2313
ord2011
ord2379
ord1662
ord2381
ord1661
ord2399
ord6720
ord2169
ord5908
ord2163
ord1392
ord1513
ord4238
ord6273
ord709
ord5199
ord3796
ord501

msvcr80

wcschr
_wcsicmp
_purecall
wcsstr
sscanf
free
malloc
_snprintf
atoi
strncpy
strncat
memmove_s
memmove
_wtoi
iswdigit
wcsncmp
wcsncpy
_time32
_invalid_parameter_noinfo
wcsncat
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
wcsrchr
_wtol
_wcslwr_s
memcpy_s
_snwprintf
swscanf
??0exception@std@@QAE@ABV01@@Z
wcstoul
_time64
_wsplitpath
_wmkdir
_wstat64
_wsplitpath_s
rand
_CxxThrowException
isprint
_localtime64
_vsnprintf_s
swscanf_s
strncmp
isalnum
_vsnwprintf_s
isspace
tolower
_vswprintf
fwrite
fflush
fclose
fopen
fseek
rename
realloc
_beginthreadex
srand
putchar
putwchar
wcstol
_amsg_exit
__wgetmainargs
memset
_unlink
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
memcpy
__CxxFrameHandler3
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook

kernel32

HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetACP
HeapSize
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetNumberFormatW
GetLocaleInfoW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetLocaleInfoA
GetTimeFormatW
GetDateFormatW
GetCurrencyFormatW
FlushFileBuffers
SetEvent
ResetEvent
DeviceIoControl
MultiByteToWideChar
ProcessIdToSessionId
GetCurrentProcessId
RaiseException
CopyFileW
CreateDirectoryW
GetCurrentDirectoryW
GetSystemDirectoryW
LoadLibraryA
GetSystemInfo
DeleteCriticalSection
VirtualQuery
InitializeCriticalSection
CreateEventW
ReleaseMutex
WaitForSingleObject
FileTimeToLocalFileTime
GetModuleHandleW
SetFilePointer
FreeLibrary
SizeofResource
ReadFile
GetProcAddress
OpenMutexW
LoadLibraryW
CreateToolhelp32Snapshot
GetCurrentThreadId
HeapAlloc
OpenProcess
ExpandEnvironmentStringsW
GetFileSize
GetProcessHeap
HeapFree
GetDriveTypeW
FindClose
Thread32Next
GetVersionExW
Thread32First
FindFirstFileW
CreateProcessW
lstrlenA
GetCurrentProcess
GetModuleFileNameW
FindResourceExW
FileTimeToSystemTime
GetSystemDefaultLangID
IsBadWritePtr
IsBadReadPtr
lstrlenW
lstrcpynW
WideCharToMultiByte
lstrcmpW
CreateThread
TerminateThread
LockResource
VirtualProtect
LoadResource
FindResourceW
SleepEx
ResumeThread
CreateFileW
WriteFile
LeaveCriticalSection
EnterCriticalSection
CloseHandle
DeleteFileW
CreateMutexW
SetLastError
OutputDebugStringW
GetTickCount
GetCommandLineW
Sleep
GetLastError

user32

PostQuitMessage
IsIconic
SetTimer
DestroyWindow
DefWindowProcW
EnableWindow
IsWindowVisible
WindowFromPoint
GetForegroundWindow
MessageBoxW
EnumThreadWindows
GetWindowTextW
GetWindowThreadProcessId
EqualRect
SetWindowLongW
FindWindowExW
CreateWindowExW
SetWindowTextW
GetClassNameW
RegisterClassExW
GetWindowLongW
OffsetRect
ClientToScreen
CharNextW
GetDesktopWindow
CharPrevW
GetSysColor
FillRect
DestroyCursor
GetSystemMetrics
LoadIconW
KillTimer
DispatchMessageW
UnregisterClassA
GetMessageW
LoadCursorW
DestroyIcon
GetClientRect
DrawIcon
FindWindowW
SendMessageW
PtInRect
SetWindowRgn
ShowScrollBar
TranslateMessage
PeekMessageW
WaitMessage
GetActiveWindow
SetWindowPos
InvalidateRect
SystemParametersInfoW
GetDC
GetClassInfoW
ReleaseDC
RegisterClassW
PostMessageW
GetWindowRect
LoadBitmapW
IsWindow
GetCursorPos
ScreenToClient
SetCursor
RedrawWindow
DrawIconEx
GetParent
CopyRect

gdi32

BitBlt
CreateRoundRectRgn
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
CreateDCW
DeleteDC
StretchBlt
GetBkColor
GetTextColor
CreateFontIndirectW
GetObjectW
Rectangle
CreatePen
SelectObject

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
SHAppBarMessage

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

StrCmpW
StrFormatKBSizeW
StrFromTimeIntervalW
StrFormatByteSizeW
StrCpyW

ole32

CoInitialize
CoUninitialize
StgOpenStorage
CoCreateInstance
CoFreeUnusedLibrariesEx
StgCreateDocfile
StgIsStorageFile
CoCreateGuid

oleaut32

SysAllocString
VariantInit
VariantClear

msvcp80

?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??0strstreambuf@std@@QAE@H@Z
??1strstreambuf@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?freeze@strstreambuf@std@@QAEX_N@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z

winmm

timeEndPeriod
timeBeginPeriod
timeGetDevCaps

iphlpapi

GetIpForwardTable

atl80

ord30

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

ws2_32

select
connect
ioctlsocket
socket
getprotobyname
setsockopt
closesocket
recv
send
gethostbyname
WSAStartup
WSACleanup
sendto
bind
getpeername
__WSAFDIsSet
htons
WSAGetLastError
recvfrom

psapi

GetModuleFileNameExW

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�}�
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8bd64e6326aad59562cf278f829b67b5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

3f:86:20:c7:8f:82:c1:b6:ad:1c:0c:10:4f:5f:09:2c:b7:2c:95:4bSigner

Signature Validations

Verification

30/08/2010, 05:04 Valid: false

Headers

File Characteristics

Imports

common

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp80

winmm

iphlpapi

atl80

version

netapi32

ws2_32

psapi

Sections

.text Size: 228KB - Virtual size: 224KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 252KB - Virtual size: 257KB

.rsrc Size: 372KB - Virtual size: 371KB

�}� Size: 244KB - Virtual size: 244KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

3f:86:20:c7:8f:82:c1:b6:ad:1c:0c:10:4f:5f:09:2c:b7:2c:95:4b
Signer

30/08/2010, 05:04
Valid: false

.text
Size: 228KB - Virtual size: 224KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 252KB - Virtual size: 257KB

.rsrc
Size: 372KB - Virtual size: 371KB

�}�
Size: 244KB - Virtual size: 244KB