88ee5233f565c1c7ef5b38f051aca2a37bb42d354b2efb053fb64617eda14ecc

Sharing

Copy URL Twitter E-mail

General

Target

88ee5233f565c1c7ef5b38f051aca2a37bb42d354b2efb053fb64617eda14ecc
Size

876KB
MD5

1e1b6da1a4fb0a541878cd8503de83a0
SHA1

e941bbf6dfddba647787408ad0fba87ba2bc47f9
SHA256

88ee5233f565c1c7ef5b38f051aca2a37bb42d354b2efb053fb64617eda14ecc
SHA512

4f9a27c9246cfe9f0b619219c09849c6db01fadee38bcb31b2af19c94b087cfa307345e3387bd906bf2f25de57ff216bcd527e20e1e4863a5331cb29511ad8c7
SSDEEP

12288:+pRP4gie6Iy94/zRz1ddBvSHy+HFhiApR5u+ZLhqTz6ka6Sh13aMsZ5aMsZLozt8:+pRP4ES94rR5cszHPSz3a1Z5a1ZLoz

Score

N/A

Malware Config

Signatures

Files

88ee5233f565c1c7ef5b38f051aca2a37bb42d354b2efb053fb64617eda14ecc
.exe windows x86

b7b7622147b1cfbcb6d82e8c0090a7ac

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:38:13:71:08:6f:a9:e4:4f:ce:46:bc:75:80:57:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

12/01/2010, 00:00

Not After

11/01/2013, 23:59

Subject

CN=Shanghai Giant Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai Giant Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

zlib

compress
uncompress

mfc80u

ord4112
ord2239
ord4562
ord762
ord3327
ord4255
ord4475
ord2832
ord5562
ord5209
ord5226
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord283
ord577
ord774
ord1178
ord2461
ord1086
ord265
ord266
ord764
ord3642
ord395
ord635
ord4293
ord5161
ord1079
ord1894
ord3201
ord4259
ord4480
ord3943
ord2638
ord3703
ord3713
ord1198
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord5364
ord1955
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4271
ord4716
ord3397
ord1297
ord2164
ord5201
ord4179
ord6271
ord5067
ord1899
ord5144
ord4238
ord1393
ord3939
ord1608
ord5971
ord1049
ord1121
ord3824
ord757
ord566
ord3677
ord2237
ord1904
ord2609
ord5003
ord5006
ord4303
ord4129
ord2933
ord4898
ord940
ord5352
ord2986
ord2419
ord2418
ord4013
ord1548
ord6721
ord5911
ord1611

msvcr80

_atoi64
_mktime64
__CxxFrameHandler3
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
fopen_s
fprintf
strncmp
_beginthreadex
wcsftime
fflush
wcsstr
malloc
strftime
_snwprintf
_wsplitpath
swprintf_s
_snprintf
_i64toa
strtoul
_ultoa
_wfopen
wcsncpy
_wtol
wcstoul
_wrename
_swprintf
_vsnprintf
vsprintf_s
_time64
_splitpath
fwrite
fread
fclose
ftell
fseek
fopen
atoi
atol
_localtime64
rand
srand
sprintf_s
sprintf
_strtime
_strdate
free
strncpy
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
memmove_s
??0exception@std@@QAE@XZ
wcstok
memcpy
memset
_crt_debugger_hook

kernel32

GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
WritePrivateProfileStructW
GetPrivateProfileStructW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetSystemTime
GlobalMemoryStatusEx
SystemTimeToFileTime
GetSystemInfo
ReadFile
SetFilePointer
GetFileSize
GetModuleFileNameW
OutputDebugStringW
GetLocalTime
WritePrivateProfileStringW
CreateDirectoryW
FindClose
FindNextFileW
GetPrivateProfileStringW
FindFirstFileW
GetFileAttributesW
IsBadWritePtr
DeviceIoControl
CreateFileA
GetVersionExW
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
SetEvent
CreateEventW
GetPrivateProfileIntW
SetUnhandledExceptionFilter
GetTempFileNameW
GetTempPathW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
FormatMessageA
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
DeleteFileW
GlobalMemoryStatus
ExitProcess
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
Sleep
TerminateThread
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
WriteFile
SetNamedPipeHandleState
WaitNamedPipeW
GetLastError
CreateFileW
GetVersion
InterlockedDecrement
SetCurrentDirectoryW
InterlockedIncrement
GetCurrentThreadId
CloseHandle
GetProcAddress
LoadLibraryW
FreeLibrary

user32

KillTimer
DestroyWindow
ShowWindow
CreateWindowExW
GetClassInfoW
RegisterClassExW
GetLastInputInfo
FindWindowExA
SystemParametersInfoW
MessageBoxW
DefWindowProcW
PostThreadMessageW
PostMessageW
SetTimer
SendMessageW
PostQuitMessage

gdi32

GetStockObject

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW

ws2_32

ntohl
inet_ntoa
WSACleanup
WSAStartup
getsockopt
gethostbyname
setsockopt
inet_addr
accept
listen
send
closesocket
socket
bind
shutdown
recv
htons
WSAGetLastError
htonl
connect
ntohs
ioctlsocket

ole32

CoRevokeClassObject
CoRegisterPSClsid
CoRegisterClassObject
CoCreateGuid
CoGetClassObject

oleaut32

BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringByteLen
SysAllocStringLen
SysFreeString
SysAllocStringByteLen

msvcp80

??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1strstreambuf@std@@UAE@XZ
??0strstreambuf@std@@QAE@H@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0strstreambuf@std@@QAE@PADH0@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?construct@?$allocator@D@std@@QAEXPADABD@Z
?destroy@?$allocator@D@std@@QAEXPAD@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

winmm

mixerGetControlDetailsW
mixerClose
mixerSetControlDetails
mixerGetLineControlsW
mixerGetLineInfoW
timeGetTime
timeBeginPeriod
timeEndPeriod
PlaySoundW
mixerGetNumDevs
mixerOpen
mixerGetDevCapsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iceclientlib

?SetID@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@_KG@Z
?GetStats@ICEClient@@QBE?AUstat@1@XZ
??0ICEClient@@QAE@XZ
?SetVoiceFont@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@W4ICECLIENT_VOICEFONT_PRESET@1@@Z
?SetCodec@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@E@Z
?ReceiveCapsule@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@PBDI@Z
?GetCodecs@ICEClient@@QAEPBEXZ
?AutoTick@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@XZ
?SetEchoSupression@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@_N@Z
?TalkInto@ICEClient@@QAEX_NE@Z
?GetDeviceList@ICEClient@@SA?AW4ICECLIENT_ERROR@1@PAUdevice@1@PAI@Z
?SetDevice@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@PBUdevice@1@0@Z
?GetCaptureDevice@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@PAUdevice@1@@Z
?GetOutputDevice@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@PAUdevice@1@@Z
?StartMicTestPhase1@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@XZ
?StartMicTestPhase2@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@W4ICECLIENT_MICTEST_MODE@1@P6AXPAX@Z1@Z
?StopMicTest@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@XZ
?SetCustomVoiceFont@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@Uvoicefont@1@@Z
?SetLogging@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@P6AXIPBDPAX@Z1I@Z
?SetName@ICEClient@@QAEXPBD@Z
?Mute@ICEClient@@QAEX_N@Z
?MuteMic@ICEClient@@QAEX_N@Z
?SetServer@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@PBDGG@Z
??1ICEClient@@QAE@XZ
?Pause@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@_N@Z
?SetP2P@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@_N@Z
?SetGameEncapsulation@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@P6AXPBDIPAX@Z1@Z
?SetPremium@ICEClient@@SAX_N@Z
?Init@ICEClient@@QAE?AW4ICECLIENT_ERROR@1@W4ICECLIENT_ENGINE_TYPE@1@@Z

tinyxml

??1TiXmlElement@@UAE@XZ
??0TiXmlElement@@QAE@PBD@Z
?InsertEndChild@TiXmlNode@@QAEPAV1@ABV1@@Z
??0TiXmlDeclaration@@QAE@PBD00@Z
??0TiXmlDocument@@QAE@PBD@Z
?StringOut@TiXmlBase@@QAEXAAV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
??0TiXmlDocument@@QAE@XZ
?SetAttribute@TiXmlElement@@QAEXPBD0@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?FirstChildElement@TiXmlNode@@QBEPAVTiXmlElement@@PBD@Z
??1TiXmlDocument@@UAE@XZ
?LoadFile@TiXmlDocument@@QAE_NPBDW4TiXmlEncoding@@@Z
?FirstChildElement@TiXmlNode@@QBEPAVTiXmlElement@@XZ
?NextSiblingElement@TiXmlNode@@QBEPAVTiXmlElement@@XZ
??1TiXmlDeclaration@@UAE@XZ

rpcrt4

NdrDllGetClassObject
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release

iphlpapi

GetAdaptersInfo
GetTcpTable
GetUdpTable

sqlite3

sqlite3_bind_int64
sqlite3_finalize
sqlite3_column_blob
sqlite3_step
sqlite3_prepare
sqlite3_bind_blob
sqlite3_free_table
sqlite3_exec
sqlite3_key
sqlite3_close
sqlite3_open
sqlite3_get_table
sqlite3_bind_text

Exports

Exports

??4ICEClient@@QAEAAV0@ABV0@@Z

Sections

.text
Size: 492KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�U�
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7b7622147b1cfbcb6d82e8c0090a7ac

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

66:38:13:71:08:6f:a9:e4:4f:ce:46:bc:75:80:57:fbCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

zlib

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

comctl32

shlwapi

ws2_32

ole32

oleaut32

msvcp80

winmm

version

iceclientlib

tinyxml

rpcrt4

iphlpapi

sqlite3

Exports

Exports

Sections

.text Size: 492KB - Virtual size: 488KB

.orpc Size: 4KB - Virtual size: 576B

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 12KB - Virtual size: 12KB

.tls Size: 4KB - Virtual size: 1KB

.rsrc Size: 152KB - Virtual size: 149KB

�U� Size: 88KB - Virtual size: 88KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

66:38:13:71:08:6f:a9:e4:4f:ce:46:bc:75:80:57:fb
Certificate

.text
Size: 492KB - Virtual size: 488KB

.orpc
Size: 4KB - Virtual size: 576B

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 12KB - Virtual size: 12KB

.tls
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 152KB - Virtual size: 149KB

�U�
Size: 88KB - Virtual size: 88KB