ab506ef509e559f473d4ae3a9281129c365e84011222bf3f85f831132257dcf7

Sharing

Copy URL Twitter E-mail

General

Target

ab506ef509e559f473d4ae3a9281129c365e84011222bf3f85f831132257dcf7
Size

2.7MB
MD5

f810e27178c357d0fd2fd24e5cb30ec8
SHA1

a9defa10761648c84ee1e85b934ea8bfdf033d7f
SHA256

ab506ef509e559f473d4ae3a9281129c365e84011222bf3f85f831132257dcf7
SHA512

8de2329b0fc5beb50ac2a7b595af373ca72b414906f7d675ec0f4992fd30163552e03114ce3ac0d6f58a6696e999aaca9e4d15de8170c1d6029d7f2f126f2539
SSDEEP

49152:heeNgqC8Gp8dDQfb9ivtPw4Zox8F5+WCtgM+E25PbLTnPnjhdoyyPYLNpIv:hxgqC8Gp8dD1Pw48W5+Ttgl1HnjhE

Score

N/A

Malware Config

Signatures

Files

ab506ef509e559f473d4ae3a9281129c365e84011222bf3f85f831132257dcf7
.exe windows x86

c02dd2dbea054c1eab647f6a6bd26b88

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:eb:5e:56:05:63:c1:06:7e:c4:9f:ed:35:26:9b:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/08/2017, 00:00

Not After

13/08/2020, 12:00

Subject

CN=Wargaming.net Limited,O=Wargaming.net Limited,L=Nicosia,C=CY,1.2.840.113549.1.9.1=#0c14646f6d61696e4077617267616d696e672e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d9:5d:bd:07:cd:78:04:b2:8c:da:50:96:ff:5d:99:dc:dc:57:83:6c
Signer

Actual PE Digest

d9:5d:bd:07:cd:78:04:b2:8c:da:50:96:ff:5d:99:dc:dc:57:83:6c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Wargaming.net Limited,O=Wargaming.net Limited,L=Nicosia,C=CY,1.2.840.113549.1.9.1=#0c14646f6d61696e4077617267616d696e672e6e6574

22/04/2020, 16:20
Valid: true

Chain 1

CN=Wargaming.net Limited,O=Wargaming.net Limited,L=Nicosia,C=CY,1.2.840.113549.1.9.1=#0c14646f6d61696e4077617267616d696e672e6e6574

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileInformationByHandle
FileTimeToSystemTime
SetFilePointer
GetCommandLineW
GetCurrentProcessId
OpenEventW
CloseHandle
WaitForSingleObject
SetEvent
GetExitCodeProcess
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
InitializeSListHead
WaitForSingleObjectEx
FlushConsoleInputBuffer
GlobalMemoryStatus
QueryPerformanceCounter
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
ExpandEnvironmentStringsA
PeekNamedPipe
GetStdHandle
GetFileType
SleepEx
FormatMessageA
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
OpenMutexW
WaitForMultipleObjects
Thread32Next
Thread32First
CreateToolhelp32Snapshot
ResumeThread
SuspendThread
OpenThread
IsDebuggerPresent
SetUnhandledExceptionFilter
RaiseException
GetProcessId
RtlCaptureContext
GetSystemTimeAsFileTime
GetProcessTimes
VerifyVersionInfoW
GetVersionExW
GetComputerNameW
GetDiskFreeSpaceExW
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateProcessW
FormatMessageW
SetLastError
TerminateProcess
GlobalMemoryStatusEx
GetProcAddress
VerSetConditionMask
RtlCaptureStackBackTrace
MoveFileExW
CopyFileExW
FindNextFileW
DeleteFileW
GetFileAttributesW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
FlushFileBuffers
GetFileSizeEx
GetFileSize
LoadLibraryW
FreeLibrary
FindFirstFileW
GetTickCount
GetLocalTime
FindClose
GetCurrentThreadId
RegisterWaitForSingleObject
CreateNamedPipeW
CreateMutexW
DisconnectNamedPipe
ConnectNamedPipe
DuplicateHandle
ReadFile
WriteFile
Sleep
ReleaseMutex
ResetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetOverlappedResult
GetCurrentProcess
UnregisterWaitEx
UnregisterWait
CreateEventW
ReadProcessMemory
GetLastError
OpenProcess
MulDiv
LocalFree
LocalUnlock
LocalLock
LocalAlloc
GetModuleHandleW

shell32

ord190
CommandLineToArgvW
SHOpenFolderAndSelectItems
ShellExecuteW
ShellExecuteExW
ord155

ws2_32

gethostname
shutdown
send
recv
WSACleanup
ioctlsocket
listen
accept
WSAStartup
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
WSAGetLastError
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
__WSAFDIsSet
closesocket
bind
WSASetLastError
select

wldap32

ord301
ord200
ord41
ord50
ord60
ord211
ord46
ord143
ord30
ord79
ord35
ord27
ord33
ord22
ord26
ord32

dbghelp

MiniDumpWriteDump

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

shlwapi

PathIsRelativeW

msvcp140

?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
_Thrd_start
_Thrd_join
_Thrd_id
_Mtx_init
_Mtx_destroy
_Cnd_init
_Cnd_destroy
_Cnd_signal
_Cnd_do_broadcast_at_thread_exit
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_XGetLastError@std@@YAXXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?_Random_device@std@@YAIXZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPAD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?swap@?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEXAAV12@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
?_BADOFF@std@@3_JB
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Wcscoll
_Wcsxfrm
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??Bid@locale@std@@QAEIXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Syserror_map@std@@YAPBDH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_current_owns
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_timedwait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?setf@ios_base@std@@QAEHHH@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBUtm@@PB_W4@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z

vcruntime140

_except_handler4_common
__vcrt_InitializeCriticalSectionEx
wcsstr
strstr
strrchr
_set_purecall_handler
__std_type_info_name
__std_type_info_hash
memchr
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
__std_type_info_compare
__std_exception_copy
strchr
memmove
__std_terminate
_purecall
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

exit
_set_invalid_parameter_handler
set_terminate
signal
_errno
_beginthreadex
_set_app_type
_cexit
_get_narrow_winmain_command_line
_initterm
_invalid_parameter_noinfo_noreturn
strerror
_initterm_e
__sys_nerr
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_crt_atexit
_controlfp_s
_register_onexit_function
_initialize_onexit_table
_exit
raise
_initialize_narrow_environment
_configure_narrow_argv
abort
_getpid
_seh_filter_exe

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode
calloc
realloc

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
_gmtime64

api-ms-win-crt-string-l1-1-0

wcstok
_strdup
wcsnlen
strncpy
wcsncpy
toupper
isdigit
isupper
iswspace
isgraph
isprint
strncmp
strcmp
towlower
tolower
islower
isalnum
_stricmp
_strnicmp
isspace
strpbrk
isxdigit
isalpha

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
_ftelli64
_setmode
_fileno
ferror
fflush
fclose
__stdio_common_vsnwprintf_s
feof
__stdio_common_vfwprintf
_wfopen
__stdio_common_vsscanf
fputs
_wfsopen
_fseeki64
_close
_write
_read
fgets
__stdio_common_vsprintf
fputc
__p__commode
fwrite
__stdio_common_vswprintf
ftell
fseek
_set_fmode
_open
__stdio_common_vsnprintf_s
fread
fopen
__acrt_iob_func
_lseeki64

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_stat64i32
_fstat64
_wrename
_stat64

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-convert-l1-1-0

atoi
strtol
strtoul
strtoll

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

KillTimer
EnableWindow
GetSystemMenu
GetActiveWindow
DrawIcon
DrawTextW
SetForegroundWindow
GetDlgItem
SetFocus
GetDC
EnableMenuItem
GetDialogBaseUnits
SetTimer
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
MoveWindow
GetWindowTextW
GetClientRect
IsHungAppWindow
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
SetWindowPos
GetSystemMetrics
LoadImageW
PeekMessageW
SendMessageW
WaitMessage
GetWindowRect
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetWindowThreadProcessId
EnumWindows
GetDesktopWindow
IsWindowVisible
SystemParametersInfoW
IsDialogMessageW
LoadStringW
IsWindow
DestroyIcon
DestroyWindow
LoadIconW
LoadCursorW
GetLastActivePopup
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
SetRect
FillRect
GetSysColor
ClientToScreen
SetCursor
CreateDialogIndirectParamW

gdi32

GetTextExtentPoint32W
GetStockObject
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateSolidBrush
CreateFontIndirectW
CreateDCW
DeleteDC
SetBkColor
GetTextMetricsW
SetTextColor
SetBkMode

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

advapi32

RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptDestroyHash
GetUserNameW

Exports

Exports

?$TSS0@?1??create@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAAAUVersions@34@XZ@4HA
??4?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@QAEAAV012@ABV012@@Z
?create@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAAAUVersions@23@XZ
?getInstance@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SAAAUVersions@23@XZ
?instance@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@0AAUVersions@23@A
?instantiate@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAXABUVersions@23@@Z
?lock@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SA?AVLockGuard@123@XZ
?t@?1??create@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAAAUVersions@34@XZ@4U534@A

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c02dd2dbea054c1eab647f6a6bd26b88

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:eb:5e:56:05:63:c1:06:7e:c4:9f:ed:35:26:9b:bdCertificate

Extended Key Usages

Key Usages

d9:5d:bd:07:cd:78:04:b2:8c:da:50:96:ff:5d:99:dc:dc:57:83:6cSigner

Signature Validations

Verification

22/04/2020, 16:20 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ws2_32

wldap32

dbghelp

psapi

shlwapi

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

gdi32

ole32

advapi32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 448KB - Virtual size: 447KB

.data Size: 63KB - Virtual size: 73KB

.rsrc Size: 466KB - Virtual size: 466KB

.reloc Size: 82KB - Virtual size: 81KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:eb:5e:56:05:63:c1:06:7e:c4:9f:ed:35:26:9b:bd
Certificate

d9:5d:bd:07:cd:78:04:b2:8c:da:50:96:ff:5d:99:dc:dc:57:83:6c
Signer

22/04/2020, 16:20
Valid: true

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 448KB - Virtual size: 447KB

.data
Size: 63KB - Virtual size: 73KB

.rsrc
Size: 466KB - Virtual size: 466KB

.reloc
Size: 82KB - Virtual size: 81KB