796833890cd939638b5b9f0cbf72262b27e3330b24bac21255533b887516ecfb

Sharing

Copy URL Twitter E-mail

General

Target

796833890cd939638b5b9f0cbf72262b27e3330b24bac21255533b887516ecfb
Size

1.7MB
MD5

c79aaa099d8afbb0ab54b0653818e51e
SHA1

211148f21b2ea83dbe3a06a6a0e4cb165d971408
SHA256

796833890cd939638b5b9f0cbf72262b27e3330b24bac21255533b887516ecfb
SHA512

d8c335f1d84b3d3852ab818be9aa3845fbb5696fe65d256f5e15edd9347b1f90b823ecb0a7a3aa62a166781c4c1a63ab2245d1951a1f49e64a6e90ec1295b1b0
SSDEEP

49152:fkH7Dp1IYH9ZkxU2++++L+++++++++t++++++++++++4+++++++++++++++++++6:Mp1ExU2++++L+++++++++t+++++++++T

Score

N/A

Malware Config

Signatures

Files

796833890cd939638b5b9f0cbf72262b27e3330b24bac21255533b887516ecfb
.exe windows x86

6d5711f2d7fb4de08bd96e3dfe678c90

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:ee:f5:b2:97:d0:5b:3a:cd:7c:c3:cc:c1:fd:f6:61
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/08/2008, 00:00

Not After

25/09/2009, 23:59

Subject

CN=Acronis\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Acronis\, Inc,L=South San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

df:8a:df:b7:9e:d7:ae:4c:47:6c:d3:95:76:cf:ca:09:78:bb:61:c3
Signer

Actual PE Digest

df:8a:df:b7:9e:d7:ae:4c:47:6c:d3:95:76:cf:ca:09:78:bb:61:c3

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Acronis\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Acronis\, Inc,L=South San Francisco,ST=California,C=US

20/01/2009, 23:05
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
GetUserNameW
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
GetUserNameA
RegCloseKey
ImpersonateLoggedOnUser
RevertToSelf
OpenThreadToken
SetThreadToken
SetFileSecurityW
GetSecurityDescriptorOwner
GetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
FreeSid
InitiateSystemShutdownA

kernel32

GetSystemInfo
WriteConsoleA
GetConsoleOutputCP
MultiByteToWideChar
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileA
LocalFree
LocalAlloc
FormatMessageA
GetTempPathA
GetTempFileNameA
GetLogicalDriveStringsA
GetDriveTypeA
GetSystemDirectoryA
GetWindowsDirectoryA
GetShortPathNameA
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
CopyFileA
MoveFileA
GetFullPathNameA
OutputDebugStringA
ExpandEnvironmentStringsA
LoadLibraryExA
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
GetComputerNameA
SetComputerNameA
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetNumberFormatA
GetLastError
GetEnvironmentVariableA
SetEnvironmentVariableA
GetModuleHandleA
InterlockedExchange
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SetEnvironmentVariableW
LeaveCriticalSection
SetThreadPriority
GetThreadPriority
TerminateThread
GetCurrentThread
Sleep
CreateEventA
SetEvent
ResetEvent
WaitForMultipleObjects
CreateSemaphoreA
ReleaseSemaphore
EnumResourceLanguagesW
LockResource
LoadResource
FindResourceExW
ExitThread
GetSystemDefaultLangID
EnumResourceNamesW
FindClose
GetLogicalDrives
SetFileApisToANSI
SetErrorMode
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThreadId
FindCloseChangeNotification
FindNextChangeNotification
ReadFile
WriteFile
FlushFileBuffers
SetFilePointer
SetEndOfFile
LockFileEx
UnlockFileEx
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetCurrentProcess
DeviceIoControl
SetFileTime
SetLastError
CompareStringW
GetCompressedFileSizeW
FindFirstChangeNotificationW
GetDiskFreeSpaceW
GetVolumeInformationW
GetFileInformationByHandle
GetDiskFreeSpaceA
CompareStringA
FindFirstChangeNotificationA
GetVolumeInformationA
WritePrivateProfileStringA
GetSystemTimeAsFileTime
GetTimeZoneInformation
BackupWrite
BackupRead
BackupSeek
GetFileTime
DuplicateHandle
GetVersionExA
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
GetLocalTime
GetUserDefaultLangID
GetOEMCP
VirtualFree
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
GetEnvironmentVariableW
WriteConsoleW
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetModuleFileNameW
SetComputerNameW
GetComputerNameW
GetStartupInfoW
lstrcmpiW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
CreateProcessW
LoadLibraryExW
LoadLibraryW
ExpandEnvironmentStringsW
OutputDebugStringW
GetFullPathNameW
MoveFileExW
MoveFileW
CopyFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
GetTempFileNameW
GetTempPathW
FormatMessageW
CreateFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindFirstFileW
FindNextFileW
GetVersion
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
WaitForSingleObject
GetExitCodeProcess
CloseHandle
EnterCriticalSection

user32

wsprintfW
DispatchMessageW
PeekMessageW
CreateDialogIndirectParamW
SendNotifyMessageW
SendMessageW
SetWindowLongW
GetWindowLongW
DefWindowProcW
RegisterClassExW
PostMessageW
AppendMenuA
RegisterClipboardFormatW
GetClipboardFormatNameW
AppendMenuW
ModifyMenuW
SetWindowTextW
SystemParametersInfoW
VkKeyScanW
VkKeyScanExW
WinHelpW
DefWindowProcA
GetWindowLongA
SetWindowLongA
SendMessageA
SendNotifyMessageA
PostMessageA
CreateDialogIndirectParamA
PeekMessageA
CharToOemA
GetClassInfoA
RegisterClassA
DestroyWindow
UnregisterClassA
ModifyMenuA
IsCharAlphaNumericW
CharUpperBuffA
CharUpperBuffW
CreateWindowExA
GetMessageA
TranslateMessage
VkKeyScanExA
VkKeyScanA
RegisterClipboardFormatA
RegisterClassExA
IsCharAlphaW
WinHelpA
GetClipboardFormatNameA
SystemParametersInfoA
SetWindowTextA
DispatchMessageA

gdi32

GetTextMetricsW
EnumFontFamiliesExW
GetTextMetricsA
EnumFontFamiliesExA
CreateFontIndirectA
CreateFontIndirectW

ws2_32

closesocket
connect
setsockopt
WSASend
WSARecv
shutdown
WSACleanup
WSAStartup
htons
socket
gethostbyname
inet_addr
gethostname

shell32

ShellExecuteExW
SHGetFileInfoA
Shell_NotifyIconA
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
ShellExecuteW
SHGetDesktopFolder
SHGetMalloc

comdlg32

GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW

mpr

WNetGetUniversalNameA
WNetAddConnection3W
WNetGetUniversalNameW
WNetCancelConnection2W
WNetAddConnection3A

ole32

CoInitialize
OleInitialize
CoCreateInstance
CoUninitialize
OleUninitialize

rpcrt4

RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcStringFreeA
RpcBindingFree
UuidCreate

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIPB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIPB_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@II@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z

msvcr80

_ftime64
_wtoi
atoi
memmove
_vswprintf
_CIpow
_CIfmod
setlocale
_time64
??8type_info@@QBE_NABV0@@Z
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
__lconv_init
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
swscanf
srand
rand
_vsnprintf
__CxxFrameHandler3
??_V@YAXPAX@Z
memset
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
_purecall
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
sprintf
toupper
memchr
memcpy
_wcsicmp
strchr
sscanf
abort
_wputenv
_beginthreadex
wcschr
__RTDynamicCast
strncpy
memmove_s
strtoul
_localtime64

crypt32

PFXIsPFXBlob
CertGetCertificateContextProperty
CertNameToStrW
CertFindCertificateInStore
CertDeleteCertificateFromStore
CertCreateCertificateContext
CertDuplicateStore
CertGetStoreProperty
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateChain
CertFreeCertificateContext
CryptDecodeObject
CertGetCertificateChain
CryptAcquireCertificatePrivateKey
CertGetNameStringW
PFXImportCertStore
CertAddCertificateContextToStore
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertCloseStore

oleaut32

VariantChangeType
VariantClear
VariantInit

Sections

.text
Size: 576KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d5711f2d7fb4de08bd96e3dfe678c90

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

38:ee:f5:b2:97:d0:5b:3a:cd:7c:c3:cc:c1:fd:f6:61Certificate

Extended Key Usages

Key Usages

df:8a:df:b7:9e:d7:ae:4c:47:6c:d3:95:76:cf:ca:09:78:bb:61:c3Signer

Signature Validations

Verification

20/01/2009, 23:05 Valid: false

Headers

File Characteristics

Imports

advapi32

kernel32

user32

gdi32

ws2_32

shell32

comdlg32

mpr

ole32

rpcrt4

version

msvcp80

msvcr80

crypt32

oleaut32

Sections

.text Size: 576KB - Virtual size: 573KB

.rdata Size: 144KB - Virtual size: 141KB

.data Size: 16KB - Virtual size: 26KB

.rsrc Size: 404KB - Virtual size: 403KB

.reloc Size: 64KB - Virtual size: 61KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

38:ee:f5:b2:97:d0:5b:3a:cd:7c:c3:cc:c1:fd:f6:61
Certificate

df:8a:df:b7:9e:d7:ae:4c:47:6c:d3:95:76:cf:ca:09:78:bb:61:c3
Signer

20/01/2009, 23:05
Valid: false

.text
Size: 576KB - Virtual size: 573KB

.rdata
Size: 144KB - Virtual size: 141KB

.data
Size: 16KB - Virtual size: 26KB

.rsrc
Size: 404KB - Virtual size: 403KB

.reloc
Size: 64KB - Virtual size: 61KB