9ee3f01209f6575b80be84178d39f23d1f37bd962f2b02a66363ecb4b1d6aa0a

Sharing

Copy URL Twitter E-mail

General

Target

9ee3f01209f6575b80be84178d39f23d1f37bd962f2b02a66363ecb4b1d6aa0a
Size

3.1MB
MD5

5a9fd10867deb48c32becf1631ec2c1b
SHA1

d7a34db5ee9b027f3fbece0283507c62e0439b17
SHA256

9ee3f01209f6575b80be84178d39f23d1f37bd962f2b02a66363ecb4b1d6aa0a
SHA512

dd838a6e35514d8447aaa145d3bda2e2beb84b4338a73976d22d26ed914156d6c3d7acdbfed927313e0b0249c2c150bfe4508ff69139663019f860533d08b14b
SSDEEP

49152:I7do8QuBMdHyA8GNu0A/L/nQWs14fGbdgKbAOKXDo9a3mtpIh01CXxl:I7do8rBMRyA8T0uTnQWsWGbu5/XDap0

Score

N/A

Malware Config

Signatures

Files

9ee3f01209f6575b80be84178d39f23d1f37bd962f2b02a66363ecb4b1d6aa0a
.exe windows x86

11d7f81241fba9b0d2827c831bb08ff9

Code Sign

0c:7d:83:2e:82:ed:54:68:7a:b4:5c:3d:9c:22:9a:e4
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

28/11/2023, 23:59

Subject

CN=上海睦欣网络科技有限公司,O=上海睦欣网络科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:32:68:45:4d:c4:ec:56:1d:cb:f9:62:31:b2:3e:09
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/11/2020, 00:00

Not After

28/11/2023, 23:59

Subject

CN=上海睦欣网络科技有限公司,O=上海睦欣网络科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:46:58:db:95:0f:0f:f6:7a:3c:72:c8:ba:0b:b1:ff:93:88:2c:80:5c:ef:03:da:90:c3:b8:16:28:8f:cc:fe
Signer

Actual PE Digest

f8:46:58:db:95:0f:0f:f6:7a:3c:72:c8:ba:0b:b1:ff:93:88:2c:80:5c:ef:03:da:90:c3:b8:16:28:8f:cc:fe

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=上海睦欣网络科技有限公司,O=上海睦欣网络科技有限公司,ST=上海市,C=CN

17/12/2020, 07:29
Valid: true

Chain 1

CN=上海睦欣网络科技有限公司,O=上海睦欣网络科技有限公司,ST=上海市,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

24:a9:ea:9b:db:48:45:cc:5b:12:0c:d4:08:b8:6f:1c:21:e3:32:5f
Signer

Actual PE Digest

24:a9:ea:9b:db:48:45:cc:5b:12:0c:d4:08:b8:6f:1c:21:e3:32:5f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=上海睦欣网络科技有限公司,O=上海睦欣网络科技有限公司,ST=上海市,C=CN

17/12/2020, 07:29
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htons
ioctlsocket
htonl
gethostname
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
ntohl
ntohs
setsockopt
socket
WSAIoctl
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
listen
recvfrom
sendto
accept

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetSystemDirectoryW
GetWindowsDirectoryW
GetSystemInfo
SetEvent
WaitForMultipleObjects
TlsFree
LoadLibraryA
GetSystemTime
GetFileSize
LockFileEx
CreateFileMappingA
LoadLibraryExA
HeapCompact
DeleteFileA
CreateFileA
OutputDebugStringW
TlsGetValue
TlsAlloc
TlsSetValue
UnregisterWaitEx
RegisterWaitForSingleObject
CreateEventW
GetModuleHandleA
GetNativeSystemInfo
GetVersionExW
TryEnterCriticalSection
FindClose
FindNextFileW
FindFirstFileExW
FindFirstFileW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
QueryPerformanceFrequency
FileTimeToSystemTime
FlushFileBuffers
SetFilePointerEx
UnlockFile
SetEndOfFile
LockFile
LocalFree
GetThreadPriority
GetCurrentThread
DuplicateHandle
GetCurrentThreadId
SetThreadPriority
IsDebuggerPresent
MapViewOfFile
CreateFileMappingW
GetFileAttributesExW
SetFileAttributesW
UnmapViewOfFile
GetFileAttributesW
GetTempPathW
RemoveDirectoryW
GetCurrentProcess
GetVolumeInformationW
FormatMessageA
GetCurrentProcessId
DeleteFileW
WriteFile
WideCharToMultiByte
DecodePointer
RaiseException
OutputDebugStringA
GetTickCount
GetShortPathNameW
lstrcmpiW
LocalAlloc
Sleep
CreateSemaphoreW
SetCurrentDirectoryW
GetCurrentDirectoryW
MulDiv
GetModuleHandleW
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
SetFilePointer
GetFileSizeEx
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
CompareFileTime
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileTime
GetFileAttributesA
GetDiskFreeSpaceA
GetVersionExA
GetTempPathA
HeapValidate
WaitForSingleObjectEx
GetExitCodeThread
FormatMessageW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
CreateMutexW
GetCPInfo
GetFullPathNameW
FreeResource
HeapCreate
FlushInstructionCache
CreateFileW
ReleaseSemaphore
InitializeCriticalSection
GetCommandLineW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
LoadLibraryW
GetModuleHandleExW
CloseHandle
WaitForSingleObject
CreateThread
GetModuleFileNameW
lstrcpyW
CreateDirectoryW
LoadLibraryExW
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
GetEnvironmentVariableW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
WriteConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetACP
GetDriveTypeW
ExitThread
ExitProcess
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
PeekNamedPipe
GetFileType
GetStdHandle
SleepEx
GetLocalTime
GetComputerNameW
DeviceIoControl
SetThreadAffinityMask
lstrcpynW
ExpandEnvironmentStringsA
SetEnvironmentVariableA
VerifyVersionInfoW
VerSetConditionMask
AreFileApisANSI
GetDiskFreeSpaceW
GetFullPathNameA
UnlockFileEx

user32

EndPaint
LoadImageW
CreateIconFromResource
LoadBitmapW
CharUpperA
DestroyCursor
UnionRect
GetIconInfo
DrawIconEx
SendMessageW
GetWindowLongW
SetWindowLongW
SetPropW
SetTimer
PostMessageW
RemovePropW
ShowWindow
KillTimer
wsprintfW
ClientToScreen
IsWindowEnabled
SwitchToThisWindow
MoveWindow
SetWindowTextW
SetForegroundWindow
FlashWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
CopyRect
SetWindowPos
EnableWindow
DestroyWindow
GetActiveWindow
InvertRect
DrawTextW
GetKeyState
GetDC
ReleaseDC
GetSystemMetrics
SetRectEmpty
IsRectEmpty
IntersectRect
EqualRect
CheckRadioButton
IsDlgButtonChecked
GetDlgItem
GetParent
OffsetRect
FillRect
InflateRect
PtInRect
SetRect
GetWindow
GetDesktopWindow
IsWindow
GetPropW
GetCursorPos
ScreenToClient
SetCursor
LoadCursorW
PeekMessageW
IsWindowVisible
GetForegroundWindow
GetMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
PostQuitMessage
UnregisterClassW
RegisterClassExW
CreateWindowExW
DefWindowProcW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsMenu
SystemParametersInfoA
CharNextW
GetFocus
GetSysColor
EnableMenuItem
SetActiveWindow
DestroyIcon
GetClassNameW
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
InvalidateRect
LoadIconW
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
TrackMouseEvent
MapWindowPoints
GetClientRect
CallWindowProcW
MessageBoxW

gdi32

EndDoc
StartDocW
SetMapMode
GetDIBits
GetObjectW
TextOutW
DeleteObject
DeleteDC
StretchDIBits
SetStretchBltMode
ExtTextOutW
SetBkColor
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
StartPage
Arc
EndPage
SetTextColor
SetBkMode
SetViewportOrgEx
GetStockObject
GetTextColor
BitBlt
Ellipse
Polyline
GetViewportOrgEx
GetCurrentObject
StretchBlt
CreateBitmap
EnumFontsW
ExtCreatePen
CreateDIBSection
SetWorldTransform
GetWorldTransform
SetROP2
SetRectRgn
SetGraphicsMode
ExtSelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectInRegion
PtInRegion
Pie
OffsetRgn
IntersectClipRect
GetTextExtentPoint32W
GetRgnBox
GetClipRgn
GetClipBox
ExcludeClipRect
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePatternBrush
CreatePen
CreateFontIndirectW
CreateEllipticRgnIndirect
CombineRgn
CreateSolidBrush

comdlg32

GetOpenFileNameW
PrintDlgExW
ChooseColorW
ChooseFontW
GetSaveFileNameW

advapi32

AddAce
AdjustTokenPrivileges
CopySid
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptGenRandom
EnumServicesStatusW
ConvertSidToStringSidA
LookupAccountNameW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptDestroyHash
CryptReleaseContext
CloseServiceHandle
QueryServiceStatusEx
SetSecurityInfo
GetSecurityInfo
ConvertSidToStringSidW
RegRestoreKeyW
LookupPrivilegeValueW
MakeSelfRelativeSD
IsValidSid
InitializeAcl
GetTokenInformation
GetSecurityDescriptorSacl
GetUserNameW
StartServiceW
ChangeServiceConfigW
OpenProcessToken

ole32

CLSIDFromProgID
CreateBindCtx
CLSIDFromString
OleLockRunning
CoUninitialize
CreateStreamOnHGlobal
CoCreateGuid
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

shlwapi

StrIsIntlEqualW
StrFormatByteSizeW
StrCpyW
PathFindExtensionW
PathRemoveFileSpecW
PathAddBackslashW
PathIsDirectoryW
PathFindFileNameW
PathFileExistsA
StrToIntExW
PathCanonicalizeW
PathFileExistsW
PathAppendW
SHDeleteEmptyKeyW
SHDeleteKeyW
SHDeleteValueW
SHGetValueW
SHSetValueW
StrStrIA
StrRChrW
PathStripPathW

comctl32

CreatePropertySheetPageW

pdfium

_FPDFText_ClosePage@4
_FORM_OnBeforeClosePage@8
_FPDF_ClosePage@4
_FPDFBitmap_Destroy@4
_FPDFLink_LoadWebLinks@4
_FPDFLink_CountWebLinks@4
_FPDFLink_GetURL@16
_FPDFLink_CountRects@8
_FPDFLink_GetRect@28
_FPDFLink_CloseWebLinks@4
_FPDF_PageToDevice@48
_FPDFText_FindPrev@4
_FPDFText_FindNext@4
_FPDFText_FindStart@16
_FPDFText_GetSchResultIndex@4
_FPDFText_GetSchCount@4
_FPDFText_FindClose@4
_FPDF_LoadPage@8
_FORM_OnAfterLoadPage@8
_FPDFText_LoadPage@4
_FPDFPage_HasTransparency@4
_FPDFBitmap_Create@12
_FPDFBitmap_FillRect@24
_FPDF_RenderPageBitmap@32
_FPDF_FFLDraw@36
_FPDFBitmap_GetWidth@4
_FPDFBitmap_GetHeight@4
_FPDFBitmap_GetBuffer@4
_FPDFBitmap_GetStride@4
_FPDFText_CountChars@4
_FPDFText_CountRects@12
_FPDFPage_CreateAnnot@8
_FPDFAnnot_SetColor@24
_FPDFText_GetRect@24
_FPDFText_GetUnicode@8
_FPDFLink_GetLinkAtPoint@20
_FPDFAction_GetFilePath@12
_FPDFAction_GetDest@8
_FPDFAction_GetType@4
_FPDFLink_GetAction@4
_FPDFLink_GetDest@8
_FPDFPageObj_GetType@4
_FPDFPage_GetObject@8
_FPDFPage_CountObject@4
_FPDFPageObj_GetBounds@20
_FPDFAnnot_GetRect@8
_FPDFBitmap_GetFormat@4
_FPDFImageObj_GetBitmap@4
_FPDFText_GetText@16
_FPDF_DestroyLibrary@0
_FPDF_InitLibraryWithConfig@4
_FPDF_SaveWithVersion@16
_FPDF_SaveAsCopy@12
_FPDF_GetPageSizeByIndex@16
_FPDF_CloseDocument@4
_FPDFDOC_ExitFormFillEnvironment@4
_FPDFDOC_InitFormFillEnvironment@8
_FPDF_GetPageCount@4
_FPDF_GetLastError@0
_FPDF_LoadCustomDocument@8
_FPDFBookmark_GetNextSibling@8
_FPDFBookmark_GetFirstChild@8
_FPDFAction_GetURIPath@16
_FPDFBookmark_GetAction@4
_FPDFDest_GetPageIndex@8
_FPDFBookmark_GetDest@8
_FPDFBookmark_GetTitle@12
_FPDFPath_GetFillColor@20
_FPDFAnnot_UpdateObject@8
_FPDFPath_GetStrokeColor@20
_FPDFAnnot_GetObject@8
_FPDFAnnot_GetObjectCount@4
_FPDFAnnot_GetColor@24
_FPDFAnnot_AppendObject@8
_FPDFPath_SetDrawMode@12
_FPDFPath_SetStrokeWidth@8
_FPDFPath_SetFillColor@20
_FPDFPath_SetStrokeColor@20
_FPDFPath_BezierTo@28
_FPDFPageObj_CreateNewPath@8
_FPDFAnnot_SetRect@8
_FPDFPage_RemoveAnnot@8
_FPDFText_GetCharIndexAtPos@36
_FPDFAnnot_GetAttachmentPoints@8
_FPDFAnnot_HasAttachmentPoints@4
_FPDFAnnot_GetSubtype@4
_FPDFPage_GetAnnot@8
_FPDFPage_GetAnnotCount@4
_FPDFPage_CloseAnnot@4
_FPDFAnnot_SetAttachmentPoints@8
_FPDF_DeviceToPage@40

gdiplus

GdipDisposeImage
GdipAlloc
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFree
GdipCreatePen1
GdipDeletePen
GdipCreatePath
GdipDeletePath
GdipAddPathRectangle
GdipGraphicsClear
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipSetImagePalette
GdipCloneImage
GdipIsOutlineVisiblePathPoint

msimg32

AlphaBlend
GradientFill

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext

userenv

UnloadUserProfile

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CryptStringToBinaryW
CertAddCertificateContextToStore
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFindCertificateInStore

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 933KB - Virtual size: 932KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11d7f81241fba9b0d2827c831bb08ff9

Code Sign

0c:7d:83:2e:82:ed:54:68:7a:b4:5c:3d:9c:22:9a:e4Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:32:68:45:4d:c4:ec:56:1d:cb:f9:62:31:b2:3e:09Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

f8:46:58:db:95:0f:0f:f6:7a:3c:72:c8:ba:0b:b1:ff:93:88:2c:80:5c:ef:03:da:90:c3:b8:16:28:8f:cc:feSigner

Signature Validations

Verification

17/12/2020, 07:29 Valid: true

Chain 1

24:a9:ea:9b:db:48:45:cc:5b:12:0c:d4:08:b8:6f:1c:21:e3:32:5fSigner

Signature Validations

Verification

17/12/2020, 07:29 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

version

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

shlwapi

comctl32

pdfium

gdiplus

msimg32

imm32

userenv

crypt32

iphlpapi

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 363KB - Virtual size: 362KB

.data Size: 22KB - Virtual size: 102KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 933KB - Virtual size: 932KB

.reloc Size: 90KB - Virtual size: 90KB

0c:7d:83:2e:82:ed:54:68:7a:b4:5c:3d:9c:22:9a:e4
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:32:68:45:4d:c4:ec:56:1d:cb:f9:62:31:b2:3e:09
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

f8:46:58:db:95:0f:0f:f6:7a:3c:72:c8:ba:0b:b1:ff:93:88:2c:80:5c:ef:03:da:90:c3:b8:16:28:8f:cc:fe
Signer

17/12/2020, 07:29
Valid: true

24:a9:ea:9b:db:48:45:cc:5b:12:0c:d4:08:b8:6f:1c:21:e3:32:5f
Signer

17/12/2020, 07:29
Valid: false

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 363KB - Virtual size: 362KB

.data
Size: 22KB - Virtual size: 102KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 933KB - Virtual size: 932KB

.reloc
Size: 90KB - Virtual size: 90KB