CCDISK FULL 2021[.]02[.]19 pass_w[.][.]w[.][.]0016[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

CCDISK FULL 2021.02.19 pass_w..w..0016.rar
Size

10.1MB
MD5

88d1565da4233220d350a06f44118ae3
SHA1

e33ddfe8839e963955412c412946f129496e7c1c
SHA256

708c3a754f66c7ea424f1853f6076fd19434f729efff1c7ca5f68c76648f9ca3
SHA512

06900e11183e3c405a69528198c83f3596145d0bca0280d1be694743f95d870da1b5ab9b5be14b30c04a7e0b1b32bbefd3f1fa4d75e14cd2d357f41441f6fcc9
SSDEEP

196608:Bp25qN/5GdLo2Mqn7+rof2ZVQ4QNDUdItSskeiqAOtiRD+3B3:BHN/5G5vVniUf2XQ40UdItDJJtiREB3

Score

1^/10

Malware Config

Signatures

Files

CCDISK FULL 2021.02.19 pass_w..w..0016.rar
.rar

Password: wenwen0016
CCDISK FULL 2021.02.19/CCDisk (v2021.02.19).rar
.rar

Password: wenwen0016
CCDisk (v2021.02.19)/Crack_HK.rar
.rar .zip

Password: wenwen0016
Crack_HK.zip
.zip

Password: wenwen0016
Crack_HK/CCDisk.exe
.exe windows x64

Password: wenwen0016

5570245a6c7ca84f79989dea298fabb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExA
GetVersion
GetVersionExW
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EndDialog
CharUpperBuffW

gdi32

GetMapMode

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW

advapi32

RegDeleteKeyW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc

oleaut32

SysFreeString

ws2_32

accept

wininet

HttpOpenRequestW

rpcrt4

UuidCreate

iphlpapi

SendARP

dnsapi

DnsQuery_W

psapi

EnumProcessModules

setupapi

SetupDiGetClassDevsW

winhttp

WinHttpOpen

crypt32

CryptUnprotectData

Exports

Exports

E��=5[�Ϊ� ��[��L#��9�b�-�Q�G��^;��ڌ��%�(�tM�c�]'��ݙo�=ق+��7�Y�d~��xl 1�lV�aEŐ�;�0�JXN�`ք2�|��ʁt��1�F��-WA��D�`l;�L+�DL:nI�7��_U(Q��<4.��G � 7P:p�7��<u�-��*U��'�凐l��V��g��ƈ��(w�S�9X@}J�O�"��I�!�1q��@��K�ȩFj.CV�h�,Җa�KD�4^�1��X�P�^�H�BN�R��S�à:�� (%Xv�4"y�iD� *�4??ϖ8K��K�X ѸJr�=fυ��Ȇ�'��+�,*g}B�.T��*)l��\q;3;M�Ϛ^�Q"��J[��JS=�68�vDUT�c�'ݡ�\㦎S��V�~��Ćh5x`�M��Q*�A��q!_rq��]l��9$̫?� !��X�tUn��h��{�5ܠ�T�5��w��TL³MH)R�p�z-$��3��oC'��m6�n�m{̲��~oEҘee�dV��v$􋥠��d,��!{+�:�,�1�g�̭��˹�y��ʵu_<�6��7��+�m=7z� V�+ݤ_(��I(A�iO�wҚG��MQ��ȹY�]iU��ӧ�Z��}�r\&(Y�_��ƅ��a�� *�U"�}��?E&8l��.��ȶ�X#��E#�K¶Eo�@�� g)I��iU��M��8�O��Tk��r�E�ȅτ?�ڤh��$��'�Öu��^�̳W{ĝ/�LL�/Aj__xv�_<�&]b53Q��h/�G� uɜ!��0��%�:�!^<��n��1�0�%�`�?}�� ~��[�ߛD��m}��u�`ʈ��w��X��~JDE+�s�˾& D�ֻ~�#XM��8 @p#��E�ٷ��ߤeE 䩜�ǿ5�X��ͺC8�F��sB��d4)�a� ��̀�S��}H��]\�<�]��n��04�M��X#��z��CK��|7��9��T�,ؐ��2��;��?r .�/*|��Y��c��0�eЯα��e��w��8��}��)�v��P�PBLRYzdw��5JBՆ�°6a�R]V>gn��y�|��D� ��"?�/R�AD��= ;�A�Q��g��V��:֩��?�-�߲(XI�$=@��a�8j4�6EQ��I�2�3��\��kD��4��kl��E�ib�iy��Ala��vKe��<�0#��~�(��e��s�X^cur`�[��jv�Ґl��?#��_�5��u!2W_�PV�/ ߊ��vo��$��-�e��U$Vv�� G��M�X��Vx�En��L"�x�{*~ �\Q �Se�t��-�>�� z/}��Ɂg�3�f�jٻ{fO\\�?��){��B#�K��D��T��/��l˳�U��`��]W��Pְ�Ɍ��%�3qF�)��fB3^�U��p⨄��HLa�˶u�C%ď�� ׯ��2B��L ��iCܗ��;7�ip0U��I�1�Þac}��5t�w��;ib�ÿ_"�۪��Y��8A\�� b��B��ɵus:y7��N��%~�G�1��X�nI��6aB��,�^��M �R��u��3\tB��Y87��f�F��I�c�k��"�t�W[��2O}��Y�1u��8�H�WԤ|�v��9y#'�i�u#�n1��fj>.!/�Nx$�%��ޣ��|��/D ��|��U� !o��J�5ۑ�g��m�}��cb7=xb��\��6I:��3��!/=ʙ:#j��+|�A�~�G�+��V�86��+�\1G��w��zF#�� SV��>�`{�KX��a�(ݳu��Չ��tΏ��k��b��o��ۤ��C_�J�vD*��今�M�� 3��k&:�[ذ�Ӆ�+dM_��!ĕ�p�s%��DP+Ly%.A��ʶz>#�)��4�UǑMD��Sq��0��%Z��gn$0p�m��)��r+�$�CG��n�-�(�O<Ay��u~��r{ߓ�i~tE��B)��k�hU�S�!�n��n��,��c��"�,qB��ۥ�i�2Kkn7��gǼ&��>I �:B/��r�Fy�� WZ��n�e�N!lj;��H2G��@�8�� ۅ�O��mǻ�7�A��o�/}D�r�B ��j+/Y��t�?��0��ٕ��@8J�ӧ��Ƀh�X�E��OC,BR��w~>{_��-�V6:�Y��߫s��X�Bė�x0� �-��F��ʏ�1�s;"�V�� l&�}�׽yʐ_fĭ ��&O�g��«[uG��]�UAH��9��$�'�� 3��o�yl��n��P��M��/��!{��\齧s��i�_��k��c=)��,�a]#TmHaD[P �vՓ]�bc��x��M��Z{?�?*��0Јf <�9,��Q=��,Co`��q_O |0g'�d��,�H��4��氯��7˴ 9��4"�ąRÜ�j8}_1�^ɍ��i�:��ꈳ=�j� qz�Ҋ�D��{D4)X\�J�Wi8�~��Z�e4 :�f��8�;�R귶��ȵrs�� [}wծz��{��uY��K�pXJ�>zӚ��%_��͸��A��#��7UhH�V�Zby 3J%��7Zw�jY�mVK��.ǖA��5��j��(��'Z|��y��▖S w�r�T�3F�d��ԫ�k��.�ud�wV1��̜�e��k

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ElitEND
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ElitEND
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ElitEND
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 839KB - Virtual size: 838KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Crack_HK/CCDisk.ini
Crack_HK/CCacheX.dll
.dll windows x64

Password: wenwen0016

008e05ff04270d376463a1b1b44df782

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:ac:9a:56:33:0b:33:09:28:b4:bf:9d:71:56:e0:4a
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21-06-2019 00:00

Not After

25-06-2020 12:00

Subject

CN=Youngzsoft Co.\, Ltd.,O=Youngzsoft Co.\, Ltd.,L=Changsha,ST=Hunan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:e9:e3:e6:e3:19:11:8c:5e:eb:c3:a4:fd:42:47:3e:af:0c:d2:09
Signer

Actual PE Digest

2e:e9:e3:e6:e3:19:11:8c:5e:eb:c3:a4:fd:42:47:3e:af:0c:d2:09

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Youngzsoft Co.\, Ltd.,O=Youngzsoft Co.\, Ltd.,L=Changsha,ST=Hunan,C=CN

09-10-2019 11:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
FlsSetValue
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
Sleep
ExitProcess
RaiseException
RtlPcToFileHeader
HeapSize
HeapQueryInformation
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetFileAttributesA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
HeapAlloc
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetExitCodeProcess
CreateProcessA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
SetEnvironmentVariableA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileA
lstrlenA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
GlobalFindAtomW
LoadLibraryA
GetVersionExA
FormatMessageW
CompareStringW
GlobalFlags
WritePrivateProfileStringW
SetErrorMode
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalUnlock
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GetCurrentProcessId
GlobalAddAtomW
WaitForSingleObject
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
LockResource
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
ReadFile
GetFileSize
GetLastError
DeviceIoControl
SetLastError
CloseHandle
SizeofResource
WriteFile
CreateFileW
LoadResource
FindResourceW
DeleteFileW
lstrcpyW
lstrcmpiW
lstrlenW
GetProcAddress
GetModuleHandleW
GetWindowsDirectoryW
FreeEnvironmentStringsA
OutputDebugStringW

user32

DestroyMenu
LoadCursorW
GetSysColorBrush
ShowWindow
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetMenuItemID
GetSubMenu
GetWindow
GetDlgCtrlID
PostQuitMessage
PostMessageW
CheckMenuItem
EnableMenuItem
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringW
GetMessagePos
GetMenuState
ModifyMenuW
SendMessageW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
SetCursor
DrawTextExW
DrawTextW
TabbedTextOutW
GetMenuItemCount
UnregisterClassW
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW

gdi32

GetStockObject
GetDeviceCaps
DeleteDC
SelectObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateBitmap
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
SetViewportOrgEx

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegFlushKey
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shlwapi

PathFileExistsW
PathFindFileNameW
SHDeleteKeyW
PathFindExtensionW

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

CxCancelCache
CxGetCacheState
CxInstall
CxOptClientSystem
CxSetDelayTime
CxSetVolumeCache
CxStartCache
CxStopCache
CxUnstall

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Crack_HK/db.xml
.xml
CCDisk (v2021.02.19)/STOP_ALL.bat
CCDisk (v2021.02.19)/ccdisksetup.exe
.exe windows x86

Password: wenwen0016

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:d6:ec:bb:5c:02:dc:29:30:34:e9:f4:5c:6d:45:20
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04-06-2020 00:00

Not After

03-06-2021 23:59

Subject

CN=CCBOOT (Changsha Shenghua Yaozhi Software Development Co.\, Ltd.),O=CCBOOT (Changsha Shenghua Yaozhi Software Development Co.\, Ltd.),POSTALCODE=410016,STREET=Room 1620\, Shijia International Huachengerqi Business Apartment\, No.299\, Renmin E. Road\, Furong District,L=Changsha,ST=Hunan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:c2:f8:1f:17:17:7d:2f:e9:6e:87:d6:8b:84:98:f8:1d:d3:2d:50
Signer

Actual PE Digest

c1:c2:f8:1f:17:17:7d:2f:e9:6e:87:d6:8b:84:98:f8:1d:d3:2d:50

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=CCBOOT (Changsha Shenghua Yaozhi Software Development Co.\, Ltd.),O=CCBOOT (Changsha Shenghua Yaozhi Software Development Co.\, Ltd.),POSTALCODE=410016,STREET=Room 1620\, Shijia International Huachengerqi Business Apartment\, No.299\, Renmin E. Road\, Furong District,L=Changsha,ST=Hunan,C=CN

19-02-2021 02:33
Valid: true

Chain 1

CN=CCBOOT (Changsha Shenghua Yaozhi Software Development Co.\, Ltd.),O=CCBOOT (Changsha Shenghua Yaozhi Software Development Co.\, Ltd.),POSTALCODE=410016,STREET=Room 1620\, Shijia International Huachengerqi Business Apartment\, No.299\, Renmin E. Road\, Furong District,L=Changsha,ST=Hunan,C=CN

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: wenwen0016

Password: wenwen0016

Password: wenwen0016

Password: wenwen0016

Password: wenwen0016

5570245a6c7ca84f79989dea298fabb1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

rpcrt4

iphlpapi

dnsapi

psapi

setupapi

winhttp

crypt32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 333KB - Virtual size: 332KB

.data Size: 18KB - Virtual size: 2.1MB

.pdata Size: 60KB - Virtual size: 59KB

.ElitEND Size: 3.6MB - Virtual size: 3.6MB

.ElitEND Size: 6KB - Virtual size: 6KB

.ElitEND Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 10KB - Virtual size: 9KB

.rsrc Size: 839KB - Virtual size: 838KB

Password: wenwen0016

008e05ff04270d376463a1b1b44df782

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0f:ac:9a:56:33:0b:33:09:28:b4:bf:9d:71:56:e0:4aCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

2e:e9:e3:e6:e3:19:11:8c:5e:eb:c3:a4:fd:42:47:3e:af:0c:d2:09Signer

Signature Validations

Verification

09-10-2019 11:08 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Exports

Exports

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 333KB - Virtual size: 332KB

.data
Size: 18KB - Virtual size: 2.1MB

.pdata
Size: 60KB - Virtual size: 59KB

.ElitEND
Size: 3.6MB - Virtual size: 3.6MB

.ElitEND
Size: 6KB - Virtual size: 6KB

.ElitEND
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 839KB - Virtual size: 838KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0f:ac:9a:56:33:0b:33:09:28:b4:bf:9d:71:56:e0:4a
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

2e:e9:e3:e6:e3:19:11:8c:5e:eb:c3:a4:fd:42:47:3e:af:0c:d2:09
Signer

09-10-2019 11:08
Valid: false

.text
Size: 161KB - Virtual size: 160KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 10KB - Virtual size: 33KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 97KB - Virtual size: 97KB

.reloc
Size: 10KB - Virtual size: 9KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a4:d6:ec:bb:5c:02:dc:29:30:34:e9:f4:5c:6d:45:20
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

c1:c2:f8:1f:17:17:7d:2f:e9:6e:87:d6:8b:84:98:f8:1d:d3:2d:50
Signer

19-02-2021 02:33
Valid: true

CODE
Size: 41KB - Virtual size: 40KB

DATA
Size: 1024B - Virtual size: 592B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 11KB - Virtual size: 11KB