infected2023031501[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

infected2023031501.zip
Size

2.1MB
MD5

356038ce79af5b6f9eba56f2ddc691b5
SHA1

c2a22127c381035da4ce48bd8b2fc7dc1aafd2ac
SHA256

ead1aac1a530be0f846600c3fa6d91567b6574e0824c5f29fee08e30ae5a1d15
SHA512

dc0a1887e8e288b5dfd727691cb2f139549b71710fda2d1d7e8454383bc06f5ec216b61bcc6e754eee50a5f5e00d36d0b0833b26583499070d64fe2b2ce33160
SSDEEP

49152:u6YlELokvl0D1ZxAFmirqblhTzu4Uy923wzHlC5Mlp:u6Y+NI1Zq7qJhTzyq237Ep

Score

1^/10

Malware Config

Signatures

Files

infected2023031501.zip
.zip

Password: infected
virus/meitu.CHM
.chm
virus/白加黑衍生物/UpgradeShow.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

PAGetGlobalDataObject
PAShowRegisterDlg
PAShowUpgradeDemo
PAShowUpgradeDemo2
PAShowUpgradeHome

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
virus/白加黑衍生物/svch0st.exe
.exe windows x86

5e192b691c51399461cd75355b7b0636

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:b8:3a:5b:6c:b6:cd:7d:19:08:97:9d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/05/2020, 02:21

Not After

22/05/2021, 07:12

Subject

CN=AOMEI International Network Limited,O=AOMEI International Network Limited,L=Kwun Tong,ST=Kowloon,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:5d:8d:48:1d:99:c6:e4:65:78:64:d0:51:5e:e5:4a
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/11/2019, 00:00

Not After

04/11/2022, 23:59

Subject

SERIALNUMBER=2543798,CN=AOMEI International Network Limited,OU=Research Development Centre,O=AOMEI International Network Limited,POSTALCODE=610000,STREET=Rm 83 3/F Yau Lee ctr,L=Hong Kong,ST=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:18:54:86:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/04/2011, 22:06

Not After

11/04/2021, 22:16

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:b0:32:24:2d:fd:71:37:0c:a0:3c:ea:73:3b:47:b0:3c:ee:e4:3f:64:07:23:d4:a3:39:a7:47:be:52:8b:df
Signer

Actual PE Digest

44:b0:32:24:2d:fd:71:37:0c:a0:3c:ea:73:3b:47:b0:3c:ee:e4:3f:64:07:23:d4:a3:39:a7:47:be:52:8b:df

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=2543798,CN=AOMEI International Network Limited,OU=Research Development Centre,O=AOMEI International Network Limited,POSTALCODE=610000,STREET=Rm 83 3/F Yau Lee ctr,L=Hong Kong,ST=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

09/03/2023, 18:53
Valid: false

1a:a3:3a:f9:8c:bd:0d:c6:6b:cf:37:b6:36:13:4e:82:65:03:a4:45
Signer

Actual PE Digest

1a:a3:3a:f9:8c:bd:0d:c6:6b:cf:37:b6:36:13:4e:82:65:03:a4:45

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=AOMEI International Network Limited,O=AOMEI International Network Limited,L=Kwun Tong,ST=Kowloon,C=HK

07/08/2020, 08:03
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlInitUnicodeString
NtLoadDriver
_chkstk
_alldiv
memcpy
_allmul
ZwQueryVolumeInformationFile
_wcslwr
memset
sprintf
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwQueryDirectoryObject
ZwOpenDirectoryObject
vsprintf
NtUnloadDriver
_strupr
ZwCreateFile
wcschr
wcstoul
wcsstr
wcsncpy
atoi
strncpy
_wcsnicmp
_wtoi
wcstombs
wcsrchr
strstr
mbstowcs
strrchr
_wcsicmp

rpcrt4

UuidCreate

upgradeshow

PAGetGlobalDataObject

mfc80u

ord602
ord4117
ord5637
ord3995
ord2366
ord3155
ord2648
ord1894
ord762
ord3174
ord5715
ord5917
ord1270
ord5397
ord5410
ord5584
ord5519
ord5643
ord5723
ord6033
ord5884
ord6053
ord5633
ord4155
ord3298
ord730
ord2461
ord266
ord265
ord6700
ord282
ord1479
ord899
ord896
ord3189
ord620
ord4098
ord3756
ord5829
ord2159
ord2651
ord2155
ord3755
ord326
ord3198
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4770
ord4581
ord4172
ord4165
ord4974
ord4383
ord4775
ord4198
ord4784
ord410
ord4437
ord648
ord4438
ord3734
ord4908
ord4513
ord4514
ord4914
ord4553
ord5043
ord4433
ord4362
ord4495
ord4840
ord4964
ord4019
ord4523
ord4474
ord4965
ord4510
ord4667
ord4267
ord4942
ord2711
ord4788
ord347
ord4281
ord5162
ord4370
ord1351
ord4371
ord3338
ord4957
ord2414
ord4790
ord4704
ord4358
ord2413
ord4799
ord5047
ord4958
ord2415
ord4643
ord4940
ord4501
ord2412
ord4955
ord4668
ord4125
ord2411
ord1293
ord1999
ord4126
ord5202
ord1610
ord5910
ord6763
ord3471
ord3644
ord6115
ord5609
ord4347
ord3824
ord4032
ord1049
ord1096
ord5971
ord2239
ord4535
ord3677
ord3327
ord4475
ord2832
ord566
ord5562
ord757
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord2460
ord5398
ord2365
ord3176
ord6061
ord4112
ord998
ord2264
ord444
ord677
ord774
ord3395
ord502
ord4230
ord1549
ord1628
ord2081
ord3467
ord642
ord4882
ord3331
ord1156
ord5981
ord5982
ord5618
ord4119
ord2121
ord5485
ord772
ord860
ord1416
ord563
ord1939
ord753
ord530
ord1198
ord557
ord745
ord6001
ord6002
ord1472
ord5710
ord5711
ord1006
ord3990
ord4101
ord2713
ord4100
ord894
ord2260
ord3281
ord4109
ord5638
ord3678
ord2255
ord2521
ord6058
ord5607
ord6056
ord2362
ord5604
ord5636
ord6050
ord280
ord709
ord501
ord3158
ord3873
ord4226
ord1536
ord2077
ord651
ord2364
ord416
ord658
ord1176
ord1079
ord1058
ord3224
ord6749
ord2952
ord4232
ord2083
ord6086
ord6751
ord587
ord1555
ord2379
ord760
ord2381
ord2399
ord1925
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord5178
ord1955
ord3311
ord4206
ord1647
ord4729
ord1646
ord4884
ord1590
ord2011
ord5196
ord4255
ord1662
ord2531
ord2985
ord1661
ord2725
ord5210
ord715
ord1542
ord2829
ord4234
ord4301
ord1393
ord2708
ord5911
ord6720
ord2856
ord1118
ord6721
ord5908
ord2534
ord1582
ord1611
ord2640
ord2086
ord1608
ord2527
ord3940
ord3712
ord577
ord1392
ord3713
ord4238
ord3703
ord5148
ord2638
ord283
ord293
ord1899
ord3943
ord5067
ord4480
ord4574
ord6271
ord4256
ord5199
ord4179
ord4536
ord3286
ord5727
ord4314
ord1572
ord1634
ord3397
ord4716
ord605
ord4276
ord354
ord1591
ord5956
ord5231
ord5229
ord3635
ord3435
ord920
ord925
ord929
ord3157
ord927
ord931
ord1785
ord2384
ord2404
ord6063
ord2388
ord2394
ord2392
ord1271
ord2390
ord2407
ord2311
ord2402
ord741
ord3204
ord2386
ord2409
ord776
ord2397
ord572
ord764
ord1553
ord722

msvcr80

_unlock
?terminate@@YAXXZ
__set_app_type
__dllonexit
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_vscprintf
_vscwprintf
vsprintf_s
rand
srand
vswprintf_s
malloc
_vsnwprintf
wcscat_s
_itow
_vsnprintf
strncmp
wcsncmp
_CxxThrowException
wcsncpy_s
_vswprintf
__CxxFrameHandler3
_purecall
wcscpy_s
sprintf_s
free
calloc
memcpy_s
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
memmove_s
_invalid_parameter_noinfo
_swprintf
_beginthreadex
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_encode_pointer

kernel32

GetFileAttributesA
GetExitCodeThread
LocalFree
CreateMutexW
GetPrivateProfileStringA
GetModuleFileNameA
GetCurrentThread
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
ReleaseMutex
SetFilePointer
GetLogicalDrives
GetDiskFreeSpaceExW
lstrlenA
GetDriveTypeW
SetVolumeLabelW
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
DeviceIoControl
CreateFileW
SetFileAttributesW
GetFileAttributesW
SizeofResource
WriteFile
ReadFile
SetHandleInformation
CreatePipe
CloseHandle
TerminateProcess
WideCharToMultiByte
CreateProcessW
GetExitCodeProcess
Sleep
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
FindFirstFileW
GetTickCount
WaitForSingleObject
TerminateThread
FindClose
FindNextFileW
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
lstrcpyW
WinExec
lstrlenW
FreeLibrary
FlushFileBuffers
SetVolumeMountPointW
DeleteVolumeMountPointW
GetVolumeNameForVolumeMountPointW
GlobalMemoryStatusEx
GetLocalTime
CreateFileA
CreateDirectoryA
OutputDebugStringA
UnmapViewOfFile
SetEvent
MapViewOfFile
OpenEventW
OpenFileMappingW
MultiByteToWideChar
DeleteFileW
WritePrivateProfileStringA
GetPrivateProfileStringW
CreateDirectoryW
GetComputerNameW
WritePrivateProfileStringW
GetPrivateProfileIntW
SetFilePointerEx
GetFileSizeEx
RemoveDirectoryW
IsBadWritePtr
CopyFileW
IsBadReadPtr
FindResourceExW
GetModuleFileNameW
FindResourceW
GetFileSize
GetSystemTime
InterlockedExchange
LoadResource
GetVersionExW
LockResource
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVolumeInformationW
GetStartupInfoW
InterlockedCompareExchange

user32

SetRect
TabbedTextOutW
FillRect
DrawIconEx
DrawStateW
GetClientRect
PostMessageW
EnableWindow
UnregisterClassA
DrawTextW
GetParent
DrawTextExW
GrayStringW
InvalidateRect
GetWindowTextW
InflateRect
SendMessageW
LoadIconW
GetSystemMetrics
MessageBeep
wsprintfW
IsWindowVisible
CopyIcon
SetCursor
RedrawWindow
GetCursorPos
SetWindowLongW
IsWindow
DestroyCursor
GetFocus
PtInRect
LoadCursorW
GetSysColor
UpdateWindow
ReleaseDC
GetDC
ExitWindowsEx
DrawIcon
IsIconic
AppendMenuW
GetSystemMenu
GetWindowRect
KillTimer
SetTimer
LoadBitmapW

gdi32

LineTo
MoveToEx
SetBkColor
SetBkMode
SetTextColor
DeleteObject
GetTextMetricsW
GetCurrentObject
DeleteDC
CreateFontIndirectW
GetDeviceCaps
CreateFontW
Rectangle
GetObjectW
GetStockObject
CreatePen
CreateCompatibleBitmap
LPtoDP
RoundRect
CreateCompatibleDC
Escape
SelectObject
ExtTextOutW
TextOutW
GetTextExtentPoint32W
BitBlt
RectVisible
GetBkColor
PtVisible
DPtoLP
CreateSolidBrush
SetTextJustification

advapi32

SetNamedSecurityInfoW
RegOpenKeyA
RegQueryValueExA
RegOpenKeyW
RegQueryValueW
EqualSid
GetTokenInformation
FreeSid
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegQueryValueExW
DecryptFileW
RegSetKeySecurity
RegEnumKeyExW
RegDeleteValueW
RegFlushKey
RegUnLoadKeyW
RegEnumValueW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegGetKeySecurity
RegLoadKeyW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegQueryInfoKeyW
ConvertStringSidToSidW
BuildExplicitAccessWithNameW
RegCloseKey
RegQueryMultipleValuesA
RegOpenKeyExA
SetEntriesInAclW

shell32

SHGetFolderPathW
ShellExecuteW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFileExistsW

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

winhttp

WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpSetOption
WinHttpCloseHandle
WinHttpWriteData
WinHttpConnect
WinHttpSendRequest

Exports

Exports

GetObjGAHelp
GetObjGATrackingData
GetObjGoogleAnalytics

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 476KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 6KB - Virtual size: 6KB

5e192b691c51399461cd75355b7b0636

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

67:b8:3a:5b:6c:b6:cd:7d:19:08:97:9dCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

41:5d:8d:48:1d:99:c6:e4:65:78:64:d0:51:5e:e5:4aCertificate

Extended Key Usages

Key Usages

61:18:54:86:00:00:00:00:00:24Certificate

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

44:b0:32:24:2d:fd:71:37:0c:a0:3c:ea:73:3b:47:b0:3c:ee:e4:3f:64:07:23:d4:a3:39:a7:47:be:52:8b:dfSigner

Signature Validations

Verification

09/03/2023, 18:53 Valid: false

1a:a3:3a:f9:8c:bd:0d:c6:6b:cf:37:b6:36:13:4e:82:65:03:a4:45Signer

Signature Validations

Verification

07/08/2020, 08:03 Valid: false

Headers

File Characteristics

Imports

ntdll

rpcrt4

upgradeshow

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

msvcp80

winhttp

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 379KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 476KB - Virtual size: 474KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 6KB - Virtual size: 6KB

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

67:b8:3a:5b:6c:b6:cd:7d:19:08:97:9d
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

41:5d:8d:48:1d:99:c6:e4:65:78:64:d0:51:5e:e5:4a
Certificate

61:18:54:86:00:00:00:00:00:24
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

44:b0:32:24:2d:fd:71:37:0c:a0:3c:ea:73:3b:47:b0:3c:ee:e4:3f:64:07:23:d4:a3:39:a7:47:be:52:8b:df
Signer

09/03/2023, 18:53
Valid: false

1a:a3:3a:f9:8c:bd:0d:c6:6b:cf:37:b6:36:13:4e:82:65:03:a4:45
Signer

07/08/2020, 08:03
Valid: false

.text
Size: 380KB - Virtual size: 379KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 476KB - Virtual size: 474KB