0359624662a2a3178a92f6c14ca847ca3e8f1d4fe08fe637589443b9a220815e

Sharing

Copy URL Twitter E-mail

General

Target

0359624662a2a3178a92f6c14ca847ca3e8f1d4fe08fe637589443b9a220815e
Size

4.9MB
MD5

b7948febba65080b7016f0b7e06340f1
SHA1

b7303a85f48c836fcbc9362a6ea749bd22a843f4
SHA256

0359624662a2a3178a92f6c14ca847ca3e8f1d4fe08fe637589443b9a220815e
SHA512

42770361af8f48a92c3fef471b2484f9025ef93577397b1043add775662dae5dc89d1b9dfb4cc93ae101ae442b731b2457d5eb24a6d2f5d805f44eadccd16e79
SSDEEP

98304:B0JL/AfaguMvq7DXCyyW7RkPlmzXcc+ZjNU0FKtHDI8HZYVm:SrjyW7Rkwzn+d+bCI

Score

1^/10

Malware Config

Signatures

Files

0359624662a2a3178a92f6c14ca847ca3e8f1d4fe08fe637589443b9a220815e
.dll windows x86

ab51d0ab62ff1dfeeacf4b22a2642a16

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:58:56:94:3e:86:fa:49:d6:76:26:67:c1:cb:d4:54
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/06/2014, 00:00

Not After

02/09/2017, 23:59

Subject

CN=2345.com,OU=桌面软件事业部,O=2345.com,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:23:96:86:f6:6c:b0:bc:11:21:e5:78:87:23:62:8a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/02/2016, 00:00

Not After

02/09/2017, 23:59

Subject

CN=2345.com,OU=桌面软件事业部,O=2345.com,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

96:22:93:d1:93:da:c2:c5:cc:42:ef:d9:6b:e6:b5:48:13:37:ff:f3:b8:3f:1e:d5:38:82:ed:aa:98:0e:5d:ca
Signer

Actual PE Digest

96:22:93:d1:93:da:c2:c5:cc:42:ef:d9:6b:e6:b5:48:13:37:ff:f3:b8:3f:1e:d5:38:82:ed:aa:98:0e:5d:ca

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=2345.com,OU=桌面软件事业部,O=2345.com,L=shanghai,ST=shanghai,C=CN

13/04/2017, 10:38
Valid: false

f3:90:d1:4a:43:a5:f7:70:e2:1f:ad:98:9b:e1:c5:ec:f2:da:ad:4f
Signer

Actual PE Digest

f3:90:d1:4a:43:a5:f7:70:e2:1f:ad:98:9b:e1:c5:ec:f2:da:ad:4f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=2345.com,OU=桌面软件事业部,O=2345.com,L=shanghai,ST=shanghai,C=CN

13/04/2017, 10:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipBitmapLockBits
GdipDeleteMatrix
GdipCreateRegion
GdipTranslateWorldTransform
GdipGetWorldTransform
GdipCreateImageAttributes
GdipTransformPointsI
GdipDeleteRegion
GdipSaveGraphics
GdipDisposeImageAttributes
GdipBitmapUnlockBits
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameDimensionsCount
GdipImageGetFrameCount
GdipMeasureString
GdipSetTextRenderingHint
GdipDeleteFont
GdipSetStringFormatTrimming
GdipDrawImageI
GdipRotateWorldTransform
GdipRestoreGraphics
GdipDrawString
GdipCreateFontFromLogfontW
GdipLoadImageFromFile
GdipCreateBitmapFromResource
GdipSetImageAttributesColorKeys
GdipGraphicsClear
GdipGetMatrixElements
GdipSetClipRectI
GdipGetClip
GdipCreateMatrix
GdipScaleWorldTransform
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipGetRegionHRgn
GdipReleaseDC
GdipGetDC
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipCreateFromHWND
GdipCreateHICONFromBitmap
GdipSetStringFormatHotkeyPrefix
GdipSetImageAttributesWrapMode
GdipFree
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipAlloc
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdipGetImageWidth
GdipSetStringFormatLineAlign
GdipFillRectangleI
GdipCreateSolidFill
GdipCreateTexture
GdipCloneBrush
GdipDeleteBrush
GdipSetInterpolationMode
GdipSetSmoothingMode
GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRectRect
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetPageUnit
GdipDrawImagePointRectI
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipCloneBitmapAreaI
GdipSetPixelOffsetMode
GdipSetCompositingQuality
GdipCreateBitmapFromHBITMAP
GdiplusShutdown

ws2_32

ntohl
ntohs

iphlpapi

GetExtendedTcpTable

imm32

ImmAssociateContext
ImmGetVirtualKey

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

wininet

HttpSendRequestExW
InternetCloseHandle
HttpEndRequestW
HttpOpenRequestW
InternetWriteFile
InternetConnectW
InternetReadFile

kernel32

IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeCriticalSectionAndSpinCount
RaiseException
GetLastError
DecodePointer
WaitForMultipleObjects
DeleteCriticalSection
CreateDirectoryW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
FindResourceW
GetModuleHandleW
GetVersionExW
GetCurrentProcess
FlushInstructionCache
SetLastError
GetTickCount
GetPrivateProfileStringW
WritePrivateProfileStringW
Sleep
FreeLibrary
LoadResource
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
OpenProcess
SizeofResource
GetFileAttributesW
GetModuleFileNameW
MultiByteToWideChar
InterlockedExchange
GetProcAddress
lstrcmpiW
GetCommandLineW
SetErrorMode
SetUnhandledExceptionFilter
SetEnvironmentVariableW
OutputDebugStringW
CopyFileW
CloseHandle
DeleteFileW
IsProcessorFeaturePresent
TryEnterCriticalSection
SetEvent
ResetEvent
CreateEventW
FindFirstFileW
CreateFileW
GetLongPathNameW
GetFileAttributesExW
InterlockedExchangeAdd
GetDriveTypeW
GetFileSize
SetFilePointer
SetEndOfFile
SetFileTime
WriteFile
ReadFile
LoadLibraryW
FindClose
FindNextFileW
lstrlenW
lstrcatW
lstrcpyW
ExpandEnvironmentStringsW
CreateMutexW
ReleaseMutex
WideCharToMultiByte
GetACP
SystemTimeToFileTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
DosDateTimeToFileTime
FileTimeToSystemTime
GetSystemTime
TerminateThread
OpenThread
GetExitCodeThread
SuspendThread
SwitchToThread
HeapAlloc
HeapFree
GetProcessHeap
FormatMessageW
LocalFree
GlobalAlloc
GlobalFree
GetFullPathNameW
GetTempFileNameW
MoveFileExW
GetSystemDirectoryW
GetTempPathW
GetCurrentDirectoryW
MoveFileW
RemoveDirectoryW
GetWindowsDirectoryW
SetFileAttributesW
DeviceIoControl
GetComputerNameW
LockResource
GetSystemInfo
GlobalMemoryStatusEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetEnvironmentVariableW
QueryDosDeviceW
GetLogicalDriveStringsW
GetDiskFreeSpaceW
GetVolumeInformationW
GetVersion
GlobalUnlock
GetDiskFreeSpaceExW
TerminateProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateProcessW
GetExitCodeProcess
GetStartupInfoW
CreatePipe
GetFileType
GlobalLock
GlobalAddAtomW
MulDiv
lstrcmpW
lstrlenA
GetFullPathNameA
HeapReAlloc
CreateFileA
HeapCompact
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
FlushFileBuffers
HeapSize
LockFileEx
LoadLibraryA
CreateFileMappingA
GetDiskFreeSpaceA
OutputDebugStringA
GetVersionExA
GetTempPathA
AreFileApisANSI
DeleteFileA
VirtualAlloc
VirtualFree
EncodePointer
GetFileSizeEx
FreeResource
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrW
ResumeThread

user32

ScrollWindow
EnableScrollBar
IntersectRect
EmptyClipboard
ScrollWindowEx
SetRectEmpty
UnionRect
GetScrollPos
RemovePropW
SetPropW
GetPropW
AppendMenuW
EnableMenuItem
CreatePopupMenu
FrameRect
UpdateWindow
TrackMouseEvent
SetScrollPos
SetScrollInfo
ValidateRect
SetParent
IsRectEmpty
DrawIconEx
GetScrollInfo
ShowScrollBar
DestroyAcceleratorTable
FillRect
IsChild
SetCapture
GetFocus
InvalidateRgn
CreateAcceleratorTableW
GetSysColor
ExitWindowsEx
SetFocus
SetCursor
InflateRect
GetMenuItemID
GetMenuStringW
SetRect
GetMenuState
GetMenuItemCount
UnregisterHotKey
RegisterHotKey
DrawTextW
DeleteMenu
GetCapture
WaitMessage
EqualRect
InsertMenuW
AnimateWindow
CheckMenuItem
EndPaint
UpdateLayeredWindow
GetKeyNameTextW
BeginPaint
SetWindowRgn
MoveWindow
ScreenToClient
PostQuitMessage
IsWindowEnabled
OffsetRect
GetAsyncKeyState
RedrawWindow
GetWindowTextLengthW
IsIconic
IsZoomed
GetLastActivePopup
AttachThreadInput
InvalidateRect
GetWindowTextW
ReleaseCapture
EnableWindow
CopyRect
EnumWindows
IsMenu
TrackPopupMenu
RegisterWindowMessageW
LoadImageW
GetSubMenu
SetForegroundWindow
GetMenuDefaultItem
GetDC
LoadMenuW
ReleaseDC
GetCursorPos
DestroyMenu
CallWindowProcW
GetDlgItem
GetForegroundWindow
GetSystemMetrics
GetMessageW
WindowFromPoint
TranslateMessage
PeekMessageW
GetWindowThreadProcessId
DispatchMessageW
SetWindowPlacement
SetTimer
KillTimer
IsWindowVisible
DestroyIcon
ClientToScreen
GetWindowRect
GetClientRect
PtInRect
LoadIconW
GetWindowLongW
MonitorFromWindow
EndDialog
SetWindowPos
MapWindowPoints
GetMonitorInfoW
GetWindow
DestroyWindow
CharNextW
FindWindowW
SendMessageTimeoutW
MessageBoxW
DefWindowProcW
ShowWindow
CreateDialogParamW
GetActiveWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
SystemParametersInfoW
GetDesktopWindow
CreateWindowExW
SetWindowTextW
IsWindow
DialogBoxParamW
SetWindowLongW
GetKeyState
GetParent
GetMenuItemInfoW
GetClassNameW
SendMessageW
SetMenuItemInfoW
LoadStringW
UnregisterClassW
PostMessageW
GetUpdateRect
CloseClipboard
GetClipboardData
OpenClipboard
RegisterClipboardFormatW
SetClipboardData
MsgWaitForMultipleObjects
MapVirtualKeyExW
GetKeyboardLayout
MonitorFromPoint
MonitorFromRect
GetWindowDC

gdi32

GetTextExtentPointW
ExtCreatePen
SetViewportOrgEx
CreateRectRgn
CreateDIBSection
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
SetGraphicsMode
SetBrushOrgEx
SetArcDirection
SelectClipRgn
SetDCPenColor
SetStretchBltMode
SetWorldTransform
SetROP2
GetTextMetricsW
GetTextExtentPoint32W
TextOutW
StretchBlt
MoveToEx
LineTo
EnumFontsW
CreatePen
GetTextColor
SetDCBrushColor
CreateSolidBrush
SetTextColor
SetBkMode
DeleteObject
DeleteDC
GetStockObject
GetDeviceCaps
CreateRoundRectRgn
CreatePolygonRgn
BitBlt
SetBkColor
ExtTextOutW
GetObjectW
CreateFontIndirectW

advapi32

RegQueryValueExW
CheckTokenMembership
GetUserNameW
RegOpenCurrentUser
AdjustTokenPrivileges
LookupPrivilegeValueW
GetLengthSid
FreeSid
AllocateAndInitializeSid
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW

shell32

DragQueryFileW
SHGetPathFromIDListW
ShellExecuteW
ShellExecuteExW
SHGetDesktopFolder
SHBrowseForFolderW
CommandLineToArgvW
SHGetFileInfoW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetFolderPathW
SHChangeNotify
SHFileOperationW
SHGetSpecialFolderLocation

ole32

CoGetClassObject
OleUninitialize
OleInitialize
RegisterDragDrop
RevokeDragDrop
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

oleaut32

SysStringByteLen
SysStringLen
LoadTypeLi
OleCreateFontIndirect
LoadRegTypeLi
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetUBound
SysAllocStringLen
VariantInit
SysAllocStringByteLen
VariantClear
DispCallFunc
SysAllocString
VarUI4FromStr
SysFreeString

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
??1_Container_base12@std@@QAE@XZ
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Syserror_map@std@@YAPBDH@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Winerror_map@std@@YAPBDH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

shlwapi

StrToIntW
StrCmpIW
SHDeleteKeyW

comctl32

_TrackMouseEvent
ImageList_Destroy
ImageList_Add
ImageList_Create
ImageList_SetImageCount
ImageList_Draw
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetImageCount
InitCommonControlsEx

msvcr120

fprintf
_resetstkoflw
system
realloc
fprintf_s
fgets
??3@YAXPAX@Z
memmove
free
??_V@YAXPAX@Z
_purecall
??2@YAPAXI@Z
_wfopen_s
swprintf_s
fwprintf
fflush
_vsnwprintf_s
fclose
malloc
_recalloc
_wtoi64
wcstol
wcsncpy_s
wcsstr
memcpy_s
_time64
memmove_s
_vsnprintf
strncmp
isspace
isalpha
sprintf_s
strpbrk
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_except1
??0exception@std@@QAE@ABQBD@Z
qsort
_msize
??8type_info@@QBE_NABV0@@Z
_nextafter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
__CxxFrameHandler3
_except_handler4_common
__clean_type_info_names_internal
_vsnwprintf
?terminate@@YAXXZ
_wtoi
wcschr
towlower
towupper
_beginthreadex
rand
srand
memchr
_mktime64
_localtime64
_errno
_endthreadex
sscanf
_wcsupr
_CxxThrowException
??0exception@std@@QAE@XZ
round
__RTDynamicCast
_libm_sse2_pow_precise
ceil
floor
_vswprintf_c_l
swscanf_s
strstr
strchr
tolower
toupper
_stricmp
calloc
_wcsnicmp
_localtime64_s
sprintf
isalnum
wcstoul
memcpy
memset
??0exception@std@@QAE@ABV01@@Z
_wcsicmp
wcsncpy
wcsrchr
swscanf
strtol
_gmtime32

comdlg32

GetSaveFileNameW
GetOpenFileNameW

Exports

Exports

MobileLoaderMain
MobileMgrMain
MobilePopupMain
MobileUninit
MobileUpdateMain

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 746KB - Virtual size: 745KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab51d0ab62ff1dfeeacf4b22a2642a16

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7d:58:56:94:3e:86:fa:49:d6:76:26:67:c1:cb:d4:54Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

21:23:96:86:f6:6c:b0:bc:11:21:e5:78:87:23:62:8aCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

96:22:93:d1:93:da:c2:c5:cc:42:ef:d9:6b:e6:b5:48:13:37:ff:f3:b8:3f:1e:d5:38:82:ed:aa:98:0e:5d:caSigner

Signature Validations

Verification

13/04/2017, 10:38 Valid: false

f3:90:d1:4a:43:a5:f7:70:e2:1f:ad:98:9b:e1:c5:ec:f2:da:ad:4fSigner

Signature Validations

Verification

13/04/2017, 10:37 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

ws2_32

iphlpapi

imm32

version

setupapi

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp120

shlwapi

comctl32

msvcr120

comdlg32

Exports

Exports

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 746KB - Virtual size: 745KB

.data Size: 68KB - Virtual size: 79KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 238KB - Virtual size: 238KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7d:58:56:94:3e:86:fa:49:d6:76:26:67:c1:cb:d4:54
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

21:23:96:86:f6:6c:b0:bc:11:21:e5:78:87:23:62:8a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

96:22:93:d1:93:da:c2:c5:cc:42:ef:d9:6b:e6:b5:48:13:37:ff:f3:b8:3f:1e:d5:38:82:ed:aa:98:0e:5d:ca
Signer

13/04/2017, 10:38
Valid: false

f3:90:d1:4a:43:a5:f7:70:e2:1f:ad:98:9b:e1:c5:ec:f2:da:ad:4f
Signer

13/04/2017, 10:37
Valid: false

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 746KB - Virtual size: 745KB

.data
Size: 68KB - Virtual size: 79KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 238KB - Virtual size: 238KB