5d8e875774233ec3357421f4c4a35ddab9b9079a18c165cc06eee988d607803d

Sharing

Copy URL Twitter E-mail

General

Target

5d8e875774233ec3357421f4c4a35ddab9b9079a18c165cc06eee988d607803d
Size

2.2MB
MD5

bbf42ff3a9341f0789b7e4a6afa280f2
SHA1

32a0d2e04754f2382b020c736c648e25179f2b78
SHA256

5d8e875774233ec3357421f4c4a35ddab9b9079a18c165cc06eee988d607803d
SHA512

1ea30489c592daf5dcd3d6944f45d2834a81e7220cd4e15a864b979142ee94a9d68b9533a9ad0dc84f105a93625e0597f511449009877f7fd63f7fa68b5c38e3
SSDEEP

49152:OwUkBbIHH5qWFCQisV4v0IMjU/C4lODO2+:O0NWFCQid8IMjB+

Score

1^/10

Malware Config

Signatures

Files

5d8e875774233ec3357421f4c4a35ddab9b9079a18c165cc06eee988d607803d
.dll windows x86

97ff7519947fddb959adc5e45dabd70c

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

59:60:6a:c0:0a:2f:9f:36:80:8c:ab:db:6c:6e:7e:37
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/06/2016, 00:00

Not After

15/06/2017, 23:59

Subject

CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06/05/2016, 00:00

Not After

06/05/2019, 23:59

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:91:99:73:3e:ad:15:19:55:53:a2:c3:e4:53:f3:74:13:01:2e:d5:f8:c6:28:32:27:7f:d0:f8:7c:04:2f:a5
Signer

Actual PE Digest

3d:91:99:73:3e:ad:15:19:55:53:a2:c3:e4:53:f3:74:13:01:2e:d5:f8:c6:28:32:27:7f:d0:f8:7c:04:2f:a5

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

27/04/2017, 02:40
Valid: false

ee:89:f8:91:c0:c9:cd:46:f5:e5:60:28:e2:19:8e:bc:98:8b:db:3e
Signer

Actual PE Digest

ee:89:f8:91:c0:c9:cd:46:f5:e5:60:28:e2:19:8e:bc:98:8b:db:3e

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN

27/04/2017, 02:40
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
FindClose
FindNextFileW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
CreateMutexW
ReleaseMutex
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
LockResource
GetSystemInfo
OpenProcess
ResetEvent
InterlockedExchangeAdd
HeapAlloc
HeapFree
GetProcessHeap
GetDiskFreeSpaceW
GetVolumeInformationW
CreateProcessW
GetExitCodeProcess
ExpandEnvironmentStringsW
GetLocalTime
HeapReAlloc
HeapDestroy
HeapSize
GetTempFileNameW
GetFullPathNameW
ResumeThread
WaitForSingleObject
GetCurrentProcessId
GetACP
WideCharToMultiByte
InitializeCriticalSection
TryEnterCriticalSection
GetFileAttributesExW
CreateFileW
FindFirstFileW
MulDiv
LoadLibraryW
OutputDebugStringW
GetVersionExW
CloseHandle
WaitForMultipleObjects
CreateEventW
SetEvent
lstrcpyW
Sleep
lstrlenW
MoveFileW
GlobalUnlock
GlobalAlloc
GlobalLock
LocalFree
lstrcmpiW
GetProcAddress
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
MultiByteToWideChar
GetModuleFileNameW
SizeofResource
GetTickCount
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
SetUnhandledExceptionFilter
LoadResource
FreeLibrary
FindResourceW
SetErrorMode
GetCommandLineW
GetCurrentThreadId
EnterCriticalSection
SetLastError
DeleteFileA
AreFileApisANSI
GetTempPathA
GetVersionExA
OutputDebugStringA
GetDiskFreeSpaceA
CreateFileMappingA
LockFileEx
FlushFileBuffers
HeapValidate
HeapCreate
GetFileAttributesA
FormatMessageA
UnlockFileEx
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapCompact
CreateFileA
GetFullPathNameA
DeviceIoControl
GlobalMemoryStatusEx
FormatMessageW
GetFileSizeEx
GetEnvironmentVariableW
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
LoadLibraryA
GetSystemTimeAsFileTime
QueryPerformanceCounter
EncodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetCurrentDirectoryW
GetTempPathW
GetFileAttributesW
CopyFileW
GetSystemDirectoryW
SetFileTime
CreateDirectoryW
GlobalFree
MoveFileExW
FlushInstructionCache
LeaveCriticalSection
GetCurrentProcess
DeleteCriticalSection
DecodePointer
GetLastError
RaiseException

user32

GetWindowThreadProcessId
FindWindowW
SetRectEmpty
SetCapture
TrackMouseEvent
ReleaseCapture
EqualRect
GetLastActivePopup
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
GetClassNameW
wsprintfW
UnregisterClassW
PostMessageW
GetSystemMetrics
CreateWindowExW
IsWindow
GetDesktopWindow
SetWindowLongW
SystemParametersInfoW
RegisterClassExW
GetClassInfoExW
LoadCursorW
LoadImageW
DispatchMessageW
DefWindowProcW
PeekMessageW
TranslateMessage
CharNextW
GetMessageW
DestroyWindow
SetClipboardData
SetCaretPos
OpenClipboard
CreateCaret
DestroyCaret
EmptyClipboard
GetClipboardData
KillTimer
SetTimer
CloseClipboard
DrawTextW
CopyRect
GetActiveWindow
DialogBoxParamW
GetKeyState
PtInRect
OffsetRect
MoveWindow
ShowWindow
GetClientRect
GetParent
GetWindow
GetMonitorInfoW
MapWindowPoints
SetWindowPos
RedrawWindow
EndDialog
MonitorFromWindow
GetWindowLongW
GetWindowRect
ClientToScreen
CallWindowProcW
IntersectRect
GetCursorPos
GetDlgItem
SetClassLongW
InvalidateRect
BeginPaint
SetFocus
IsZoomed
IsIconic
ScreenToClient
EndPaint
DestroyCursor
SetCursor
IsRectEmpty
IsWindowVisible
ReleaseDC
GetDC
MonitorFromPoint
UpdateLayeredWindow
SetMenuItemInfoW
SetWindowTextW
DestroyMenu
MessageBoxW
SetMenuDefaultItem
RemoveMenu
GetMenuItemCount
CreatePopupMenu
LoadStringW
AppendMenuW
SendMessageW
CheckMenuRadioItem
TrackPopupMenuEx
LoadIconW
GetMenuItemInfoW
CreateMenu
MessageBeep
LoadStringA
PostQuitMessage
TranslateAcceleratorW
GetMenuStringW
InsertMenuW
IsWindowEnabled
SetRect
RegisterWindowMessageW
UnionRect

gdi32

BitBlt
StretchBlt
CreateSolidBrush
SetWorldTransform
DeleteDC
SetGraphicsMode
SetViewportOrgEx
CreateEllipticRgn
SetROP2
SetStretchBltMode
SetDCPenColor
SelectClipRgn
SetArcDirection
SetDCBrushColor
SetBrushOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgn
CreateFontIndirectW
SetBkMode
DeleteObject
SelectObject
CreatePolygonRgn
CombineRgn
GetTextExtentPoint32W
SetTextColor
SetBkColor
GetStockObject

comdlg32

GetOpenFileNameW
ChooseColorW
GetSaveFileNameW

advapi32

GetUserNameW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW

shell32

CommandLineToArgvW
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
DragQueryFileW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
RevokeDragDrop
RegisterDragDrop
CoCreateInstance

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

msvcp120

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z

comctl32

InitCommonControlsEx

msvcr120

_except1
_lock
?terminate@@YAXXZ
_CxxThrowException
floor
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_libm_sse2_pow_precise
_libm_sse2_exp_precise
_libm_sse2_cos_precise
_libm_sse2_acos_precise
__RTDynamicCast
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
strpbrk
sprintf_s
_endthreadex
_msize
qsort
strncmp
wcstoul
swscanf_s
sprintf
_localtime64_s
memset
memcpy
_aligned_malloc
_aligned_free
_wtof
_wcsicmp
_vswprintf_c_l
__CxxFrameHandler3
_except_handler4_common
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__clean_type_info_names_internal
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
??3@YAXPAX@Z
memmove
free
??_V@YAXPAX@Z
_purecall
??2@YAPAXI@Z
vswprintf_s
malloc
memcpy_s
realloc
memmove_s
wcsncpy_s
wcsstr
_recalloc
_vsnwprintf
wcscpy_s
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
strstr
__RTtypeid
srand
_time64
swprintf_s
strncpy_s
wcschr
towlower
towupper
rand
_errno
_wtoi
_beginthreadex
memchr
tolower
_wcsnicmp
_mktime64
_localtime64
_stricmp
_splitpath_s
wcsncpy
wcsrchr
_wassert
calloc
??0exception@std@@QAE@ABV01@@Z
_unlock

imm32

ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmCreateContext
ImmDestroyContext
ImmGetVirtualKey
ImmAssociateContext
ImmAssociateContextEx

gdiplus

GdipDrawImageRectI
GdipDeleteMatrix
GdipCreateRegion
GdipGetWorldTransform
GdipTransformPointsI
GdipDeleteRegion
GdipGetClipBoundsI
GdipGetMatrixElements
GdipCreateMatrix
GdipGetRegionHRgn
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCreateFontFromLogfontW
GdipCreateBitmapFromHBITMAP
GdipDrawRectangle
GdipSetPixelOffsetMode
GdipCreateFromHDC
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawLineI
GdipNewInstalledFontCollection
GdipCloneFontFamily
GdipGetFontCollectionFamilyCount
GdipSetStringFormatLineAlign
GdipGetFamilyName
GdipGetFontCollectionFamilyList
GdipBitmapGetPixel
GdipSetClipHrgn
GdipSetSolidFillColor
GdipResetClip
GdipReleaseDC
GdipGetDC
GdipResetTextureTransform
GdipCreateTexture
GdipTranslateTextureTransform
GdipCreateFromHWND
GdipMeasureString
GdipDrawImagePointRectI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetCompositingMode
GdipDrawImageRectRectI
GdipSetClipRectI
GdipSaveImageToFile
GdipCreateBitmapFromFile
GdipCloneImage
GdipSetInterpolationMode
GdipResetWorldTransform
GdipDisposeImage
GdipDrawImageI
GdipSetSmoothingMode
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipScaleWorldTransform
GdipCloneBitmapAreaI
GdipDrawRectangleI
GdipFillEllipseI
GdipDeleteStringFormat
GdipCreatePen1
GdipGetImageWidth
GdipCreateStringFormat
GdipRestoreGraphics
GdipStringFormatGetGenericTypographic
GdipSetCompositingQuality
GdipCreateFontFamilyFromName
GdipTranslateWorldTransform
GdipCloneStringFormat
GdipDrawString
GdipCreateImageAttributes
GdipGetGenericFontFamilySansSerif
GdipRotateWorldTransform
GdipCreateFont
GdipSaveGraphics
GdipDisposeImageAttributes
GdipDeleteFontFamily
GdipDrawEllipseI
GdipDrawLinesI
GdipSetStringFormatAlign
GdipSetImageAttributesWrapMode
GdipDeleteFont
GdipSetTextRenderingHint
GdipFillPolygonI
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipDeletePen
GdipDrawImageRectRect
GdipSetStringFormatFlags
GdipFillRectangleI
GdipAlloc
GdipCreateSolidFill
GdipCloneBrush
GdipFree
GdipDeleteBrush
GdipGetClip

Exports

Exports

ImageEditorMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97ff7519947fddb959adc5e45dabd70c

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

59:60:6a:c0:0a:2f:9f:36:80:8c:ab:db:6c:6e:7e:37Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40Certificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

3d:91:99:73:3e:ad:15:19:55:53:a2:c3:e4:53:f3:74:13:01:2e:d5:f8:c6:28:32:27:7f:d0:f8:7c:04:2f:a5Signer

Signature Validations

Verification

27/04/2017, 02:40 Valid: false

ee:89:f8:91:c0:c9:cd:46:f5:e5:60:28:e2:19:8e:bc:98:8b:db:3eSigner

Signature Validations

Verification

27/04/2017, 02:40 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp120

comctl32

msvcr120

imm32

gdiplus

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 284KB - Virtual size: 284KB

.data Size: 23KB - Virtual size: 45KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 94KB - Virtual size: 94KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

59:60:6a:c0:0a:2f:9f:36:80:8c:ab:db:6c:6e:7e:37
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

3d:91:99:73:3e:ad:15:19:55:53:a2:c3:e4:53:f3:74:13:01:2e:d5:f8:c6:28:32:27:7f:d0:f8:7c:04:2f:a5
Signer

27/04/2017, 02:40
Valid: false

ee:89:f8:91:c0:c9:cd:46:f5:e5:60:28:e2:19:8e:bc:98:8b:db:3e
Signer

27/04/2017, 02:40
Valid: false

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 284KB - Virtual size: 284KB

.data
Size: 23KB - Virtual size: 45KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 94KB - Virtual size: 94KB