748d9f1d9c5d892e65489cd00e152864968bc6d6ad1160a6a08befe953bf5096

Sharing

Copy URL Twitter E-mail

General

Target

748d9f1d9c5d892e65489cd00e152864968bc6d6ad1160a6a08befe953bf5096
Size

5.0MB
MD5

3db43bc7e8f5662bae1caaaff397701c
SHA1

68e4acd87e5b6197744950162bed3f29f33c58d5
SHA256

748d9f1d9c5d892e65489cd00e152864968bc6d6ad1160a6a08befe953bf5096
SHA512

789f14b12164ce23ae0c3ee6cae822debeeda3d945db2a719e70aa60ba0f054e8ec34ccd661ce301297fe69d90d9910212b0fd5c268ce4323b547e30b3e1c6d8
SSDEEP

98304:DqBgy0brTxzK9fxVsWYxC/J2MLtYGJNKFL7Wi8QAD:WBYb/cfx4CR2MDCjO

Score

1^/10

Malware Config

Signatures

Files

748d9f1d9c5d892e65489cd00e152864968bc6d6ad1160a6a08befe953bf5096
.dll windows x86

c3586f8a910330ca478e3dec0a77dd93

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

43:07:f7:f0:50:c3:0e:7b:58:3f:c9:b6:3b:51:c2:34
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/05/2017, 00:00

Not After

23/07/2018, 23:59

Subject

CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06/05/2016, 00:00

Not After

06/05/2019, 23:59

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:26:f5:a4:ea:fb:4a:29:aa:fc:ba:ef:50:15:ea:62:10:9f:c9:02:c6:43:a6:9b:f0:b8:e6:ff:4e:03:25:ac
Signer

Actual PE Digest

25:26:f5:a4:ea:fb:4a:29:aa:fc:ba:ef:50:15:ea:62:10:9f:c9:02:c6:43:a6:9b:f0:b8:e6:ff:4e:03:25:ac

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

21/06/2017, 09:21
Valid: false

99:a8:92:d1:fe:1f:c7:de:a6:a8:04:14:d3:bb:12:50:4a:57:f0:16
Signer

Actual PE Digest

99:a8:92:d1:fe:1f:c7:de:a6:a8:04:14:d3:bb:12:50:4a:57:f0:16

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Shanghai 2345 Network Technology Co.\,Ltd,OU=IT,O=Shanghai 2345 Network Technology Co.\,Ltd,L=Shanghai,ST=Shanghai,C=CN

21/06/2017, 09:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryW
GetWindowsDirectoryW
DeleteFileW
SetFileAttributesW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
LockResource
GetSystemInfo
GlobalAlloc
lstrcatW
lstrcpyW
GetFileSizeEx
GetLogicalDriveStringsW
GetDiskFreeSpaceW
GetVolumeInformationW
GlobalMemoryStatusEx
GetEnvironmentVariableW
DeviceIoControl
FreeResource
IsBadReadPtr
IsBadWritePtr
IsBadStringPtrW
GetLocalTime
HeapReAlloc
HeapDestroy
HeapSize
GetPrivateProfileStructW
WritePrivateProfileStructW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcpynW
GetFullPathNameA
CreateFileA
HeapCompact
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
GetFileAttributesA
HeapCreate
HeapValidate
FlushFileBuffers
LockFileEx
CreateFileMappingA
GetDiskFreeSpaceA
GetVersionExA
GetTempPathA
AreFileApisANSI
DeleteFileA
TerminateThread
CreateThread
LocalAlloc
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FlushInstructionCache
RaiseException
GetLastError
SetLastError
EnterCriticalSection
DecodePointer
DeleteCriticalSection
GetCurrentThreadId
Sleep
GlobalFree
InterlockedIncrement
GetComputerNameW
EncodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetCurrentDirectoryW
GetTempPathW
CopyFileW
GetSystemDirectoryW
SetFileTime
CreateDirectoryW
InterlockedDecrement
GetTickCount
CloseHandle
FreeLibrary
LoadLibraryW
GetProcAddress
OutputDebugStringA
GetCommandLineW
SetErrorMode
FindResourceW
LoadResource
SetUnhandledExceptionFilter
LoadLibraryExW
GetModuleHandleW
SizeofResource
GetModuleFileNameW
MultiByteToWideChar
InterlockedExchange
lstrcmpiW
LocalFree
GetLongPathNameW
MoveFileW
SetEvent
CreateEventW
WaitForMultipleObjects
SetCurrentDirectoryW
WaitForSingleObject
ReadDirectoryChangesW
CreateFileW
GetOverlappedResult
ResetEvent
GetDriveTypeW
SwitchToThread
GetVersionExW
VirtualProtect
WriteProcessMemory
HeapAlloc
HeapFree
GetProcessHeap
MulDiv
CompareStringW
lstrlenW
GlobalLock
GlobalUnlock
WideCharToMultiByte
GetACP
GetCurrentProcess
FindFirstFileW
GetFileAttributesExW
GetShortPathNameW
FindClose
FindNextFileW
FormatMessageW
InterlockedExchangeAdd
GetCurrentProcessId
CreateProcessW
GetExitCodeProcess
GetFileAttributesW
LoadLibraryA
ExpandEnvironmentStringsW
CreateMutexW
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
OpenProcess
QueryDosDeviceW
TryEnterCriticalSection
InitializeCriticalSection
ResumeThread
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTime
GetFullPathNameW
GetTempFileNameW
MoveFileExW

user32

OpenClipboard
UnregisterHotKey
RegisterHotKey
GetActiveWindow
CheckMenuRadioItem
SetMenuDefaultItem
IsDialogMessageW
CreateDialogParamW
CreateIconFromResourceEx
CreateIconFromResource
GetMessageExtraInfo
RegisterRawInputDevices
GetLastActivePopup
AttachThreadInput
GetForegroundWindow
GetWindowThreadProcessId
wsprintfW
MessageBoxW
CreateMenu
GetClipboardData
RegisterClipboardFormatW
SetClipboardData
DrawIconEx
MonitorFromRect
WaitMessage
GetUpdateRect
AppendMenuW
CreatePopupMenu
InsertMenuW
UnionRect
MonitorFromPoint
IsMenu
GetMenuItemID
WindowFromPoint
GetCursor
TrackPopupMenuEx
LoadStringW
UpdateLayeredWindow
GetWindowTextLengthW
SetRectEmpty
GetCapture
DrawFocusRect
UpdateWindow
GetDlgCtrlID
RemovePropW
SetPropW
SetRect
GetSysColor
GetPropW
PostMessageW
PostThreadMessageW
EqualRect
TrackMouseEvent
GetAsyncKeyState
GetScrollPos
GetMenuStringW
GetMenuState
GetMenuItemCount
GetRawInputData
GetMessageA
SetCapture
DrawTextW
GetDC
InflateRect
IntersectRect
IsWindowUnicode
DispatchMessageA
ReleaseCapture
IsWindowVisible
SetWindowPlacement
SetTimer
PostQuitMessage
KillTimer
IsZoomed
GetSubMenu
DeleteMenu
GetMenuItemInfoW
GetWindowPlacement
LoadMenuW
DestroyMenu
SetMenuItemInfoW
IsRectEmpty
GetCursorPos
DestroyIcon
FindWindowW
GetFocus
SetDlgItemTextW
CharLowerBuffW
GetKeyboardLayout
MapVirtualKeyExW
GetKeyNameTextW
ClientToScreen
SetCursor
GetDlgItemInt
SetWindowRgn
ScreenToClient
GetWindowDC
MsgWaitForMultipleObjects
SetForegroundWindow
GetParent
SetFocus
PtInRect
SetDlgItemInt
OffsetRect
BringWindowToTop
GetWindowTextW
ReleaseDC
MonitorFromWindow
GetDlgItem
EndDialog
RedrawWindow
ShowWindow
MapWindowPoints
GetMonitorInfoW
MoveWindow
EndPaint
RegisterWindowMessageW
FillRect
BeginPaint
InvalidateRect
CallWindowProcW
GetWindow
IsWindowEnabled
EnableWindow
EnumWindows
SendMessageTimeoutW
DestroyWindow
GetMessageW
CharNextW
TranslateMessage
PeekMessageW
DefWindowProcW
DispatchMessageW
CopyRect
GetClientRect
LoadCursorW
GetClassInfoExW
EmptyClipboard
CloseClipboard
GetKeyState
SendMessageW
LoadIconW
IsWindow
UnregisterClassW
DialogBoxParamW
SetWindowLongW
IsIconic
SetWindowTextW
SetClassLongW
GetWindowLongW
GetWindowRect
FindWindowExW
GetSystemMetrics
SetWindowPos
GetClassNameW
CreateWindowExW
GetDesktopWindow
SystemParametersInfoW
RegisterClassExW

gdi32

DeleteObject
CreateCompatibleBitmap
CreateSolidBrush
BitBlt
DeleteDC
SelectObject
CreateCompatibleDC
StretchDIBits
SetViewportOrgEx
SetStretchBltMode
CreateRectRgn
CreatePen
ExtTextOutW
SetBkColor
CreatePolygonRgn
SetROP2
SetDCPenColor
SetArcDirection
SetBrushOrgEx
Polyline
FillRgn
CreateBitmap
SetBkMode
SetTextColor
EnumFontFamiliesExW
CreateFontIndirectW
LineTo
MoveToEx
RestoreDC
SaveDC
StretchBlt
GetStockObject
GetTextExtentPoint32W
PatBlt
EndDoc
StartDocW
CreateDCW
GetDeviceCaps
StartPage
EndPage
SetWorldTransform
GetWorldTransform
SetGraphicsMode
SelectClipRgn
ExtCreatePen
GetTextExtentPointW
CreateDIBSection
CreatePatternBrush
SetBitmapBits
GetBitmapBits
SetDIBColorTable
GetTextColor
GetObjectW
SetDCBrushColor

comdlg32

GetOpenFileNameW
PageSetupDlgW
GetSaveFileNameW
ChooseColorW

advapi32

RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumValueW
GetUserNameW
RegOpenCurrentUser
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW

shell32

DragFinish
SHGetPathFromIDListW
ShellExecuteW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHChangeNotify
SHFileOperationW
ord2
ord645
SHGetSpecialFolderLocation
ord644
Shell_NotifyIconW
SHBrowseForFolderW
DragQueryFileW
DragAcceptFiles
CommandLineToArgvW
SHGetSettings
SHGetDesktopFolder
ord190
ord155

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
DoDragDrop
CreateStreamOnHGlobal
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString

msvcp120

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0_Locinfo@std@@QAE@HPBD@Z
??1_Locinfo@std@@QAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
??1_Container_base12@std@@QAE@XZ
?_BADOFF@std@@3_JB
?_Xruntime_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?uncaught_exception@std@@YA_NXZ
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
??Bid@locale@std@@QAEIXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?global@locale@std@@SA?AV12@ABV12@@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
StrCmpIW
SHDeleteKeyW

comctl32

ImageList_GetIcon
ImageList_Draw
ImageList_SetImageCount
ImageList_Remove
ImageList_Create
ImageList_GetImageInfo
ImageList_Replace
ImageList_Destroy
InitCommonControlsEx
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_GetIconSize

msimg32

AlphaBlend

msvcr120

??3@YAXPAX@Z
memmove
free
??_V@YAXPAX@Z
_purecall
??2@YAPAXI@Z
wcsncpy
swprintf_s
_recalloc
sprintf
memmove_s
wcsncpy_s
malloc
wcsstr
memcpy_s
?terminate@@YAXXZ
_beginthreadex
wcsncmp
_resetstkoflw
wcscat_s
wcscpy_s
_wtoi
wcstok
ldiv
rand
srand
_time64
_vsnwprintf
_errno
wcschr
towlower
towupper
_wcsnicmp
fputc
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_unlock_file
ungetc
strstr
fgetpos
_fseeki64
fflush
fgetc
fsetpos
setvbuf
_lock_file
fwrite
fclose
strchr
memchr
tolower
_mktime64
_localtime64
_stricmp
_except1
_splitpath_s
_wcsicmp
calloc
wcstoul
isalnum
sscanf
swscanf_s
round
_wcsupr
wcsrchr
_nextafter
_wtof
strncmp
qsort
_localtime64_s
_msize
_endthreadex
rand_s
realloc
sprintf_s
_dtest
modf
__iob_func
atoi
strtok
_wcsdup
fread
ftell
fseek
exit
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
printf
_vswprintf
vfprintf
_snprintf
memcpy
memset
_CxxThrowException
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__CxxFrameHandler3
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_except_handler4_common
__clean_type_info_names_internal
_strdup
__RTDynamicCast
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_log10_precise
_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
ceil
floor
_vswprintf_c_l

crypt32

CryptBinaryToStringW

winmm

mixerGetLineInfoA
mixerClose
waveInPrepareHeader
mixerGetLineInfoW
mixerGetDevCapsW
mixerGetControlDetailsA
mixerSetControlDetails
waveInClose
waveOutPrepareHeader
waveOutGetNumDevs
waveInGetDevCapsA
waveOutOpen
waveOutUnprepareHeader
waveOutGetDevCapsA
waveInGetNumDevs
waveOutSetVolume
waveOutReset
waveOutRestart
waveOutGetVolume
waveOutPause
waveOutWrite
waveOutClose
mixerGetLineControlsW
mixerOpen
waveInStart
waveInUnprepareHeader
mixerGetControlDetailsW
waveInReset
waveInAddBuffer
waveInOpen
mciSendCommandW

gdiplus

GdipGetFamilyName
GdipSetStringFormatLineAlign
GdipGetImagePalette
GdipSetTextRenderingHint
GdipDeleteFont
GdipGetImageGraphicsContext
GdipGetFontCollectionFamilyCount
GdipSetStringFormatAlign
GdipGraphicsClear
GdipDeleteFontFamily
GdipCreateSolidFill
GdipDisposeImageAttributes
GdipCreateFont
GdipRotateWorldTransform
GdipResetWorldTransform
GdipCreateImageAttributes
GdipDrawString
GdipGetImagePaletteSize
GdipTranslateWorldTransform
GdipCreateFontFamilyFromName
GdipGetFontHeight
GdipSetInterpolationMode
GdipFillRectangleI
GdipCloneFontFamily
GdipImageRotateFlip
GdipCreateStringFormat
GdipSetPixelOffsetMode
GdipDeleteStringFormat
GdipCreateFromHWND
GdipNewInstalledFontCollection
GdipDeletePen
GdipSetPenColor
GdipDrawLineI
GdipCreatePen1
GdipGetDC
GdipReleaseDC
GdipDrawLinesI
GdipMeasureString
GdipDrawImagePointRectI
GdipDrawImageI
GdipFillRectangle
GdipDrawRectangleI
GdipSetClipRectI
GdipSetCompositingMode
GdipCreateBitmapFromStream
GdipLoadImageFromFile
GdipCreateBitmapFromResource
GdipSetSmoothingMode
GdipSetImageAttributesColorKeys
GdipCreateBitmapFromHBITMAP
GdipCreateFontFromLogfontW
GdipGetPropertyItem
GdipBitmapUnlockBits
GdipGetPropertyItemSize
GdipBitmapLockBits
GdipSetPropertyItem
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipGetRegionHRgn
GdipScaleWorldTransform
GdipCreateMatrix
GdipGetClip
GdipGetMatrixElements
GdipSaveGraphics
GdipGetClipBoundsI
GdipDeleteRegion
GdipTransformPointsI
GdipGetWorldTransform
GdipCreateRegion
GdipDeleteMatrix
GdipRestoreGraphics
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipCloneBrush
GdipGetFontCollectionFamilyList
GdipDeleteBrush
GdipGetImageRawFormat
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipCloneImage
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipDeleteGraphics
GdipGetImagePixelFormat
GdipGetImageHeight
GdipCloneBitmapAreaI
GdipFree
GdipDrawImageRectRect
GdipCreateHBITMAPFromBitmap

imm32

ImmDisableIME
ImmAssociateContext
ImmGetVirtualKey

Exports

Exports

CreateImageFileMgr
ImageExplorerMain
ImageLoaderMain
ImageUpdateMain
ImageViewerMain

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 786KB - Virtual size: 785KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3586f8a910330ca478e3dec0a77dd93

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

43:07:f7:f0:50:c3:0e:7b:58:3f:c9:b6:3b:51:c2:34Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40Certificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

25:26:f5:a4:ea:fb:4a:29:aa:fc:ba:ef:50:15:ea:62:10:9f:c9:02:c6:43:a6:9b:f0:b8:e6:ff:4e:03:25:acSigner

Signature Validations

Verification

21/06/2017, 09:21 Valid: false

99:a8:92:d1:fe:1f:c7:de:a6:a8:04:14:d3:bb:12:50:4a:57:f0:16Signer

Signature Validations

Verification

21/06/2017, 09:21 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp120

shlwapi

comctl32

msimg32

msvcr120

crypt32

winmm

gdiplus

imm32

Exports

Exports

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 786KB - Virtual size: 785KB

.data Size: 74KB - Virtual size: 319KB

_RDATA Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 216KB - Virtual size: 215KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

43:07:f7:f0:50:c3:0e:7b:58:3f:c9:b6:3b:51:c2:34
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

03:c5:da:82:02:5a:f1:97:fa:1b:9d:63:a6:c8:cf:40
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

25:26:f5:a4:ea:fb:4a:29:aa:fc:ba:ef:50:15:ea:62:10:9f:c9:02:c6:43:a6:9b:f0:b8:e6:ff:4e:03:25:ac
Signer

21/06/2017, 09:21
Valid: false

99:a8:92:d1:fe:1f:c7:de:a6:a8:04:14:d3:bb:12:50:4a:57:f0:16
Signer

21/06/2017, 09:21
Valid: false

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 786KB - Virtual size: 785KB

.data
Size: 74KB - Virtual size: 319KB

_RDATA
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 216KB - Virtual size: 215KB