ProjectTitan[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ProjectTitan.exe
Size

2.1MB
MD5

d009775a971033cb58731149b5d09a28
SHA1

8d37fb57ce338312843deb62869f8caf13ed7006
SHA256

9daafa997f3b498b71ddb6097f53f62dc4cff234c029aad14b44271e0bad2075
SHA512

9cba1b7a8f4c0f6669d2e438c0c0155ea9849826ba17c7a520bf110d79dee9738712a1f8b2553b0d537e09e23df0534b6f2341945f241fa62720f7ef92575410
SSDEEP

49152:6EeZIpEQXiNXKUlyzwYwbAPaxeoBajTrlObY:z6KUlrYnPtoBa5/

Score

1^/10

Malware Config

Signatures

Files

ProjectTitan.exe
.exe windows x86

21d868e0143e0f8afb2c7f8223fc7695

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:85:30:dd:ad:8b:e2:2f:5d:3c:2b:c4:ef:62:7e:7e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/01/2019, 00:00

Not After

08/01/2020, 23:59

Subject

CN=Shenzhen Zhiduo Interactive Technology Co.\, Ltd,OU=IT,O=Shenzhen Zhiduo Interactive Technology Co.\, Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:95:c7:15:b2:de:40:87:3d:fb:ea:c8:7c:a1:a3:a3:0e:cd:33:b0
Signer

Actual PE Digest

09:95:c7:15:b2:de:40:87:3d:fb:ea:c8:7c:a1:a3:a3:0e:cd:33:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

_TrackMouseEvent
ord17

log

?LogPrintf@@YAXPBDZZ
?LogInitialize@@YA_NPB_WI@Z
?LogUninitialize@@YAXXZ
?LogLevel@@3IA

config

?ConfigUninitialize@@YAXXZ
?ConfigInitialize@@YA?AW4ConfigResult@@PB_W@Z

engine

GetEngineInterface

sqlite3

sqlite3_close
sqlite3_exec
sqlite3_open16

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GlobalUnlock
GlobalSize
GetModuleHandleA
MoveFileExW
GetTempPathA
DisconnectNamedPipe
ReadFile
GetOverlappedResult
CancelIo
WriteFile
CreateNamedPipeA
ConnectNamedPipe
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileW
GetFileSize
SetDllDirectoryW
CreateDirectoryW
UnregisterWait
QueueUserAPC
GetPrivateProfileStringA
LocalFree
CreateFileA
WaitForMultipleObjectsEx
CreateProcessA
GetACP
FormatMessageW
RemoveDirectoryW
InitializeCriticalSectionAndSpinCount
RaiseException
IsDebuggerPresent
FreeResource
ExitProcess
CreateFileMappingW
MapViewOfFile
MulDiv
SetFilePointer
GlobalLock
SystemTimeToFileTime
GetFileType
DosDateTimeToFileTime
GlobalAlloc
TerminateThread
InterlockedCompareExchange
GetSystemDirectoryW
CreateDirectoryA
GetPrivateProfileIntA
SetEndOfFile
DeviceIoControl
SleepEx
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
PeekNamedPipe
SetLastError
FormatMessageA
GetFileSizeEx
InterlockedExchangeAdd
ReleaseMutex
GetSystemTimeAsFileTime
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetQueuedCompletionStatus
HeapDestroy
CreateIoCompletionPort
GetEnvironmentVariableA
GetNativeSystemInfo
QueryInformationJobObject
CopyFileW
UnregisterWaitEx
SetWaitableTimer
RegisterWaitForSingleObject
QueueUserWorkItem
WaitForSingleObjectEx
CancelWaitableTimer
CreateWaitableTimerW
GlobalFree
FreeLibrary
LoadLibraryA
HeapSize
DeleteFileW
GetTempPathW
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
SetEvent
CreateThread
ResetEvent
CreateEventA
GetCommandLineW
GetSystemDefaultLCID
lstrcpynW
VirtualAllocEx
SetUnhandledExceptionFilter
TerminateProcess
WaitForMultipleObjects
SearchPathW
CreateEventW
SetErrorMode
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcess
WriteProcessMemory
LoadLibraryW
GetProcAddress
GetLocalTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FindNextFileA
FindFirstFileA
DeleteFileA
GetModuleFileNameA
GetCurrentProcessId
SetCurrentDirectoryW
GetModuleFileNameW
WaitForSingleObject
OpenProcess
Sleep
CreateMutexW
FindClose
FindNextFileW
FindFirstFileW
GetTickCount
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
HeapAlloc
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
OutputDebugStringW
HeapFree
HeapReAlloc
DuplicateHandle
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
GetLastError
GetCurrentDirectoryW
GetVersionExW
GetSystemInfo
GlobalMemoryStatusEx
CreateProcessW
PostQueuedCompletionStatus

user32

SetWindowLongW
ClipCursor
GetKeyState
UnhookWindowsHookEx
PeekMessageW
MsgWaitForMultipleObjects
GetQueueStatus
CallMsgFilterW
MsgWaitForMultipleObjectsEx
GetWindowLongW
GetClientRect
SetWindowsHookExW
wsprintfA
CharPrevW
DrawTextW
SetRect
GetCaretPos
GetWindowTextLengthW
ShowCaret
GetSysColor
CreateCaret
SetCaretPos
CallNextHookEx
HideCaret
GetCaretBlinkTime
GetWindowTextW
FillRect
InvalidateRgn
CreateAcceleratorTableW
GetGUIThreadInfo
SetWindowRgn
GetFocus
GetDC
IsWindowVisible
GetActiveWindow
MapWindowPoints
IsRectEmpty
IntersectRect
CharNextW
GetUpdateRect
WaitMessage
ReleaseDC
UnionRect
OffsetRect
wvsprintfW
GetMessageW
CallWindowProcW
GetWindow
GetPropW
SendMessageW
DispatchMessageW
SetPropW
TranslateMessage
GetClassInfoExW
LoadImageW
SetCursor
UnregisterClassW
GetMonitorInfoW
MonitorFromWindow
PtInRect
IsZoomed
SetWindowTextW
IsIconic
GetForegroundWindow
EnableWindow
BringWindowToTop
UnloadKeyboardLayout
ToUnicodeEx
GetKeyboardState
MapVirtualKeyExW
LoadKeyboardLayoutA
GetKeyboardLayout
GetParent
GetRawInputData
SetCapture
ReleaseCapture
LoadIconW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetFocus
PostMessageA
ChangeDisplaySettingsW
EnumDisplaySettingsW
KillTimer
DestroyWindow
SetTimer
RegisterDeviceNotificationW
RegisterClassW
ActivateKeyboardLayout
EndPaint
BeginPaint
ValidateRect
UnregisterDeviceNotification
SetWindowPos
GetWindowRect
IsWindow
DefWindowProcW
PostQuitMessage
UpdateWindow
ShowWindow
MoveWindow
SystemParametersInfoW
CreateWindowExW
AdjustWindowRectEx
RegisterClassExW
LoadCursorW
GetSystemMetrics
GetClipCursor
ClientToScreen
SetCursorPos
GetCursorPos
ScreenToClient
ShowCursor
PostMessageW
MessageBoxW
SendMessageA
FindWindowExW
wsprintfW
RegisterRawInputDevices
InvalidateRect

gdi32

SetWindowOrgEx
SaveDC
CreateCompatibleBitmap
BitBlt
CreateRoundRectRgn
GetDeviceCaps
GetObjectA
CreateSolidBrush
SetBkMode
SetTextColor
CreatePatternBrush
ExtTextOutW
RoundRect
SetDIBColorTable
RestoreDC
GetTextMetricsW
SetStretchBltMode
SetBkColor
MoveToEx
GetCharABCWidthsW
SelectClipRgn
LineTo
TextOutW
CreateRectRgnIndirect
GetClipBox
GdiFlush
StretchBlt
DeleteObject
CreateDIBSection
CreateFontIndirectW
CreatePenIndirect
CreatePen
ExtSelectClipRgn
GetObjectW
GetStockObject
Rectangle
CreateCompatibleDC
DeleteDC
GetTextExtentPoint32W
SelectObject
CombineRgn

comdlg32

GetOpenFileNameW

advapi32

RegSetValueExW
CryptEncrypt
CryptImportKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey

shell32

DragQueryFileW
SHGetFolderPathA
SHBrowseForFolderW
CommandLineToArgvW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteA
DragAcceptFiles
SHCreateDirectoryExW
Shell_NotifyIconW
DragFinish
SHGetFolderPathW
ShellExecuteW
SHGetMalloc

ole32

CoTaskMemFree
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoInitialize

oleaut32

VariantChangeType
VariantCopy
SysFreeString
SysAllocString
VariantClear
VariantInit

shlwapi

PathFindFileNameW
PathStripPathW
StrToIntW
PathRemoveExtensionW
PathAddExtensionW
PathAddExtensionA
PathRemoveExtensionA
PathFileExistsA
PathAppendA
PathRemoveFileSpecA
PathFindExtensionW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z

gdiplus

GdipSetPixelOffsetMode
GdipFillPath
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipDrawImage
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDrawImageI
GdiplusShutdown
GdipDrawString
GdipSetStringFormatLineAlign
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipSetPathGradientFocusScales
GdipCreateLineBrushI
GdiplusStartup
GdipCreateBitmapFromScan0
GdipGetFontSize
GdipGetFontStyle
GdipDeleteFont
GdipCreateFont
GdipSetSmoothingMode
GdipCreateFontFromLogfontA
GdipGetFamily
GdipGetFamilyName
GdipSetCompositingQuality
GdipDeleteFontFamily
GdipSetStringFormatFlags
GdipCreateFontFamilyFromName
GdipNewInstalledFontCollection
GdipCloneFontFamily
GdipDeleteGraphics
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipSetInterpolationMode
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipCreateFontFromDC
GdipCloneStringFormat
GdipSetStringFormatTrimming
GdipGetPathWorldBounds
GdipLoadImageFromStream
GdipGetPropertyItemSize
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipAddPathString
GdipAddPathArcI
GdipAddPathLineI
GdipResetPath
GdipDeletePath
GdipCreatePath
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipFree
GdipImageGetFrameDimensionsCount
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount

psapi

GetPerformanceInfo
GetProcessMemoryInfo

ws2_32

__WSAFDIsSet
select
WSAEnumNetworkEvents
WSAEventSelect
gethostname
closesocket
WSAStartup
WSACleanup
setsockopt
getsockopt
accept
listen
getpeername
getsockname
bind
connect
recvfrom
WSASetLastError
WSAIoctl
inet_addr
WSAGetLastError
getnameinfo
htons
htonl
ntohs
ntohl
getaddrinfo
freeaddrinfo
socket
ioctlsocket
send
sendto
recv

imm32

ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmSetCompositionFontW

netapi32

Netbios

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

vcruntime140

__std_exception_copy
memmove
strchr
memchr
wcschr
wcsstr
wcsrchr
strstr
__std_terminate
_purecall
_CxxThrowException
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
__CxxFrameHandler3
strrchr
memcpy
memset
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
terminate
_register_onexit_function
_beginthreadex
_errno
_getpid
_invalid_parameter_noinfo
_crt_atexit
_cexit
_controlfp_s
strerror
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_resetstkoflw
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
__sys_nerr
exit
_c_exit
_exit
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
malloc
free
calloc
_recalloc
_callnewh

api-ms-win-crt-convert-l1-1-0

wcstoul
_wtoi
_itow
_ui64toa
_wcstoui64
_ui64tow
_itoa
_ui64toa_s
strtoul
strtol
wcstol
wcstod
_wtof
_wtoi64
_ltoa
atoi
_wtol
strtoll
atof

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64
_localtime64
strftime
_mktime64
_difftime64
_gmtime64
_localtime64_s

api-ms-win-crt-stdio-l1-1-0

_write
_wfopen
__stdio_common_vsnwprintf_s
__stdio_common_vfprintf
__stdio_common_vswscanf
fwrite
__stdio_common_vsnprintf_s
fread
feof
fclose
ftell
fseek
_ftelli64
fopen
__acrt_iob_func
ferror
__stdio_common_vsscanf
__p__commode
__stdio_common_vsprintf
__stdio_common_vswprintf_s
__stdio_common_vswprintf
fputc
_read
fgets
fputs
__stdio_common_vsprintf_s
_close
_open
_lseeki64
_set_fmode
fflush

api-ms-win-crt-string-l1-1-0

wcsncmp
toupper
_strdup
isspace
tolower
_wcsnicmp
_wcslwr
strncpy
wcsncpy
isdigit
wcscat_s
wcscpy_s
wcsncpy_s
strpbrk
strncmp
_strnset_s
strncpy_s
isupper
_stricmp
strspn
isprint
isalnum
strcspn
_wcsicmp
wmemcpy_s
wcsnlen
strnlen
iswalnum

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-environment-l1-1-0

_putenv
getenv

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk
_mbsncmp
_mbsnbcpy
_mbschr
_mbsrchr

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_access

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr
_libm_sse2_acos_precise
_libm_sse2_exp_precise
_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_sqrt_precise
ceil
floor

wldap32

ord143
ord217
ord46
ord211
ord60
ord45
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord50
ord26
ord22
ord41
ord27

crypt32

CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CertFreeCertificateChain
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryA
CertGetCertificateChain
CertFreeCertificateChainEngine

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21d868e0143e0f8afb2c7f8223fc7695

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5e:85:30:dd:ad:8b:e2:2f:5d:3c:2b:c4:ef:62:7e:7eCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

09:95:c7:15:b2:de:40:87:3d:fb:ea:c8:7c:a1:a3:a3:0e:cd:33:b0Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

log

config

engine

sqlite3

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

gdiplus

psapi

ws2_32

imm32

netapi32

winmm

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

wldap32

crypt32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 407KB - Virtual size: 407KB

.data Size: 33KB - Virtual size: 47KB

.gfids Size: 512B - Virtual size: 108B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 198KB - Virtual size: 197KB

.reloc Size: 83KB - Virtual size: 83KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5e:85:30:dd:ad:8b:e2:2f:5d:3c:2b:c4:ef:62:7e:7e
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

09:95:c7:15:b2:de:40:87:3d:fb:ea:c8:7c:a1:a3:a3:0e:cd:33:b0
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 407KB - Virtual size: 407KB

.data
Size: 33KB - Virtual size: 47KB

.gfids
Size: 512B - Virtual size: 108B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 198KB - Virtual size: 197KB

.reloc
Size: 83KB - Virtual size: 83KB