blastn_2[.]8[.]1_windows_x86_64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

blastn_2.8.1_windows_x86_64.exe
Size

16.4MB
MD5

b2526d2a6b77473e80fccdd384779890
SHA1

e4eb4a897fbd19ff7e42b51faef5a0e3f2311459
SHA256

b08b2e8986a349471a726cedf523b9fdb48066f4a49b20b6e20edea32d5cef2b
SHA512

b80e31df771cae007473f8c69de5e71cf6e6c02fe9678ee492a77f619f5ed95c4acc951eb13a23c6bfd2bca2715768e19f639809ab1c2902e3dd622f0bbe55e6
SSDEEP

196608:Q+tU9ObINkMx6vl6eNm1hrn/bz6EMDZ42L4:Q+2iIcgwmvPz6EaZ4P

Score

1^/10

Malware Config

Signatures

Files

blastn_2.8.1_windows_x86_64.exe
.exe windows x64

8c1174c69ed10b49cb1c470b8cc64436

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

72:33:9f:7f:32:97:46:24:71:b4:47:67:23:08:62:f8
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/01/2019, 00:00

Not After

02/01/2021, 23:59

Subject

CN=Grid Republic (COMPUTATIONAL CHARITY PROJECT INC),O=Grid Republic (COMPUTATIONAL CHARITY PROJECT INC),POSTALCODE=02139,STREET=42 Maple Ave #3,L=Cambridge,ST=MA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:3e:d7:10:86:5f:39:50:02:cc:d4:73:b3:cc:5c:eb:b7:92:56:48
Signer

Actual PE Digest

8f:3e:d7:10:86:5f:39:50:02:cc:d4:73:b3:cc:5c:eb:b7:92:56:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IEAAXPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?id@?$ctype@D@std@@2V0locale@2@A
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
?bad@ios_base@std@@QEBA_NXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?setf@ios_base@std@@QEAAHH@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?readsome@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_JPEAD_J@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PEAV32@@Z
?sgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEAD_J@Z
?pubsync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?in_avail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JXZ
?pubseekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?register_callback@ios_base@std@@QEAAXP6AXW4event@12@AEAV12@H@ZH@Z
?_Syserror_map@std@@YAPEBDH@Z
?pword@ios_base@std@@QEAAAEAPEAXH@Z
?xalloc@ios_base@std@@SAHXZ
?exceptions@ios_base@std@@QEAAXH@Z
?exceptions@ios_base@std@@QEBAHXZ
?putback@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@AEAD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_JD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?sungetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?unsetf@ios_base@std@@QEAAXH@Z
?rdstate@ios_base@std@@QEBAHXZ
??7ios_base@std@@QEBA_NXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?sync_with_stdio@ios_base@std@@SA_N_N@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_broadcast
_Cnd_timedwait
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Cnd_wait
_Cnd_destroy_in_situ
?iword@ios_base@std@@QEAAAEAJH@Z
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_current_owns
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?resetiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?pubseekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?flags@ios_base@std@@QEAAHH@Z
?fail@ios_base@std@@QEBA_NXZ
?eof@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ

vcruntime140

_purecall
__RTtypeid
__std_terminate
memmove
__std_type_info_compare
_CxxThrowException
__CxxFrameHandler3
memcmp
memcpy
memset
__std_exception_copy
__std_exception_destroy
__vcrt_InitializeCriticalSectionEx
__C_specific_handler
__std_type_info_name
memchr
strchr
strrchr
__RTDynamicCast
strstr

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
strerror_s
exit
_invalid_parameter_noinfo_noreturn
strerror
terminate
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_initialize_narrow_environment
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
_exit
abort
_set_error_mode

api-ms-win-crt-heap-l1-1-0

realloc
calloc
malloc
free
_aligned_malloc
_aligned_free
_set_new_mode
_callnewh

api-ms-win-crt-environment-l1-1-0

_putenv
getenv
__p__environ

api-ms-win-crt-stdio-l1-1-0

fclose
fflush
fgetc
fgetpos
fputc
fsetpos
_fseeki64
fwrite
_set_fmode
__p__commode
__stdio_common_vsnprintf_s
fseek
_close
fread
ferror
setvbuf
_lseek
_write
_sopen_dispatch
__stdio_common_vsscanf
__acrt_iob_func
_fileno
__stdio_common_vsprintf
fgets
__stdio_common_vfprintf
_setmode
_get_stream_buffer_pointers
_creat
fopen
_getcwd
ungetc

api-ms-win-crt-filesystem-l1-1-0

_stat64
rename
remove
_unlink
_mkdir
_chmod
_rmdir
_unlock_file
_lock_file

api-ms-win-crt-string-l1-1-0

strncat
strtok
_stricmp
strcspn
isgraph
strpbrk
tolower
toupper
iscntrl
isprint
isalnum
ispunct
isspace
isxdigit
isdigit
islower
isupper
isalpha
strncpy
_strnicmp
strspn
strcmp
strncmp
_strdup

api-ms-win-crt-time-l1-1-0

_time64
__daylight
__dstbias
__timezone
_gmtime64
_localtime64
_mktime64
_difftime64

api-ms-win-crt-math-l1-1-0

acos
__setusermatherr
sin
pow
sqrt
exp
ldexp
log10
ceil
log
_finite
_dtest
floor

api-ms-win-crt-convert-l1-1-0

strtod
atof
_ultoa
strtol
strtoul
atoi

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand
_swab

kernel32

IsProcessorFeaturePresent
UnhandledExceptionFilter
AcquireSRWLockExclusive
RtlVirtualUnwind
ReleaseSRWLockExclusive
InitializeSRWLock
GetLastError
RtlLookupFunctionEntry
CloseHandle
TlsSetValue
InitializeSListHead
TlsAlloc
GetModuleHandleW
CreateEventW
FormatMessageA
LocalFree
TlsGetValue
ReleaseMutex
WaitForSingleObject
CreateMutexA
SwitchToThread
GetStdHandle
CreateFileA
ReadFile
WriteFile
GetConsoleMode
SetConsoleMode
GetCurrentProcess
GetModuleFileNameA
RtlCaptureContext
GetCurrentProcessId
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
TerminateProcess
OpenProcess
GetProcAddress
IsDebuggerPresent
SetUnhandledExceptionFilter
SetErrorMode
Sleep
GlobalMemoryStatusEx
GetSystemInfo
DuplicateHandle
CreateThread
SetThreadPriority
GetExitCodeThread
ResumeThread
TlsFree
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetFileAttributesA
GetFileAttributesExA
GetFileSize
LockFileEx
SetEndOfFile
SetFileAttributesA
SetFileTime
SetLastError
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
CopyFileA
MoveFileExA
GetVolumeInformationA
CreateFileW
GetFileInformationByHandle
LockFile
SetFilePointer
UnlockFile
GetVersion
FileTimeToSystemTime
GetSystemDirectoryA
MapViewOfFileEx
OpenMutexA
GetSystemTimeAsFileTime
ResetEvent
GetWindowsDirectoryA
FreeLibrary
LoadLibraryA
LocalAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
SetHandleInformation
WaitForMultipleObjects
MultiByteToWideChar
GetSystemTime
DeleteCriticalSection
SetEvent
GetCurrentThreadId

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
SetNamedSecurityInfoA
GetNamedSecurityInfoA
GetUserNameA
LookupAccountNameA
LookupAccountSidA
GetFileSecurityA
RevertToSelf
ImpersonateSelf
GetSidSubAuthorityCount
GetSidSubAuthority
AccessCheck
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken

dbghelp

SymInitialize
SymGetLineFromAddr64
SymGetModuleBase64
SymGetModuleInfo64
SymGetSymFromAddr64
SymCleanup
SymGetOptions
SymSetOptions
StackWalk64
UnDecorateSymbolName
SymLoadModule64
SymFunctionTableAccess64

ws2_32

connect
ioctlsocket
getpeername
getsockname
getsockopt
htonl
htons
inet_addr
ntohl
ntohs
recv
WSACreateEvent
send
setsockopt
WSAEventSelect
closesocket
WSACloseEvent
WSAResetEvent
WSASetEvent
socket
gethostbyaddr
gethostbyname
gethostname
WSAGetLastError
WSAStartup
WSAEnumNetworkEvents

Sections

.text
Size: 8.7MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 542KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c1174c69ed10b49cb1c470b8cc64436

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

72:33:9f:7f:32:97:46:24:71:b4:47:67:23:08:62:f8Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

8f:3e:d7:10:86:5f:39:50:02:cc:d4:73:b3:cc:5c:eb:b7:92:56:48Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

kernel32

advapi32

dbghelp

ws2_32

Sections

.text Size: 8.7MB - Virtual size: 8.6MB

.rdata Size: 6.6MB - Virtual size: 6.6MB

.data Size: 542KB - Virtual size: 724KB

.pdata Size: 439KB - Virtual size: 439KB

.tls Size: 1KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 56B

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 142KB - Virtual size: 142KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

72:33:9f:7f:32:97:46:24:71:b4:47:67:23:08:62:f8
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

8f:3e:d7:10:86:5f:39:50:02:cc:d4:73:b3:cc:5c:eb:b7:92:56:48
Signer

.text
Size: 8.7MB - Virtual size: 8.6MB

.rdata
Size: 6.6MB - Virtual size: 6.6MB

.data
Size: 542KB - Virtual size: 724KB

.pdata
Size: 439KB - Virtual size: 439KB

.tls
Size: 1KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 56B

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 142KB - Virtual size: 142KB