a5191663bd67cf25ca0962811fc8700aec1a3889c269ae2242c783b318b68490

Sharing

Copy URL Twitter E-mail

General

Target

a5191663bd67cf25ca0962811fc8700aec1a3889c269ae2242c783b318b68490
Size

7.8MB
MD5

c89290c2ecfc594ac07385d81fe5e72c
SHA1

6259fff7f4464836b5c065d80c4cc1872b448fcf
SHA256

a5191663bd67cf25ca0962811fc8700aec1a3889c269ae2242c783b318b68490
SHA512

21b7528b4dd87b9780ca199d2bc62fa8d7bd17edc9af5a36871b9c1b741b7064b96deb1ffa87f351c38e854a211e3db9b2e4c36252636a52c6e5edf12d4b5ca1
SSDEEP

196608:PfgNGIRtcKtTReTRIq7ZwG5eWWi/zio/ibL:uG6cZDwWrX/k

Score

1^/10

Malware Config

Signatures

Files

a5191663bd67cf25ca0962811fc8700aec1a3889c269ae2242c783b318b68490
.exe windows x86

5ad64a6985638c8c394052f7219b89a5

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:a4:93:92:7a:e2:3a:9e:2f:31:78:82:3e:ba:a2:fe:1d:cd:0e:92:09:1f:07:ca:4c:49:6e:91:f7:1e:a6:69
Signer

Actual PE Digest

22:a4:93:92:7a:e2:3a:9e:2f:31:78:82:3e:ba:a2:fe:1d:cd:0e:92:09:1f:07:ca:4c:49:6e:91:f7:1e:a6:69

Digest Algorithm

sha256

PE Digest Matches

false

00:58:8c:7e:3e:cd:37:4f:cc:77:2a:1f:3c:8f:5d:7a:50:03:22:39
Signer

Actual PE Digest

00:58:8c:7e:3e:cd:37:4f:cc:77:2a:1f:3c:8f:5d:7a:50:03:22:39

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
GetModuleFileNameExA

ws2_32

WSAEventSelect
WSAWaitForMultipleEvents
WSACreateEvent
recvfrom
WSAStartup
WSACleanup
sendto
WSAJoinLeaf
inet_addr
bind
htons
WSASocketW
ioctlsocket
setsockopt
send
WSAGetLastError
recv
select
freeaddrinfo
closesocket
connect
socket
getaddrinfo
WSAEnumNetworkEvents
htonl
ntohs
ntohl
inet_ntoa
shutdown
gethostname
WSASetLastError
getsockopt
getsockname
__WSAFDIsSet
accept
gethostbyname
listen
getpeername

imm32

ImmDisableIME

kernel32

UnhandledExceptionFilter
GetModuleHandleW
GetCurrentProcess
DeviceIoControl
GetDiskFreeSpaceExW
GetLogicalDrives
GetDriveTypeW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetExitCodeProcess
OpenProcess
TerminateProcess
DeleteFileW
GetSystemInfo
GlobalMemoryStatusEx
OutputDebugStringW
GetModuleFileNameW
GetCommandLineW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetFileSize
ReadFile
SetFilePointer
GetFileAttributesExA
DeleteFileA
GetLocaleInfoW
GetEnvironmentVariableW
GetLocalTime
GetFileAttributesExW
GetTickCount
InterlockedExchangeAdd
MoveFileW
GetCurrentThreadId
WriteFile
FormatMessageW
GetVersion
GetFileAttributesW
FindFirstFileW
RemoveDirectoryW
MoveFileExW
FindNextFileW
FindClose
CopyFileW
VirtualAlloc
VirtualFree
ExpandEnvironmentStringsW
GetLongPathNameW
CreateDirectoryW
lstrcmpW
SystemTimeToFileTime
GetCurrentDirectoryW
FileTimeToSystemTime
VirtualProtect
WriteProcessMemory
GetCurrentProcessId
SetErrorMode
InitializeCriticalSection
SearchPathW
WaitForMultipleObjects
SetUnhandledExceptionFilter
VirtualAllocEx
lstrcpynW
GetACP
FreeResource
GetVersionExW
GetWindowsDirectoryW
CreatePipe
SetHandleInformation
PeekNamedPipe
LoadLibraryExW
RaiseException
DecodePointer
SetLastError
lstrcmpiW
ResetEvent
lstrlenW
GetTempFileNameW
GetComputerNameW
SetCurrentDirectoryW
GetTempPathW
IsDBCSLeadByte
GlobalFree
LoadLibraryA
TryEnterCriticalSection
TlsSetValue
GetQueuedCompletionStatus
PostQueuedCompletionStatus
TlsAlloc
TlsGetValue
TlsFree
CreateIoCompletionPort
IsDebuggerPresent
GetSystemDefaultLangID
SwitchToThread
VirtualQuery
IsBadReadPtr
IsBadWritePtr
GetVersionExA
SetEndOfFile
CreateFileA
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetStdHandle
DuplicateHandle
GetCPInfo
SleepEx
FormatMessageA
GetFileType
ExpandEnvironmentStringsA
GetSystemTime
FindFirstFileExW
SetFilePointerEx
AreFileApisANSI
GetStringTypeW
QueueUserWorkItem
IsProcessorFeaturePresent
EncodePointer
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
LoadLibraryExA
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
UnmapViewOfFile
ReleaseSemaphore
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
ResumeThread
GetModuleHandleExW
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
GetFullPathNameA
SetEnvironmentVariableA
ExitProcess
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GlobalLock
GlobalAlloc
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
HeapCreate
GetDiskFreeSpaceW
SetThreadContext
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
HeapCompact
UnlockFile
MapViewOfFile
CreateFileMappingW
WaitForSingleObjectEx
SetEvent
CreateEventW
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
InterlockedExchange
InterlockedCompareExchange
CreateProcessW
GetProcessHeap
CreateFileMappingA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
GetLastError
OpenMutexW
CreateFileW
LocalFree
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
WideCharToMultiByte
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringA
WriteConsoleW
GetThreadContext
LockFileEx

user32

ReleaseCapture
GetDlgCtrlID
ShowScrollBar
SetCapture
SetTimer
IsWindowVisible
UpdateWindow
EndPaint
PostThreadMessageW
LoadIconW
SetCursor
PtInRect
FlashWindow
LoadImageW
CopyImage
EqualRect
DrawFrameControl
DrawTextW
DrawIconEx
TrackPopupMenu
DrawEdge
MessageBoxW
BeginPaint
GetSystemMenu
SetWindowTextW
GetKeyState
CallWindowProcW
GetWindowTextW
GetWindowTextLengthW
SendMessageTimeoutW
PostQuitMessage
KillTimer
GetQueueStatus
GetActiveWindow
MsgWaitForMultipleObjects
FrameRect
OffsetRect
InflateRect
SetRect
CopyRect
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
FillRect
CharNextW
UnregisterClassW
LoadStringW
MsgWaitForMultipleObjectsEx
WaitMessage
IsWindow
SetWindowRgn
GetDlgItem
GetParent
GetWindow
SetActiveWindow
EnableWindow
IsWindowEnabled
ShowWindow
InvalidateRect
GetWindowDC
MapWindowPoints
ClientToScreen
GetClientRect
GetWindowRect
SetWindowPos
MoveWindow
SendMessageW
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetDesktopWindow
GetSystemMetrics
EnumDisplayDevicesW
wsprintfW
GetMonitorInfoW
MonitorFromWindow
FindWindowW
DefWindowProcW
GetSysColor
DestroyWindow
ReleaseDC
GetDC
PostMessageW
PeekMessageW

gdi32

SelectObject
CreateFontIndirectW
GetDeviceCaps
GetTextMetricsW
DeleteObject
StretchBlt
GetCurrentObject
RectInRegion
SaveDC
RestoreDC
GetClipRgn
SelectClipRgn
RoundRect
TextOutW
SetBkMode
GetTextExtentPoint32W
LineTo
MoveToEx
CreateSolidBrush
SetRectRgn
OffsetRgn
Rectangle
ExtSelectClipRgn
CreateRectRgnIndirect
CreatePen
SetTextColor
CreateBitmap
CombineRgn
CreateRectRgn
ExtTextOutW
SetBkColor
CreateDIBSection
GetObjectW
GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

QueryServiceStatusEx
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
OpenProcessToken
GetTokenInformation
LookupPrivilegeNameW
LookupPrivilegeValueW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExA
RegEnumKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
CloseServiceHandle
ControlService
OpenServiceW
OpenSCManagerW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
AdjustTokenPrivileges

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHFileOperationW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathA
ShellExecuteExW

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

SysFreeString
SysAllocString
SysStringLen
OleLoadPicture
VarUI4FromStr

shlwapi

StrStrIA
StrCpyW
StrCmpW
PathAppendW
StrToIntA
PathFindFileNameW
SHDeleteKeyW
SHGetValueW
PathIsDirectoryW
PathAddBackslashW
PathFileExistsW
PathRemoveFileSpecW
StrStrIW
wnsprintfW

imagehlp

UnMapAndLoad
MapAndLoad

d3d9

Direct3DCreate9

wininet

HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
DeleteUrlCacheEntryW
InternetCreateUrlW
InternetReadFile
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCloseHandle

winmm

timeSetEvent
timeKillEvent

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipCloneImage
GdipCreateBitmapFromStream
GdipAlloc
GdipDisposeImage
GdipLoadImageFromStream
GdipDrawImageI
GdipGetImageWidth
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipDrawImageRectRectI
GdiplusStartup
GdipGetImageHeight
GdipCreateHBITMAPFromBitmap
GdiplusShutdown
GdipFree

urlmon

URLDownloadToFileW

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpOpen
WinHttpCloseHandle
WinHttpSetTimeouts

iphlpapi

IcmpCloseHandle
IcmpCreateFile
GetIpForwardTable
IcmpSendEcho

netapi32

NetWkstaTransportEnum
NetApiBufferFree
Netbios

wldap32

ord211
ord60
ord50
ord41
ord22
ord26
ord46
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord27
ord143

Exports

Exports

??4BeaconClient@@QAEAAV0@$$QAV0@@Z
??4BeaconClient@@QAEAAV0@ABV0@@Z
?GetCommParamGetter@BeaconClient@@SAABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@@std@@@2@@std@@XZ
?GetCommcomParams@BeaconClient@@SAABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@XZ
?GetConfig@BeaconClient@@SAABUBeaconConfig@@XZ
?InitSDK@BeaconClient@@SAXABUBeaconConfig@@@Z
?PrepareParams@BeaconClient@@SA?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@ABV23@_J@Z
?Quit@BeaconClient@@SAXXZ
?Report@BeaconClient@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@3@W4RequestPriority@Beacon@@@Z
?SetCommParamGetter@BeaconClient@@SAXABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$function@$$A6A?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ@2@@std@@@2@@std@@@Z
?SetCommonParams@BeaconClient@@SAXABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@@Z
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 676KB - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ad64a6985638c8c394052f7219b89a5

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

22:a4:93:92:7a:e2:3a:9e:2f:31:78:82:3e:ba:a2:fe:1d:cd:0e:92:09:1f:07:ca:4c:49:6e:91:f7:1e:a6:69Signer

00:58:8c:7e:3e:cd:37:4f:cc:77:2a:1f:3c:8f:5d:7a:50:03:22:39Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

psapi

ws2_32

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

imagehlp

d3d9

wininet

winmm

comctl32

gdiplus

urlmon

winhttp

iphlpapi

netapi32

wldap32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 676KB - Virtual size: 675KB

.data Size: 43KB - Virtual size: 57KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 21B

.QMGuid Size: 512B - Virtual size: 52B

.rsrc Size: 4.0MB - Virtual size: 4.0MB

.tvm0 Size: 51KB - Virtual size: 52KB

.reloc Size: 145KB - Virtual size: 148KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

22:a4:93:92:7a:e2:3a:9e:2f:31:78:82:3e:ba:a2:fe:1d:cd:0e:92:09:1f:07:ca:4c:49:6e:91:f7:1e:a6:69
Signer

00:58:8c:7e:3e:cd:37:4f:cc:77:2a:1f:3c:8f:5d:7a:50:03:22:39
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 676KB - Virtual size: 675KB

.data
Size: 43KB - Virtual size: 57KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 21B

.QMGuid
Size: 512B - Virtual size: 52B

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

.tvm0
Size: 51KB - Virtual size: 52KB

.reloc
Size: 145KB - Virtual size: 148KB