71fba0122b668a7b3a96490dd495f47bc011dc6f11f6b5fb8b00c778bae6814c

Sharing

Copy URL Twitter E-mail

General

Target

71fba0122b668a7b3a96490dd495f47bc011dc6f11f6b5fb8b00c778bae6814c
Size

6.3MB
MD5

a48fe8e4f09a9bfe56d8a55602d3b5e3
SHA1

05cc21b6320dea1f30579483b2c73ddbefe5bcee
SHA256

71fba0122b668a7b3a96490dd495f47bc011dc6f11f6b5fb8b00c778bae6814c
SHA512

32394db169b2575ca4e1e564ede61b120a98a4565362dcd947d21906e68ae3fbf55caea70f167aa255c5f990a3ce009f301290d2f423330e12b530bfad374f95
SSDEEP

196608:6d5uRwO1B+3r60i7q8nG9KWiaUgZdI7tS+WKJGN:auRw7WLdn0KWiaUYIZ8KA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

71fba0122b668a7b3a96490dd495f47bc011dc6f11f6b5fb8b00c778bae6814c
.exe windows x86

2163d4e55f552ab8f1f3ada81989aa69

Code Sign

4c:2b:e5:47:98:7b:54:5d:b6:68:7d:8b:57:a2:0e:83
Certificate

Issuer

CN=GDA,OU=www.gda.wiki,O=GDA,1.2.840.113549.1.9.1=#0c11676a64656e406f75746c6f6f6b2e636f6d

Not Before

19/02/2021, 08:07

Not After

31/12/2039, 23:59

Subject

CN=GDA,OU=www.gda.wiki,O=GDA,1.2.840.113549.1.9.1=#0c11676a64656e406f75746c6f6f6b2e636f6d

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:2b:29:37:59:81:06:27:8a:b7:c9:91:bb:0b:12:24:08:ae:dd:86
Signer

Actual PE Digest

36:2b:29:37:59:81:06:27:8a:b7:c9:91:bb:0b:12:24:08:ae:dd:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2754
ord6172
ord3803
ord1848
ord4243
ord6696
ord3301
ord2862
ord6762
ord3293
ord2582
ord6215
ord3996
ord4299
ord3797
ord1795
ord2575
ord3574
ord4396
ord609
ord6197
ord3874
ord3752
ord6377
ord1929
ord2827
ord1949
ord6442
ord6283
ord6379
ord6605
ord6170
ord5788
ord472
ord5787
ord4200
ord1941
ord3398
ord3733
ord810
ord4271
ord3706
ord3297
ord3296
ord5781
ord2971
ord1768
ord6282
ord4160
ord3499
ord2515
ord355
ord1200
ord4204
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord3028
ord950
ord807
ord809
ord686
ord2621
ord1134
ord1205
ord4220
ord2584
ord3654
ord2438
ord4402
ord693
ord2725
ord589
ord826
ord260
ord824
ord593
ord324
ord2299
ord2302
ord2642
ord6199
ord3092
ord6334
ord665
ord1979
ord5442
ord3318
ord5186
ord354
ord3089
ord4476
ord6270
ord1644
ord3754
ord3763
ord6927
ord6134
ord5937
ord3061
ord3370
ord3640
ord2340
ord6007
ord3998
ord2513
ord293
ord3286
ord4130
ord3914
ord663
ord348
ord1105
ord2086
ord6907
ord2587
ord4406
ord3394
ord3729
ord804
ord6785
ord4224
ord6905
ord5981
ord3302
ord384
ord2096
ord3305
ord3311
ord3011
ord3319
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord4234
ord6888
ord5890
ord2937
ord3097
ord5953
ord2370
ord2639
ord4287
ord6675
ord1158
ord6453
ord6358
ord1088
ord2122
ord556
ord6241
ord554
ord2645
ord4163
ord6625
ord2453
ord2078
ord1087
ord5655
ord6655
ord6146
ord4203
ord2919
ord2863
ord6904
ord3283
ord6223
ord6136
ord3771
ord3767
ord4774
ord2935
ord2516
ord360
ord816
ord562
ord1269
ord3708
ord781
ord6129
ord4133
ord4297
ord3329
ord6128
ord4132
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord540
ord1576
ord2614
ord941
ord858
ord4278
ord6662
ord535
ord5683
ord4129
ord2764
ord825
ord823
ord1802
ord4275
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord4219
ord2581
ord2385
ord5290
ord5277
ord3402
ord3639
ord3619
ord3693
ord3626
ord3663
ord1771
ord6366
ord2413
ord2024
ord6055
ord4078
ord1776
ord4401
ord5241
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord692
ord616
ord818
ord1641
ord2860
ord567
ord2414
ord795
ord537
ord1146
ord1168
ord800
ord3317
ord2452
ord3571
ord2450
ord1847
ord470
ord755
ord3721
ord2116
ord4284
ord2071
ord3303
ord4125
ord3287
ord4202
ord5710
ord6930
ord641
ord3597
ord4425
ord5280
ord1775
ord6052
ord4710
ord4998
ord4853
ord4376
ord5265
ord2514
ord356
ord2770
ord2781
ord4058
ord3178
ord3181
ord1980
ord668
ord940
ord2763
ord6008
ord4000
ord6663
ord6778
ord543
ord803
ord3584
ord289
ord613
ord656
ord4407
ord3610
ord1829
ord6394
ord5834
ord6383
ord5440
ord5450
ord3903
ord2915
ord5572
ord2841
ord6929
ord6876
ord2107
ord2044
ord6648
ord6779
ord6874
ord924
ord5856
ord939
ord926
ord2818
ord2448
ord6877
ord922
ord860
ord2859
ord6242
ord2864
ord6880
ord2379
ord323
ord1640
ord5785
ord283
ord5875
ord5789
ord2405
ord640
ord3573

msvcrt

fwrite
sscanf
strncmp
memmove
tolower
_pctype
__mb_cur_max
_isctype
qsort
_errno
_setmode
fgets
abort
wcsstr
strcmp
strtoul
gmtime
_ftol
_strnicmp
_fileno
_getch
toupper
_purecall
_setmbcp
strspn
strtol
_mbscmp
fopen
fseek
ftell
fclose
fread
realloc
_vsnprintf
_snprintf
strncpy
malloc
free
atoi
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
time
srand
rand
_mbsstr
_mbsnbcpy
isdigit
strtok
strrchr
islower
isupper
isspace
_mbslen
rewind
longjmp
signal
mbstowcs
wcstombs
isxdigit
calloc
exit
?what@exception@@UBEPBDXZ
getenv
fputs
scanf
freopen
_open_osfhandle
_fdopen
_stricmp
fprintf
printf
vfprintf
strchr
isprint
memchr
wcslen
sprintf
_mbsicmp
isgraph
rename
fflush
strstr
??0exception@@QAE@ABV0@@Z
__p__fmode
__set_app_type
_itoa
_iob
_stat
__CxxFrameHandler
isalnum
_mbsnbicmp
_except_handler3
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_controlfp

kernel32

GetVersion
GetFileType
GlobalMemoryStatus
QueryPerformanceCounter
GetVersionExA
FlushConsoleInputBuffer
SetLastError
VirtualAlloc
VirtualFree
VirtualQuery
WriteFile
GetLocalTime
GetFileInformationByHandle
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
GetCurrentProcessId
ReleaseMutex
CreateMutexA
lstrcpyA
SetCurrentDirectoryA
VirtualProtect
InterlockedDecrement
GetExitCodeThread
GetCurrentThreadId
GetLastError
FreeLibrary
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentDirectoryA
PulseEvent
GetTickCount
LocalFree
FreeConsole
InterlockedIncrement
GetVolumeInformationA
WideCharToMultiByte
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFileAttributesA
CreateFileA
SetFileTime
FindFirstFileA
GetSystemDirectoryA
GetConsoleWindow
SetConsoleTextAttribute
AllocConsole
GetStdHandle
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
GetPrivateProfileStringA
MulDiv
GetSystemInfo
GetPrivateProfileIntA
GetSystemTime
lstrcpynA
WritePrivateProfileStringA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
GetTempPathA
DeleteFileA
CreateDirectoryA
CopyFileA
GetFileAttributesA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
IsBadReadPtr
lstrlenA
SetEvent
PeekNamedPipe
ReadFile
GetExitCodeProcess
Sleep
TerminateProcess
WaitForSingleObject
CreatePipe
GetStartupInfoA
CreateProcessA
CloseHandle
CreateThread
CreateEventA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow
ShowWindow
CloseWindow
DestroyWindow
GetProcessWindowStation
GetUserObjectInformationW
SetWindowPos
CreateWindowExA
DefWindowProcA
RegisterClassExA
wsprintfA
GrayStringA
DrawTextA
TabbedTextOutA
LoadMenuA
GetMenuItemID
SetMenuItemBitmaps
SetWindowRgn
GetWindowDC
FindWindowA
MonitorFromWindow
GetClipboardData
LoadIconA
IsMenu
SetCursor
IsIconic
DrawIcon
SetWindowsHookExA
CreateMenu
GetMenuItemInfoA
DeleteMenu
CheckMenuItem
GetSubMenu
GetMenuStringA
GetMenuItemCount
RemoveMenu
InsertMenuA
LoadBitmapA
GetCapture
GetClassLongA
SetClassLongA
GetWindowLongA
SetWindowLongA
GetDlgCtrlID
GetMessagePos
GetMessageA
TranslateMessage
DispatchMessageA
SetActiveWindow
UpdateWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetParent
ClientToScreen
HideCaret
SystemParametersInfoA
IsZoomed
LockWindowUpdate
EqualRect
GetUpdateRect
CreatePopupMenu
AppendMenuA
GetFocus
PostMessageA
SetMenuInfo
MessageBoxA
GetWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
LoadCursorA
IsWindowVisible
GetScrollBarInfo
GetSysColor
GetDC
ReleaseDC
GetKeyState
RedrawWindow
GetSystemMetrics
LoadImageA
DestroyIcon
CopyRect
OffsetRect
IsWindow
GetCursorPos
ScreenToClient
PtInRect
GetWindowRect
InflateRect
GetParent
InvalidateRect
GetClientRect
FillRect
DrawIconEx
SendMessageA
EnableWindow
SetForegroundWindow
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetDeviceCaps
CreateRectRgnIndirect
Rectangle
SelectObject
StretchBlt
DeleteObject
GetTextExtentPoint32A
GetObjectA
CreateCompatibleDC
CreateFontA
CreateCompatibleBitmap
BitBlt
CreateFontIndirectA
GetStockObject
CreatePen
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateRectRgn
Ellipse
Polygon
GetTextMetricsA
DeleteDC
RoundRect
CreateSolidBrush
CreateDCA

advapi32

RegQueryValueExA
CryptDestroyHash
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegOpenKeyA
RegSetValueA
RegCreateKeyA
CryptDestroyKey
CryptExportKey
CryptReleaseContext

shell32

SHFileOperationA
SHChangeNotify
SHGetFileInfoA
StrStrIA
SHGetSpecialFolderLocation
DragQueryFileA
DragFinish
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_ReplaceIcon

ole32

CreateStreamOnHGlobal
CoInitialize
OleCreateStaticFromData
OleDuplicateData
ReleaseStgMedium
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject

gdiplus

GdipFillRectangle
GdipAddPathEllipseI
GdipDrawImageRect
GdipAddPathPieI
GdipSetLineColors
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipAddPathEllipse
GdipGetPathGradientPointCount
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCloneBitmapAreaI
GdipDeletePen
GdipCreatePen1
GdipSetPenColor
GdipDrawArcI
GdipDrawArc
GdipDrawLine
GdipDeleteRegion
GdipGetRegionHRgn
GdipCreateRegionPath
GdipDrawLineI
GdipFillPolygonI
GdipDrawEllipseI
GdipFillEllipseI
GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipReleaseDC
GdipDrawImageRectI
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateFontFamilyFromName
GdipCreateFont
GdipCreateLineBrushFromRectWithAngle
GdipCreateStringFormat
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetTextRenderingHint
GdipDrawString
GdipDeleteStringFormat
GdipDeleteFont
GdipDeleteFontFamily
GdipAddPathArc
GdipAddPathLine
GdipSetInterpolationMode
GdipCreateMatrix
GdipCreatePath
GdipAddPathRectangleI
GdipTranslateMatrix
GdipRotateMatrix
GdipTransformPath
GdipFillPath
GdipSetMatrixElements
GdipDeletePath
GdipDeleteMatrix
GdipCloneImage
GdipCloneBrush
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipSetSmoothingMode
GdipCreateHBITMAPFromBitmap
GdipFree
GdipFillPieI
GdipFillRectangleI
GdipCreateSolidFill
GdipFillPolygon
GdipDeleteBrush
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFromHDC
GdipSetSolidFillColor

msvcp60

??1out_of_range@std@@UAE@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
??_7bad_alloc@std@@6B@
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
wctype
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1logic_error@std@@UAE@XZ
??_7out_of_range@std@@6B@
??_7logic_error@std@@6B@
?_Xlen@std@@YAXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Xran@std@@YAXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@ios_base@std@@QAEXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z
??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
?what@logic_error@std@@UBEPBDXZ
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

ws2_32

shutdown
recv
send
closesocket
WSAGetLastError
WSASetLastError

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetReadFile

imm32

ImmGetConversionStatus
ImmGetOpenStatus
ImmGetContext
ImmSetConversionStatus

crypt32

CertNameToStrA
CertCreateCertificateContext
CryptImportPublicKeyInfo
CertFreeCertificateContext

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 364KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2163d4e55f552ab8f1f3ada81989aa69

Code Sign

4c:2b:e5:47:98:7b:54:5d:b6:68:7d:8b:57:a2:0e:83Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

36:2b:29:37:59:81:06:27:8a:b7:c9:91:bb:0b:12:24:08:ae:dd:86Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

gdiplus

msvcp60

ws2_32

wininet

imm32

crypt32

wtsapi32

Sections

.text Size: - Virtual size: 1.7MB

.rdata Size: - Virtual size: 338KB

.data Size: - Virtual size: 306KB

.vmp0 Size: - Virtual size: 3.6MB

.vmp1 Size: 5.9MB - Virtual size: 5.9MB

.rsrc Size: 364KB - Virtual size: 362KB

4c:2b:e5:47:98:7b:54:5d:b6:68:7d:8b:57:a2:0e:83
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

36:2b:29:37:59:81:06:27:8a:b7:c9:91:bb:0b:12:24:08:ae:dd:86
Signer

.text
Size: - Virtual size: 1.7MB

.rdata
Size: - Virtual size: 338KB

.data
Size: - Virtual size: 306KB

.vmp0
Size: - Virtual size: 3.6MB

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

.rsrc
Size: 364KB - Virtual size: 362KB