e10c13edc9833adab7f6fac13f09187e094dd59d765b34649e4a2bf636669af1

Sharing

Copy URL Twitter E-mail

General

Target

e10c13edc9833adab7f6fac13f09187e094dd59d765b34649e4a2bf636669af1
Size

562KB
MD5

7b91c86ad973be917a00a672abaf3837
SHA1

8cdf001c4d23249f5ff84bd54f9547cd46cb9211
SHA256

e10c13edc9833adab7f6fac13f09187e094dd59d765b34649e4a2bf636669af1
SHA512

0f5af81d603c06564d492bff47a91957db36d660470b155d6724add4b7b67fdd59408ef96bad818f4e21f85fba24cfe67884a690b38b3dd281e62ae2e30739e2
SSDEEP

12288:KSmVM8bff1On3ZcvFY23d5hrandJTrmqllbEn4a6jgtw8KtA:DCftEm+aX12Heqrs4b8KtA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/res/WDAlg.dll	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/res/WDAlg.dll

Files

e10c13edc9833adab7f6fac13f09187e094dd59d765b34649e4a2bf636669af1
.zip
BRBUAU.exe
.exe windows x86

aa93fc98c3c1541e6f5d942130ed814c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:f8:0a:29:62:f1:de:b7:8a:5a:88:89:67:37:f8:92
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/11/2015, 00:00

Not After

25/12/2018, 23:59

Subject

CN=Beijing Watchsmart Technologies Co.\,Ltd,OU=Security Authentication Business Unit,O=Beijing Watchsmart Technologies Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:4c:43:c6:70:0e:4c:81:c9:44:2b:63:01:18:c7:57
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06/01/2016, 00:00

Not After

25/12/2018, 23:59

Subject

CN=Beijing Watchsmart Technologies Co.\,Ltd,OU=Security Authentication Business Unit,O=Beijing Watchsmart Technologies Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:b2:61:ba:f1:39:e6:6b:80:09:71:15:ba:83:0c:aa:e0:dd:a9:79:5f:47:48:48:84:ab:75:bc:a9:5d:74:49
Signer

Actual PE Digest

93:b2:61:ba:f1:39:e6:6b:80:09:71:15:ba:83:0c:aa:e0:dd:a9:79:5f:47:48:48:84:ab:75:bc:a9:5d:74:49

Digest Algorithm

sha256

PE Digest Matches

true

9c:6d:94:e8:8c:56:df:88:ed:22:ff:da:38:44:96:a0:a3:00:dc:16
Signer

Actual PE Digest

9c:6d:94:e8:8c:56:df:88:ed:22:ff:da:38:44:96:a0:a3:00:dc:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2122
ord556
ord6334
ord3698
ord3721
ord765
ord795
ord354
ord665
ord4224
ord2645
ord6197
ord1147
ord2818
ord5710
ord5683
ord926
ord1228
ord2393
ord1567
ord268
ord2642
ord1979
ord6385
ord5186
ord939
ord6605
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord1200
ord2621
ord1134
ord2725
ord3706
ord2753
ord5787
ord283
ord816
ord562
ord922
ord924
ord2764
ord3318
ord3089
ord4129
ord4277
ord6876
ord5148
ord384
ord686
ord1099
ord1574
ord772
ord3701
ord500
ord1862
ord6142
ord4083
ord5606
ord3693
ord2763
ord2567
ord5788
ord2614
ord1175
ord2096
ord2408
ord5860
ord858
ord807
ord2920
ord2012
ord2120
ord554
ord4163
ord5572
ord2919
ord940
ord4133
ord4297
ord1621
ord4202
ord5856
ord536
ord1195
ord472
ord5440
ord6383
ord5450
ord6394
ord809
ord5053
ord4774
ord3874
ord5651
ord3127
ord3616
ord5442
ord350
ord3797
ord353
ord2243
ord2379
ord5981
ord6880
ord2086
ord4284
ord2864
ord4299
ord6215
ord2414
ord3663
ord3626
ord4710
ord823
ord1641
ord3092
ord6199
ord537
ord2817
ord540
ord860
ord800
ord3619
ord4476
ord5875
ord5280
ord4234
ord2302
ord825
ord324
ord1576
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord1088
ord6358
ord2405
ord2859
ord6194
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord4275
ord4538
ord1146
ord1644
ord2863
ord6270
ord2438
ord3654
ord2584
ord4220
ord470
ord755
ord3573
ord6453
ord2370
ord609
ord2754
ord567
ord4160
ord2078
ord3574
ord4424
ord3402
ord5290
ord4396
ord1776
ord6055
ord2575
ord2915
ord941
ord535
ord1168
ord289
ord323
ord1640
ord5785
ord640
ord613
ord2452
ord3571
ord5768
ord3754
ord3752
ord6128
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265

msvcrt

free
_ftol
atol
_mbsnbcpy
_CxxThrowException
malloc
sprintf
__CxxFrameHandler
_memicmp
_setmbcp
_strdup
strtoul
_mbscmp
_mbsstr
_strupr
strrchr
fclose
vfprintf
fprintf
fopen
vsprintf
strncpy
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
wcslen
wcscpy
memmove
_beginthreadex
isxdigit
isspace
fread
ftell
fseek
atoi
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

lstrcatA
WinExec
lstrcpyA
SetEvent
ResetEvent
MulDiv
CreateEventA
lstrcmpiA
GetCPInfo
lstrlenW
lstrlenA
GetVersion
LoadLibraryA
FreeLibrary
CreateThread
CreateFileA
GetFileSize
ReadFile
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetVersionExA
OutputDebugStringA
GetModuleFileNameA
GetPrivateProfileIntA
ReleaseMutex
GetSystemDefaultLangID
SetThreadLocale
GetPrivateProfileStringA
GetTickCount
Sleep
ResumeThread
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
SetLastError
CreateMutexA
CreateProcessA
WaitForSingleObject
CloseHandle
GetLocalTime
GetLastError
FindResourceA
SizeofResource
LoadResource
LockResource
GetStartupInfoA

user32

GetClientRect
PtInRect
GetParent
CopyIcon
GetMessagePos
MessageBeep
RedrawWindow
DrawStateA
FrameRect
InflateRect
DrawFocusRect
WindowFromPoint
GetActiveWindow
SetCursor
GetNextDlgTabItem
IsMenu
DestroyCursor
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
GetMenuItemCount
GetDC
DestroyIcon
FillRect
DrawEdge
GetMenuItemInfoA
GetSysColor
KillTimer
SendMessageA
EnableWindow
SetParent
SetRect
GetWindowRect
SetTimer
PeekMessageA
PostQuitMessage
LoadCursorA
IsZoomed
DrawIconEx
OffsetRect
LoadBitmapA
ModifyMenuA
GetSubMenu
PostMessageA
IsWindowVisible
SetWindowLongA
GetWindowLongA
LoadImageA
CopyRect
InvalidateRect
LoadMenuA
EnableMenuItem
ClientToScreen
EqualRect
IsWindow
TabbedTextOutA
DrawTextA
GrayStringA
GetDesktopWindow
MessageBoxA
ReleaseCapture
ScreenToClient
SetCapture
GetCapture
LoadIconA
AppendMenuA
GetSystemMenu
DrawIcon
GetSystemMetrics
IsIconic
SetWindowRgn
ReleaseDC
GetWindowDC
SystemParametersInfoA
UpdateWindow

gdi32

SetBkColor
SetTextColor
GetStockObject
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32W
CreateFontIndirectA
CreatePen
GetBkMode
GetDeviceCaps
PatBlt
CreateRoundRectRgn
GetTextExtentPoint32A
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
CreateBitmap
CreatePatternBrush
BitBlt
CreateCompatibleDC
GetObjectA
CreateSolidBrush
CreateFontA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueA
RegCloseKey

shell32

ShellExecuteA
ShellExecuteExA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent

ole32

CreateStreamOnHGlobal

olepro32

ord251

gdiplus

GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdipDisposeImage
GdipFree
GdipCloneImage
GdipCreateFromHDC
GdipDrawImageRectI
GdipAlloc
GdipCreateBitmapFromStream
GdipDeleteGraphics

wininet

InternetSetOptionA
InternetGetConnectedState
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetErrorDlg
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetQueryOptionA

shlwapi

PathFileExistsA

msvcp60

??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0logic_error@std@@QAE@ABV01@@Z

crypt32

CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCreateCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
info.txt
res/CheckConfigChs.ini
res/NXYWizardCOM.ini
res/Protectini.ini
res/WDAlg.dll
.dll windows x86

56f092432ac9302a0eab2efd28cbe419

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
FindClose
FindFirstFileA
CreateFileA
FileTimeToSystemTime
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
GetFileAttributesA
HeapFree
RtlUnwind
VirtualAlloc
GlobalGetAtomNameA
HeapAlloc
RaiseException
HeapReAlloc
FindNextFileA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
CloseHandle
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
GetModuleHandleA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
FindResourceA
LoadResource
LockResource
SizeofResource
ExitProcess
Sleep
GetModuleFileNameA
GetThreadLocale
CreateFileW
GetProcessHeap
IsBadReadPtr
SetLastError
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
InterlockedExchange
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

DestroyMenu
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColorBrush
UnregisterClassA
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
ShowWindow
UnhookWindowsHookEx
GetWindowLongA
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetSysColor
GetClassInfoExA
GrayStringA
MessageBoxA

shlwapi

PathFindExtensionA
PathFindFileNameA

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

SetMapMode
GetClipBox
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA

oleaut32

VariantInit
VariantChangeType
VariantClear

Exports

Exports

Compute_d
WDAlgPriKeyToCard
WDAlgPriKeyToCardPubKey
WDAlgPubKeyToCard
WDBlockDecrypt
WDBlockDecrypt_CBC
WDBlockEncrypt
WDBlockEncrypt_CBC
WDCardPriKeyToAlg
WDCardPubKeyToAlg
WDComputeDigest
WDDelCertOnMyStore
WDGetDatefromCert
WDGetIDFromCert
WDGetIssuerfromCert
WDGetSubjectfromCert
WDIsCertOnMyStore
WDPrivateKeyBlobToAlg
WDPublicKeyBlobToAlg
WDRSAGenerateKeys
WDRSAPrivateDecrypt
WDRSAPrivateEncrypt
WDRSAPrivateOperation
WDRSAPublicDecrypt
WDRSAPublicEncrypt
WDRSAPublicEncryptPKCS1
WDRSAPublicOperation
WDRSASignData
WDRSASignPKCSBlock
WDRSAVerifySign
WDRSAVerifySign1
WDRSAVerifySignedPKCSBlock
WDRegCertToMyStore
WDRegRootCert
WDRegUserCert
WDRevMemCopy
WDSCardEncodeSignData
WDSCardEncodeSignData1
WDStreamDecrypt
WDStreamEncrypt
�f;�q*��ՖZ��L�z�g��0Ԉ�� Jy�b?��N��j\�0E4�Ǣз��M? )� 0 �L��Z,��yf��xb�M��PX+��h�#��>BU��L�˽TԲ;xcl j^,%�O��Z2tZ+��ث1i2�Hy�J[Ե�p5r��0/,�G��8��My�� )%�?g�4T"l��j�Q��d��;E3vWR��Y�g��؜ɺ9s��6�A��?{}K-73�ض9��4��{�I�v=�H��%�N{.�Q5j�w:�}k_[� �E�eh.��ufrr�0��J{+��z�Lb��y+ff�0��ύR��<&�?��Zt}��+��8��W��A=��ڥOZ��k}25�˦�n�L2��5�>-�Vu��(�7�%�u��,{9Q��Fz�g�Y�|�1p�r�&�~G|z|�s~��Aɘ �䇛�p į��w+Tl��p��ֲ/\2%�.zB��F�ǜ��'H�7Gb�� *�,�]\�2�\yw��˾�Ith��t�%�DTwJf-Q��W�7��Ʒ_Ej��1;JҌ�I�Adp�q�6ϱ�թ��V��Ġ�R��<�^j�Q� �3�xb.�p��G�Sn�J�Yu�GR��$��k�a�ZK�.H��`{��)B�FV�4��SN�R�Y�u$��ؿ�W$�D��<��ޜu��!�TS��ٽ�(q��c� #c�'�<�28!f�BXa�B34ˋ��J(ᅓe��~�; �L��|[U7�n�p�e�G��?M�-��*��F?�6�@�+�g�#B�-~�*�b��z��J]Y��o� ʮ��:�*��'S�M�� ;2�dtA��$��t��3�=i�r~�~��+��zf_ ��C�t.ӛ��+�^�Pc�&�F�g��<֗�!D��t��lR�d�� U��gi@�ז\Ө֣�/��vY��Ҍ&�&�%�ʧ�C�䎼~}Q gӪ`�n��8� �7^�Z��&�d:O�L�h`�E$?�7⪁W�n��F��˿�Nc�I��Rl��ޤ:U��5�M��bY.��ޡHD� �3n�� f��E��{H�Z��8�j�2'ͤ笅�I'l8�:|�(��-�@��z+�<�{a��U��wvѶ�@WPp$��(�R� `��N�lƳ��cPO�W�J@ S��[�Y�1^Iw�N��H �F�h��y��k$_lr��%)Ԗdu" TeE�d�H�d{��Q�7��Dpˋi��э� ��䙭��ܝo��T��4��G��#��@y��Ű�}5��:Ր��z�� Js��<�ؘ��*`�`�a�v� ��3m��5Q��[��"�@��K*�=��i�%�nS��I��g�FaKg�~�U��)Dp��Pv�� c�<1̓l)��G�w&� ��)��N�ޯb��ϟ1�+��k_h��k�Z�<%I��o#��+d�/��FN�Hn=Z�9�`�s��vsGN�z隨�ߖlQ��@�4�+%�p&�[H=q��]K#% #\��eW�)�(�/yƇ��'�:��_��L��5d�4��书@��w#�b�g��kԋ��-��H��X�Tb2�Ŏu��1n�pv��"O�@BS��"u�;~d#&��6JZ��7��ϜG��=X+ʐJ��ꉉ��q��:��(6�[O��0D��V�{s#��p�!��O�/�N4z��"�X �ǝk�a�(��A��!P��6�H�e��$�$y�f+�]��x��-��i�]U�Z�Zȶc��hφ)�jteew�[:��ڔ�gm��g�e��[*G�UfC��7Qq��c��jm,L�!��c��HJ8��FY�NNP�7��^G}oA�ݶ��̸��r��?7�͠�|p�=^kx��,좔&d E�P��?��^�:��5e$�Q��ms(��L�^�/��%c� 6uTGk��p�n��k�S��#�$��-i(f�63�kj��El��gd {kA%\m�Q)�}�2�8 �nT��[��E��P�[+� �(M;�/�|�E.�y�&b��.�H��mZ=v��cĥ#�o��E��_��=Xd�C�4�\�jI��ww,k~�u:�ES}S�`3��S�4�P��f`,�Ű��sT緦S0!7/��"8��'l��Y��G?�L��}+��^��ݗ�]lCw�z��R&Y��Ee�e��ib� @״�P��D}�jИ_�a��,bC��J[Bq4��::H�=n�b�{�r�&�H�-d��\��f��H�C�}��>W�0ZY&rG��ӌԧ.��')�\\#��C{��:�>ٖ݇p�n�=%e�T�\Lƴ�) ��r+) g�N��rKP�xP,�'��*J��2��ʡM�o��X��"W�Zq��IP�8�/��"�7��"=ý^� �ࢪ��h��b�+�o�Ҏ�5��u`��:K�ߨ�5�� '`xt��Na,!��x!��<��K�d(��<Y��&��V��A7��_��U�_��7r��/�bHj ��p�nP�҄&��C3j75��+�ۥݛ=��PU�tr5.��#�,�P��{t%��ϓ��ef`6�y�EFE��c,Hg�f��=[��{�m�rmT��ѧ_��4�:C}4��G�1{@�CBc�ԉ��v��E��)LT�(��j��) |�k(o��Qa4rO)��5QR��,K��4(�m=�q5#�!�q��t��\z�6jb�0��t:Y|a�7S�q!�פ91)��b��n��"X�p<K�A�+��5�H��d��0a��S��*��h� ��f�_%�w�o��^�Q�˰��:�X|��Ϧ?,�

Sections

.text
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa93fc98c3c1541e6f5d942130ed814c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4c:f8:0a:29:62:f1:de:b7:8a:5a:88:89:67:37:f8:92Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1f:4c:43:c6:70:0e:4c:81:c9:44:2b:63:01:18:c7:57Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

93:b2:61:ba:f1:39:e6:6b:80:09:71:15:ba:83:0c:aa:e0:dd:a9:79:5f:47:48:48:84:ab:75:bc:a9:5d:74:49Signer

9c:6d:94:e8:8c:56:df:88:ed:22:ff:da:38:44:96:a0:a3:00:dc:16Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

gdiplus

wininet

shlwapi

msvcp60

crypt32

Sections

.text Size: 196KB - Virtual size: 192KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 16KB - Virtual size: 48KB

.rsrc Size: 184KB - Virtual size: 182KB

56f092432ac9302a0eab2efd28cbe419

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

oleacc

gdi32

winspool.drv

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 234KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 12KB - Virtual size: 11KB

.vmp0 Size: 24KB - Virtual size: 23KB

.vmp1 Size: 8KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 24B

.vmp2 Size: 44KB - Virtual size: 42KB

.reloc Size: 16KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4c:f8:0a:29:62:f1:de:b7:8a:5a:88:89:67:37:f8:92
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1f:4c:43:c6:70:0e:4c:81:c9:44:2b:63:01:18:c7:57
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

93:b2:61:ba:f1:39:e6:6b:80:09:71:15:ba:83:0c:aa:e0:dd:a9:79:5f:47:48:48:84:ab:75:bc:a9:5d:74:49
Signer

9c:6d:94:e8:8c:56:df:88:ed:22:ff:da:38:44:96:a0:a3:00:dc:16
Signer

.text
Size: 196KB - Virtual size: 192KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 16KB - Virtual size: 48KB

.rsrc
Size: 184KB - Virtual size: 182KB

.text
Size: 236KB - Virtual size: 234KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 12KB - Virtual size: 11KB

.vmp0
Size: 24KB - Virtual size: 23KB

.vmp1
Size: 8KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 24B

.vmp2
Size: 44KB - Virtual size: 42KB

.reloc
Size: 16KB - Virtual size: 12KB