2b57fd8ea6db686c6c8d81e9c42829c2ef3e4c3cbe71cc271692f25b145c76b7

Sharing

Copy URL Twitter E-mail

General

Target

2b57fd8ea6db686c6c8d81e9c42829c2ef3e4c3cbe71cc271692f25b145c76b7
Size

1.5MB
MD5

db636fb30bac2eb3ade04342425335ea
SHA1

c635ba8d5d9f2c19d0acb08c48493d0e3b0b0bc2
SHA256

2b57fd8ea6db686c6c8d81e9c42829c2ef3e4c3cbe71cc271692f25b145c76b7
SHA512

199aa7d213add201612fff86d172cd5e700df047e2760417be003d4f2302f799a7ff9172d8543b6c35896d74364b21ba0e8b327965b407d08aa03a4d09063f1d
SSDEEP

24576:9wyUZv3LF/AbdH/u2+YiAcXvhxn2HWfD/jZN13pLZhBhvdLry0wfSnzRL:QZIbd2FBvhBWcTLRhv1y0wfSnzRL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/绿化卸载.exe

Files

2b57fd8ea6db686c6c8d81e9c42829c2ef3e4c3cbe71cc271692f25b145c76b7
.zip
HaoZip.exe
.exe windows:5 windows x64

d18f135f1b12514adbed593ac8a99021

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:ae:fd:65:91:a4:e8:f0:11:a7:7f:24:51:f8:d4:af:2e:42:f3:9b:d0:ca:88:98:a8:e3:a0:cc:83:e0:f5:69
Signer

Actual PE Digest

4f:ae:fd:65:91:a4:e8:f0:11:a7:7f:24:51:f8:d4:af:2e:42:f3:9b:d0:ca:88:98:a8:e3:a0:cc:83:e0:f5:69

Digest Algorithm

sha256

PE Digest Matches

false

8a:4b:07:62:8a:e5:6e:3a:db:2d:1b:85:b6:e0:3c:77:f7:6d:3a:72
Signer

Actual PE Digest

8a:4b:07:62:8a:e5:6e:3a:db:2d:1b:85:b6:e0:3c:77:f7:6d:3a:72

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryW
GetModuleHandleW
GetCurrentThreadId
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetPrivateProfileStringW
GetLastError
CloseHandle
GetVersionExW
FindResourceW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
LoadLibraryA
lstrlenW
lstrcatW
lstrcpyW
lstrcmpiW
CreateMutexW
ReleaseMutex
Sleep
HeapFree
OpenProcess
HeapAlloc
LocalFree
GetProcessHeap
LockResource
GetSystemInfo
LoadResource
LoadLibraryExW
FindFirstFileW
GetLongPathNameW
CreateFileW
GetFileAttributesW
GetEnvironmentVariableW
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
DeleteFileW
GetFileSizeEx
WaitForMultipleObjects
GetCurrentProcessId
QueryDosDeviceW
GetCurrentProcess
FindNextFileW
FindClose
SetFileTime
GetFileSize
GetFileTime
CreateDirectoryW
GetFullPathNameW
RemoveDirectoryW
GetTempPathW
SetFileAttributesW
GetCurrentDirectoryW
GetLogicalDriveStringsW
FormatMessageW
SetEvent
GetTickCount
SetLastError
GlobalMemoryStatusEx
RtlVirtualUnwind
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
SwitchToThread
DeviceIoControl
DecodePointer
ResetEvent
FreeLibrary
GetFileAttributesExW
GetProcAddress
CreateEventW
ResumeThread
FileTimeToSystemTime
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetACP
GetStringTypeW
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode

user32

SetWindowsHookExW
UnhookWindowsHookEx
MessageBoxW
SetDlgItemTextW

advapi32

RegCreateKeyExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW

ole32

CoTaskMemFree

Sections

.text
Size: 845KB - Virtual size: 845KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipAce32Loader.exe
.exe windows:5 windows x86

74cac86039f10bc226a4000767046a19

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:ef:90:c7:2d:37:e8:d8:ce:94:dc:c3:97:f5:23:95:bb:c8:17:7d:fd:14:39:32:dd:7c:40:88:87:0d:17:eb
Signer

Actual PE Digest

b8:ef:90:c7:2d:37:e8:d8:ce:94:dc:c3:97:f5:23:95:bb:c8:17:7d:fd:14:39:32:dd:7c:40:88:87:0d:17:eb

Digest Algorithm

sha256

PE Digest Matches

true

19:49:f8:ed:6b:9f:fe:aa:93:8e:61:72:2b:fb:09:e1:48:f2:06:25
Signer

Actual PE Digest

19:49:f8:ed:6b:9f:fe:aa:93:8e:61:72:2b:fb:09:e1:48:f2:06:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
WaitForMultipleObjects
GetCurrentDirectoryW
SetCurrentDirectoryW
ExitProcess
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
LoadLibraryExW
FindFirstFileW
GetLongPathNameW
CreateFileW
GetLastError
GetFileAttributesExW
OpenFileMappingW
UnmapViewOfFile
CloseHandle
MapViewOfFile
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchangeAdd
GetACP
MultiByteToWideChar
WideCharToMultiByte
FindNextFileW
FindClose
LocalFileTimeToFileTime
DosDateTimeToFileTime
WriteFile
CreateDirectoryW
GetFullPathNameW
lstrlenW
RemoveDirectoryW
GetTempPathW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
MoveFileW
HeapFree
GetCurrentThreadId
HeapAlloc
GetProcessHeap
GetCurrentProcess
OpenEventW
SetEvent
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
LCMapStringW
GetStringTypeW
GetFileType
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipC.exe
.exe windows:5 windows x64

655c43997910911c0f6194cfd3a04995

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:d6:03:43:92:0c:a1:ef:e4:39:f6:b3:0d:06:62:8c:d9:ea:ea:bf:75:27:3c:80:91:b4:e2:c0:64:0b:b5:5e
Signer

Actual PE Digest

22:d6:03:43:92:0c:a1:ef:e4:39:f6:b3:0d:06:62:8c:d9:ea:ea:bf:75:27:3c:80:91:b4:e2:c0:64:0b:b5:5e

Digest Algorithm

sha256

PE Digest Matches

false

7d:5c:d8:21:36:57:99:c4:76:29:ec:40:d3:35:13:d7:b1:0d:54:10
Signer

Actual PE Digest

7d:5c:d8:21:36:57:99:c4:76:29:ec:40:d3:35:13:d7:b1:0d:54:10

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetPrivateProfileStringW
GetLastError
CloseHandle
FreeLibrary
GetVersionExW
ReadFile
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapFree
GetCurrentThreadId
OpenProcess
HeapAlloc
LocalFree
GetProcessHeap
FindResourceW
lstrcmpiW
FindFirstFileW
CreateFileW
GetFileAttributesExW
GetEnvironmentVariableW
FindClose
GetFileSize
SystemTimeToFileTime
GetSystemTime
GetModuleHandleW
WriteFile
SetFileTime
SetEndOfFile
FormatMessageW
CreateEventW
SetEvent
ResetEvent
lstrlenW
lstrcatW
lstrcpyW
DeleteFileW
GetFileSizeEx
GetCurrentProcess
CreateDirectoryW
GetFullPathNameW
SetFileAttributesW
MoveFileExW
GetTempFileNameW
MoveFileW
GetCurrentProcessId
CreateMutexW
ReleaseMutex
GetStdHandle
RtlVirtualUnwind
LoadLibraryW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetFileAttributesW
ExpandEnvironmentStringsW
GetProcAddress

user32

LoadStringW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

msvcp140

?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?wcin@std@@3V?$basic_istream@_WU?$char_traits@_W@std@@@1@A
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?get@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?ignore@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_JG@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_JD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ

vcruntime140

memset
_CxxThrowException
_purecall
__C_specific_handler
__CxxFrameHandler3
wcschr
__std_exception_destroy
memmove
__std_exception_copy
wcsstr
__std_terminate
memcpy

api-ms-win-crt-string-l1-1-0

towupper
_stricmp
wcsncpy
_wcsicmp
wcslen
strlen
towlower

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
terminate
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
_c_exit
__p___argc
__p___wargv

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfwprintf
__p__commode
_set_fmode
__stdio_common_vswprintf

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipLoader.exe
.exe windows:5 windows x64

68f0bd6709278672513de88301fae786

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:99:d5:72:c5:60:dc:d0:fc:76:a0:6b:22:e9:8a:72:8f:d7:30:26:62:3b:5a:a1:74:67:c8:6b:04:57:dc:fc
Signer

Actual PE Digest

01:99:d5:72:c5:60:dc:d0:fc:76:a0:6b:22:e9:8a:72:8f:d7:30:26:62:3b:5a:a1:74:67:c8:6b:04:57:dc:fc

Digest Algorithm

sha256

PE Digest Matches

false

0a:cb:17:5f:b8:fe:a6:62:77:45:76:98:1b:ac:24:02:eb:5a:2b:bc
Signer

Actual PE Digest

0a:cb:17:5f:b8:fe:a6:62:77:45:76:98:1b:ac:24:02:eb:5a:2b:bc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

imm32

ImmDisableIME

kernel32

LoadLibraryW
FreeLibrary
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetPrivateProfileStringW
GetLastError
CreateProcessW
GetExitCodeProcess
GetFileAttributesW
GetModuleHandleW
GetVersionExW
LoadLibraryExW
FindFirstFileW
GetLongPathNameW
CreateFileW
GetFileAttributesExW
CreateMutexW
ReleaseMutex
Sleep
GetEnvironmentVariableW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetCurrentThreadId
OpenProcess
HeapAlloc
LocalFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LockResource
LoadResource
FindResourceW
lstrcmpiW
LoadLibraryA
FindNextFileW
FindClose
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
GetFileSize
CreateDirectoryW
GetFullPathNameW
lstrlenW
RemoveDirectoryW
GetTempPathW
SetFileAttributesW
DeleteFileW
MoveFileExW
CopyFileW
MoveFileW
GetCurrentProcess
lstrcatW
lstrcpyW
GetFileSizeEx
GetCurrentProcessId
FormatMessageW
RtlVirtualUnwind
CloseHandle
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
SetErrorMode
WritePrivateProfileStringW
GetSystemDefaultLangID
GetProcAddress
GetModuleFileNameW

user32

LoadStringW
MessageBoxW

advapi32

GetUserNameW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

__std_exception_destroy
__std_exception_copy
memset
_purecall
wcsstr
wcschr
__C_specific_handler
__std_terminate
memcpy
memmove
__CxxFrameHandler3
memcmp
_CxxThrowException

api-ms-win-crt-string-l1-1-0

_wcsicmp
towlower
wcsncpy
towupper
_stricmp
wcslen

api-ms-win-crt-runtime-l1-1-0

_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_set_app_type
_exit
_seh_filter_exe
_c_exit
_register_thread_local_exe_atexit_callback
_cexit
_configure_wide_argv
terminate
_crt_atexit
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
exit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
_set_fmode
__p__commode

api-ms-win-crt-heap-l1-1-0

calloc
free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HaoZipLoader32.exe
.exe windows:5 windows x86

4c3f4bd9b0dddb204d3e34f12f04b9ab

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:80:4b:15:bd:d8:73:a4:f7:e3:da:b1:7a:0a:9f:a4:7a:07:b5:32:e0:80:1f:8a:84:a5:cb:5d:c9:22:b3:41
Signer

Actual PE Digest

3b:80:4b:15:bd:d8:73:a4:f7:e3:da:b1:7a:0a:9f:a4:7a:07:b5:32:e0:80:1f:8a:84:a5:cb:5d:c9:22:b3:41

Digest Algorithm

sha256

PE Digest Matches

true

a5:12:d0:20:57:80:fe:63:1f:46:fe:6a:cb:6c:9b:3f:2e:98:80:4e
Signer

Actual PE Digest

a5:12:d0:20:57:80:fe:63:1f:46:fe:6a:cb:6c:9b:3f:2e:98:80:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
StrCmpIW
PathFileExistsW
PathAppendW

kernel32

DecodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetFileAttributesW
LoadLibraryW
GetModuleHandleW
GetCommandLineW
GetModuleFileNameW
GetProcAddress
FreeLibrary
ExpandEnvironmentStringsW
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
GetVersionExW
lstrcatW
lstrcpyW
lstrcmpiW
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
DeleteFileW
CloseHandle
GetFileSizeEx
WaitForSingleObject
GetLastError
LocalFree
GetCurrentProcessId
CreateFileW
GetFileAttributesExW
CreateMutexW
ReleaseMutex
FindNextFileW
FindClose
HeapFree
GetCurrentThreadId
HeapAlloc
GetProcessHeap
GetFileSize
CreateDirectoryW
WriteConsoleW
FormatMessageW
GetCurrentProcess
GetConsoleCP
HeapReAlloc
HeapSize
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetACP
GetStringTypeW
GetFileType
LCMapStringW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW

shell32

SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
绿化卸载.exe
.exe windows:4 windows x86

2f0ec7f61bf44728fcc7e430b7248501

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
HeapSize
TerminateProcess
RaiseException
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
UnhandledExceptionFilter
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpiA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
LocalFree
InterlockedDecrement
InterlockedIncrement
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SuspendThread
TerminateThread
ReleaseMutex
CreateMutexA
GetTempFileNameA
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
RemoveDirectoryA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
CloseHandle
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
ExpandEnvironmentStringsA
GlobalAlloc
GlobalLock
GlobalUnlock
GetTempPathA
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
CopyFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject

user32

GetForegroundWindow
LoadIconA
TranslateMessage
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
SystemParametersInfoA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
UnregisterClassA
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
CharNextA
SetWindowContextHelpId
MapDialogRect
LoadStringA
GetSysColorBrush
GetNextDlgGroupItem
PostThreadMessageA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
IsWindowVisible

gdi32

GetMapMode
GetTextMetricsA
Escape
PtVisible
RectVisible
ExtTextOutA
ScaleViewportExtEx
GetViewportExtEx
ExtSelectClipRgn
SetBkColor
CreateRectRgnIndirect
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
CreatePen
PatBlt
CombineRgn
CreateRectRgn
FillRgn
CreateSolidBrush
CreateFontIndirectA
GetStockObject
GetObjectA
EndPage
EndDoc
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
LineTo
MoveToEx
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
TextOutA

winmm

midiStreamStop
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutRestart
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiOutPrepareHeader
midiStreamOut
midiOutReset
midiStreamClose
midiStreamRestart

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA

ole32

CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemAlloc
CLSIDFromProgID
CoTaskMemFree
CoRegisterMessageFilter
OleRun
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize

oleaut32

SysStringLen
SysAllocStringLen
VariantCopy
VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
VariantCopyInd
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreate
SafeArrayPutElement
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
OleCreateFontIndirect
UnRegisterTypeLi
SysFreeString
SafeArrayGetElemsize
SysAllocStringByteLen
VariantTimeToSystemTime

comctl32

ImageList_Destroy
ord17

oledlg

ord8

ws2_32

closesocket
WSAAsyncSelect
WSACleanup
inet_ntoa
recvfrom
ioctlsocket
recv
getpeername
accept
ntohl

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Sections

.text
Size: 756KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d18f135f1b12514adbed593ac8a99021

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7aCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

4f:ae:fd:65:91:a4:e8:f0:11:a7:7f:24:51:f8:d4:af:2e:42:f3:9b:d0:ca:88:98:a8:e3:a0:cc:83:e0:f5:69Signer

8a:4b:07:62:8a:e5:6e:3a:db:2d:1b:85:b6:e0:3c:77:f7:6d:3a:72Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 845KB - Virtual size: 845KB

.rdata Size: 281KB - Virtual size: 281KB

.data Size: 6KB - Virtual size: 13KB

.pdata Size: 34KB - Virtual size: 33KB

.rsrc Size: 257KB - Virtual size: 256KB

.reloc Size: 4KB - Virtual size: 3KB

74cac86039f10bc226a4000767046a19

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7aCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

4f:ae:fd:65:91:a4:e8:f0:11:a7:7f:24:51:f8:d4:af:2e:42:f3:9b:d0:ca:88:98:a8:e3:a0:cc:83:e0:f5:69
Signer

8a:4b:07:62:8a:e5:6e:3a:db:2d:1b:85:b6:e0:3c:77:f7:6d:3a:72
Signer

.text
Size: 845KB - Virtual size: 845KB

.rdata
Size: 281KB - Virtual size: 281KB

.data
Size: 6KB - Virtual size: 13KB

.pdata
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 257KB - Virtual size: 256KB

.reloc
Size: 4KB - Virtual size: 3KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b8:ef:90:c7:2d:37:e8:d8:ce:94:dc:c3:97:f5:23:95:bb:c8:17:7d:fd:14:39:32:dd:7c:40:88:87:0d:17:eb
Signer

19:49:f8:ed:6b:9f:fe:aa:93:8e:61:72:2b:fb:09:e1:48:f2:06:25
Signer

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

22:d6:03:43:92:0c:a1:ef:e4:39:f6:b3:0d:06:62:8c:d9:ea:ea:bf:75:27:3c:80:91:b4:e2:c0:64:0b:b5:5e
Signer

7d:5c:d8:21:36:57:99:c4:76:29:ec:40:d3:35:13:d7:b1:0d:54:10
Signer

.text
Size: 216KB - Virtual size: 215KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 6KB - Virtual size: 8KB

.pdata
Size: 10KB - Virtual size: 9KB