3f9b7784464fa901b6f6a0728bdbd2030f2c92f628df1b28d6ba57a3b4280500

Sharing

Copy URL Twitter E-mail

General

Target

3f9b7784464fa901b6f6a0728bdbd2030f2c92f628df1b28d6ba57a3b4280500
Size

364KB
MD5

135c8e147c0506799e3aba8f1db0a438
SHA1

b6183d4547b5406ca5a7b0ee6330d6aee9a67dda
SHA256

3f9b7784464fa901b6f6a0728bdbd2030f2c92f628df1b28d6ba57a3b4280500
SHA512

e499079614803c6f7b2fa4fa439e97118825deb28e8aa050056db6d99983ceafa5ef3ccd8802eda4d7d4b3e8df3f5bcbaf1a159d02319996033551ddcc660721
SSDEEP

6144:XKu1ghIMyTRtwQcBSlH8o+nPFyZnyKtpKT/PdoJgvb/uH3prqxGPlLB/V:9ghIMyTRtwQcBEt+nPFyZnyKEHdSWw3z

Score

1^/10

Malware Config

Signatures

Files

3f9b7784464fa901b6f6a0728bdbd2030f2c92f628df1b28d6ba57a3b4280500
.exe windows:4 windows x86

ebb08f2d09ad08c662919a22291c203d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:a8:8e:b5:3a:85:c7:29:b1:0b:3c:9c:fe:8a:90:1f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/02/2011, 00:00

Not After

29/05/2012, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=System Engineering,O=ShenZhen Thunder Networking Technologies Ltd.,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

51:73:55:ae:ad:01:2f:1d:3e:48:2a:46:70:a6:9c:a0:a5:e6:05:e0
Signer

Actual PE Digest

51:73:55:ae:ad:01:2f:1d:3e:48:2a:46:70:a6:9c:a0:a5:e6:05:e0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xlbughandler

_XL_InitBugHandler@20
_XL_SetReportShowMode@4
_XL_SetBugReportRootDir@4
_XL_SetAlwaysSendReport@4

kernel32

GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
CreateDirectoryW
GetModuleFileNameW
VirtualQuery
IsBadCodePtr
lstrcatW
SetEvent
TerminateThread
SuspendThread
ResumeThread
CreateThread
ResetEvent
CreateEventW
WideCharToMultiByte
FormatMessageW
lstrlenW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WritePrivateProfileStringW
GetPrivateProfileStringW
TerminateProcess
GetLocalTime
VerifyVersionInfoW
VerSetConditionMask
GetExitCodeProcess
LocalFree
GetPrivateProfileIntW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExW
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetCurrentThreadId
InterlockedIncrement
LoadLibraryW
FreeLibrary
InterlockedDecrement
GetProcAddress
CloseHandle
GetLastError
CreateMutexA
SetLastError
GetTempPathW
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
Sleep
GetTickCount
DuplicateHandle
OpenMutexW
CreateMutexW
InterlockedExchange
GetModuleHandleW
DeleteFileA
FindResourceExW
SizeofResource
WaitForSingleObject
CreateFileMappingA
MapViewOfFile
OpenMutexA
OpenFileMappingA
UnmapViewOfFile
GetFileSizeEx
MoveFileA
CreateFileW
WriteFile
CreateEventA
OpenEventA
WaitForMultipleObjects
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
LockResource
lstrlenA
RaiseException
MultiByteToWideChar

user32

InvalidateRect
ShowWindow
IsWindowVisible
EnableWindow
GetDlgItem
SetWindowTextW
SendDlgItemMessageW
SetWindowPos
SetWindowContextHelpId
MapDialogRect
GetWindow
CreateWindowExW
GetActiveWindow
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
MessageBoxW
EndDialog
DrawEdge
SetTimer
KillTimer
BeginPaint
EndPaint
GetDC
SetWindowLongW
DefWindowProcW
DestroyWindow
SendMessageW
LoadStringW
EnumChildWindows
GetWindowTextW
GetParent
SystemParametersInfoW
MapWindowPoints
MessageBoxIndirectW
IsDlgButtonChecked
GetDesktopWindow
LoadBitmapW
OffsetRect
CopyRect
GetWindowLongW
IsWindow
DrawStateW
CheckDlgButton
IsWindowEnabled
GetClientRect
GetCursorPos
LoadCursorW
SetCursor
UnregisterClassA
ReleaseDC
DrawTextW
GetSysColor
MoveWindow
PtInRect
ScreenToClient
LoadIconW
GetWindowRect

gdi32

BitBlt
CreateSolidBrush
LineTo
MoveToEx
SetBkMode
SelectObject
DeleteDC
DeleteObject
CreateCompatibleBitmap
CreateFontIndirectW
GetObjectW
CreatePen
SetTextColor
ExtTextOutW
SetBkColor
CreateCompatibleDC

advapi32

GetNamedSecurityInfoW
RegQueryValueExW
RegOpenKeyExW
IsValidSid
CopySid
GetLengthSid
AddAce
InitializeAcl
SetNamedSecurityInfoW
EqualSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
GetAce
GetAclInformation
RegCloseKey

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
StringFromIID
IIDFromString
CoCreateGuid

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SafeArrayDestroy
VariantCopy
VariantClear
VariantInit

atl71

ord66
ord65
ord64
ord23
ord61
ord43
ord44
ord35
ord37
ord42
ord60
ord48
ord30

shlwapi

PathFileExistsA
StrCatW

comctl32

InitCommonControlsEx

msvcr71

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
__security_error_handler
realloc
tolower
_resetstkoflw
wcsncat
vsprintf
_vscprintf
malloc
wcscat
_wcslwr
strlen
_stricmp
sscanf
_wtoi64
_atoi64
_wtol
atol
sprintf
_strnicmp
_i64toa
_ui64tow
_ui64toa
_ltow
_ltoa
_ultow
_ultoa
_purecall
swscanf
wcschr
wcsrchr
swprintf
_wcsicmp
??_U@YAPAXI@Z
vswprintf
_vscwprintf
wcsstr
memcpy
wcslen
memmove
??0exception@@QAE@XZ
??1exception@@UAE@XZ
__p___argc
__p___wargv
??2@YAPAXI@Z
__CxxFrameHandler
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
_except_handler3
_CxxThrowException
??_V@YAXPAX@Z
??3@YAXPAX@Z
free
memset
atoi
strncmp
abs
rand
srand
time
fclose
fread
_wfopen
_mbsnextc
fwrite
fseek
strncpy
fgets
_lseeki64
_close
_read
_wopen
memcmp
_i64tow

msvcp71

??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1ios_base@std@@UAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1istrstream@std@@UAE@XZ
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?overflow@strstreambuf@std@@MAEHH@Z
?pbackfail@strstreambuf@std@@MAEHH@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??1ostrstream@std@@UAE@XZ
??0ostrstream@std@@QAE@PADHH@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JHH@Z
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@ios_base@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

WSAStartup
socket
WSAGetLastError
gethostbyname
recv
connect
closesocket
send
htons

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

psapi

GetModuleFileNameExA
GetModuleFileNameExW

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ebb08f2d09ad08c662919a22291c203d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

7d:a8:8e:b5:3a:85:c7:29:b1:0b:3c:9c:fe:8a:90:1fCertificate

Extended Key Usages

Key Usages

51:73:55:ae:ad:01:2f:1d:3e:48:2a:46:70:a6:9c:a0:a5:e6:05:e0Signer

Headers

File Characteristics

Imports

xlbughandler

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl71

shlwapi

comctl32

msvcr71

msvcp71

version

ws2_32

wininet

psapi

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 104KB - Virtual size: 104KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

7d:a8:8e:b5:3a:85:c7:29:b1:0b:3c:9c:fe:8a:90:1f
Certificate

51:73:55:ae:ad:01:2f:1d:3e:48:2a:46:70:a6:9c:a0:a5:e6:05:e0
Signer

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 104KB - Virtual size: 104KB