Mi_Account_Unlock_Tool_By_XDAROM[.]COM[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Mi_Account_Unlock_Tool_By_XDAROM.COM.rar
Size

3.4MB
MD5

70ab4f78d0842f25e400011287f992c2
SHA1

38315d9ccaf7e1e463a8574c806c7e6a1b8cafe6
SHA256

92ce61048c73415a63449c6063f1de8e32f8d3409f516a9925991ccb6ea22eb6
SHA512

0f4e83a4eacdae501730f720d44677c017944c736d5a7fae4ce6680ef1f889401b733e7e32d8e209a2736b70d3b719c24c679f0e675235bad75c073a1c5baadc
SSDEEP

98304:T4q5XRYolHF+fa6da6AAgZ/8PqCHM1ohpgu:T3DlHYa6Y6AAgivM1YpD

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Mi_Account_Unlock_Tool_By_www.xdarom.com/MiAccountUnlock-Tool_by_XDAROM.COM/MiAccountUnlock Tool.exe
unpack001/Mi_Account_Unlock_Tool_By_www.xdarom.com/MiAccountUnlock-Tool_by_XDAROM.COM/TELEComAndLib.dll

Files

Mi_Account_Unlock_Tool_By_XDAROM.COM.rar
.rar
Mi_Account_Unlock_Tool_By_www.xdarom.com/MiAccountUnlock-Tool_by_XDAROM.COM/AdbWinApi.dll
.dll windows:5 windows x86

1e76105550668340b9708fd1836611e6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:e8:ae:14:25:ab:f5:10:a0:ef:cd:e3:84:42:00:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/07/2015, 00:00

Not After

27/07/2018, 23:59

Subject

CN=Xiaomi Technology Inc,O=Xiaomi Technology Inc,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:ac:cf:55:8d:3e:24:f7:90:cd:0b:83:be:8a:46:06:a8:46:0e:61
Signer

Actual PE Digest

a2:ac:cf:55:8d:3e:24:f7:90:cd:0b:83:be:8a:46:06:a8:46:0e:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionAndSpinCount
RaiseException
GetLastError
SetLastError
DecodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateFileW
DeviceIoControl
CloseHandle
WideCharToMultiByte
WriteFile
ReadFile
GetOverlappedResult
Sleep
InterlockedIncrement
InterlockedDecrement
CreateEventW
FreeLibrary
LoadLibraryW
GetProcAddress
WriteConsoleW
SetStdHandle
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
IsDebuggerPresent
OutputDebugStringW
HeapFree
EncodePointer
HeapAlloc
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsProcessorFeaturePresent
GetProcessHeap
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetModuleFileNameW
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapReAlloc
GetStringTypeW
FlushFileBuffers

setupapi

SetupDiGetDeviceInterfaceDetailW
CM_Get_DevNode_Registry_PropertyW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

Exports

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??0AdbIOCompletion@@QAE@ABV0@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??0AdbInterfaceObject@@QAE@ABV0@@Z
??0AdbInterfaceObject@@QAE@PB_WW4_AdbOpenSharingMode@@@Z
??0AdbObjectHandle@@QAE@ABV0@@Z
??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z
??1AdbEndpointObject@@MAE@XZ
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
??1AdbObjectHandle@@MAE@XZ
??4AdbEndpointObject@@QAEAAV0@ABV0@@Z
??4AdbIOCompletion@@QAEAAV0@ABV0@@Z
??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z
??4AdbObjectHandle@@QAEAAV0@ABV0@@Z
??_7AdbEndpointObject@@6B@
??_7AdbIOCompletion@@6B@
??_7AdbInterfaceObject@@6B@
??_7AdbObjectHandle@@6B@
?AddRef@AdbObjectHandle@@UAEJXZ
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ
?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?IsOpened@AdbObjectHandle@@QBE_NXZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?Lookup@AdbObjectHandle@@SAPAV1@PAX@Z
?Release@AdbObjectHandle@@UAEJXZ
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?Type@AdbEndpointObject@@SA?AW4AdbObjectType@@XZ
?Type@AdbIOCompletion@@SA?AW4AdbObjectType@@XZ
?Type@AdbInterfaceObject@@SA?AW4AdbObjectType@@XZ
?adb_handle@AdbObjectHandle@@QBEPAXXZ
?endpoint_id@AdbEndpointObject@@QBEEXZ
?endpoint_index@AdbEndpointObject@@QBEEXZ
?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ
?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ
?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ
?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ
?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ
?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ
?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ
AdbCloseHandle
AdbCreateInterface
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetDefaultBulkReadEndpointInformation
AdbGetDefaultBulkWriteEndpointInformation
AdbGetEndpointInformation
AdbGetEndpointInterface
AdbGetInterfaceName
AdbGetOvelappedIoResult
AdbGetSerialNumber
AdbGetUsbConfigurationDescriptor
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbHasOvelappedIoComplated
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbOpenEndpoint
AdbQueryInformationEndpoint
AdbReadEndpointAsync
AdbReadEndpointSync
AdbResetInterfaceEnum
AdbWriteEndpointAsync
AdbWriteEndpointSync
EnumMdbInterfaces
MdbNextInterface
MdbResetInterfaceEnum
OpenMdbInterfaceByName

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mi_Account_Unlock_Tool_By_www.xdarom.com/MiAccountUnlock-Tool_by_XDAROM.COM/MiAccountUnlock Tool.exe
.exe windows:5 windows x86

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

ole32

OleInitialize

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Mi_Account_Unlock_Tool_By_www.xdarom.com/MiAccountUnlock-Tool_by_XDAROM.COM/TELEComAndLib.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Mi_Account_Unlock_Tool_By_www.xdarom.com/MiAccountUnlock-Tool_by_XDAROM.COM/adb.exe
.exe windows:4 windows x86

c4a900e425ab1ceb4a9b86fc3742c75e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:e8:ae:14:25:ab:f5:10:a0:ef:cd:e3:84:42:00:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/07/2015, 00:00

Not After

27/07/2018, 23:59

Subject

CN=Xiaomi Technology Inc,O=Xiaomi Technology Inc,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:30:e9:35:24:a1:be:64:02:37:a0:d0:fc:22:42:23:58:ed:0e:af
Signer

Actual PE Digest

54:30:e9:35:24:a1:be:64:02:37:a0:d0:fc:22:42:23:58:ed:0e:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

adbwinapi

AdbCloseHandle
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetEndpointInformation
AdbGetInterfaceName
AdbGetSerialNumber
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbReadEndpointSync
AdbWriteEndpointSync

advapi32

SystemFunction036

kernel32

CloseHandle
CreateEventA
CreateFileA
CreatePipe
CreateProcessA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
ReadConsoleInputA
ReadFile
ReleaseSemaphore
ResetEvent
SetConsoleCtrlHandler
SetConsoleMode
SetEvent
SetFilePointer
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_endthreadex
_errno
_findclose
_findfirst
_fmode
_fullpath
_initterm
_iob
_lock
_mkdir
_onexit
_stati64
_vscprintf
time
gmtime
_stricmp
_strnicmp
_unlock
calloc
exit
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
getenv
isalnum
isalpha
isdigit
islower
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
perror
qsort
realloc
setlocale
setvbuf
signal
sprintf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strtol
strtoul
abort
atoi
bsearch
tolower
ungetc
wcslen
_findnext
_write
_utime
_unlink
_umask
_stricmp
_strdup
_read
_getpid
_getcwd
_chmod

shell32

SHGetFolderPathA

user32

MapVirtualKeyA
ToAscii

ws2_32

WSACleanup
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
htonl
htons
listen
recv
send
setsockopt
shutdown
socket

Sections

.text
Size: 663KB - Virtual size: 663KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 655KB - Virtual size: 654KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e76105550668340b9708fd1836611e6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

42:e8:ae:14:25:ab:f5:10:a0:ef:cd:e3:84:42:00:cfCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

a2:ac:cf:55:8d:3e:24:f7:90:cd:0b:83:be:8a:46:06:a8:46:0e:61Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

setupapi

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 198KB - Virtual size: 197KB

.sdata Size: 512B - Virtual size: 488B

.rsrc Size: 1024B - Virtual size: 916B

.reloc Size: 512B - Virtual size: 12B

c4a900e425ab1ceb4a9b86fc3742c75e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

42:e8:ae:14:25:ab:f5:10:a0:ef:cd:e3:84:42:00:cfCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

54:30:e9:35:24:a1:be:64:02:37:a0:d0:fc:22:42:23:58:ed:0e:afSigner

Headers

File Characteristics

Imports

adbwinapi

advapi32

kernel32

msvcrt

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:e8:ae:14:25:ab:f5:10:a0:ef:cd:e3:84:42:00:cf
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

a2:ac:cf:55:8d:3e:24:f7:90:cd:0b:83:be:8a:46:06:a8:46:0e:61
Signer

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.text
Size: 198KB - Virtual size: 197KB

.sdata
Size: 512B - Virtual size: 488B

.rsrc
Size: 1024B - Virtual size: 916B

.reloc
Size: 512B - Virtual size: 12B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:e8:ae:14:25:ab:f5:10:a0:ef:cd:e3:84:42:00:cf
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

54:30:e9:35:24:a1:be:64:02:37:a0:d0:fc:22:42:23:58:ed:0e:af
Signer

.text
Size: 663KB - Virtual size: 663KB

.data
Size: 20KB - Virtual size: 19KB

.rdata
Size: 198KB - Virtual size: 198KB

.bss
Size: - Virtual size: 76KB

.edata
Size: 512B - Virtual size: 48B

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 33KB - Virtual size: 33KB

/4
Size: 13KB - Virtual size: 12KB

/19
Size: 2.7MB - Virtual size: 2.7MB

/31
Size: 234KB - Virtual size: 234KB

/45
Size: 280KB - Virtual size: 279KB

/57
Size: 140KB - Virtual size: 140KB

/70
Size: 37KB - Virtual size: 36KB

/81
Size: 655KB - Virtual size: 654KB

/92
Size: 71KB - Virtual size: 71KB