abf3f8c82c300b7bd21ef87206ef18b37defb5b5e218296eac97af83d709b40b

Sharing

Copy URL Twitter E-mail

General

Target

abf3f8c82c300b7bd21ef87206ef18b37defb5b5e218296eac97af83d709b40b
Size

1.1MB
MD5

1bce7a4ca8fe582279ae99f3b84aa863
SHA1

8d1e624938a543314afb77c26aeedcac97c4697b
SHA256

abf3f8c82c300b7bd21ef87206ef18b37defb5b5e218296eac97af83d709b40b
SHA512

861a4944b76787972cd5dde07c2bd78a8c12e559d1636e702133dc73f1ae8743ccf640f6aeda5edd876b2acfc94acf77ce4edab584f84b9c9e4977144e5569e5
SSDEEP

24576:lqvO1n/rdu3igcW9dE7cPUD8aBy5rEH7B:ovq+cW9dE7c4

Score

1^/10

Malware Config

Signatures

Files

abf3f8c82c300b7bd21ef87206ef18b37defb5b5e218296eac97af83d709b40b
.exe windows:4 windows x86

06a33c9d423fb5cd482fa8fdab5f93a7

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03/11/2022, 00:00

Not After

02/11/2025, 23:59

Subject

CN=AOMEI International Network Limited,O=AOMEI International Network Limited,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03/11/2022, 00:00

Not After

02/11/2025, 23:59

Subject

CN=AOMEI International Network Limited,O=AOMEI International Network Limited,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:fc:51:e9:78:d2:76:b5:6e:0a:c6:b2:01:67:b1:fa:87:d4:73:43:f3:b7:aa:f3:a7:2d:61:60:06:4f:e7:50
Signer

Actual PE Digest

71:fc:51:e9:78:d2:76:b5:6e:0a:c6:b2:01:67:b1:fa:87:d4:73:43:f3:b7:aa:f3:a7:2d:61:60:06:4f:e7:50

Digest Algorithm

sha256

PE Digest Matches

false

ee:0b:45:51:11:6e:5e:da:6a:ec:27:98:39:22:7d:a5:6f:5e:fa:65
Signer

Actual PE Digest

ee:0b:45:51:11:6e:5e:da:6a:ec:27:98:39:22:7d:a5:6f:5e:fa:65

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

uilogic

CreateUiLogic
CreateUiPolicyPtr
GetScheduleObj
GetRecordObj

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
GetUserProfileDirectoryW
UnloadUserProfile
LoadUserProfileW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken
WTSEnumerateProcessesW
WTSRegisterSessionNotification

rpcrt4

RpcMgmtStopServerListening
RpcRevertToSelf
RpcImpersonateClient
NdrServerCall2
RpcServerUnregisterIf
RpcStringFreeW
RpcServerRegisterIf
RpcBindingFree
RpcServerListen
RpcServerUseProtseqEpW
NdrClientCall2
RpcBindingFromStringBindingW
RpcStringBindingComposeW

comn

GetObjectSys
GetObjectLang
GetObjectLog

ws2_32

socket
closesocket
inet_ntoa
bind
inet_addr
recvfrom
sendto
WSAIoctl
setsockopt
getsockopt
getsockname
select
htonl
recv
WSACleanup
listen
send
htons
accept
WSAStartup
WSAGetLastError
gethostbyname
connect

encrypt

CreateEncryptObject
StrToHex
HexToStr

diskmgr

CreateDdmManager

shlwapi

PathFileExistsW

amnet

?ToInteger@Amnet@@YAKPA_W@Z
?InitAdapter@Amnet@@YAX_N@Z
?Sendto@Amnet@@YA_NHPADI0H_N@Z
?Disconnect@Amnet@@YA_NH_N@Z
?Install@Amnet@@YA_NXZ
?GetLastError@Amnet@@YAHXZ
?Uninstall@Amnet@@YAXXZ
?GetAdapterCount@Amnet@@YAHXZ
?GetHostName@Amnet@@YAXPAD@Z
?CleanVirtualAdapter@Amnet@@YAXXZ
?ToCharacter@Amnet@@YAPADK@Z
?GetAdapterAt@Amnet@@YA_NIAAUTAdapter@1@@Z
?ToInteger@Amnet@@YAKPAD@Z

ntlog

?CloseLog@NTLOG@@YAXH@Z
?WriteLog@NTLOG@@YAHHIPB_WZZ
?OpenLog@NTLOG@@YAHIPA_W@Z

nthelp

?Wchartochar@Help32@@YAXPB_WPADH@Z
?Compress@Help32@@YAHPAEI@Z
?FileIsExist@Help32@@YAHPA_W@Z
?GUIDToString@Help32@@YAXAAU_GUID@@PA_WH@Z
?IsValidUserAndHasAdmin@Help32@@YAHPA_WAAH@Z
?IsEmpty@Help32@@YAHPAD@Z
?IsEmpty@Help32@@YAHPA_W@Z
?Decrypto@Help32@@YAXPAEK@Z
?SplitString@Help32@@YAXPA_W_WAAV?$vector@PA_WV?$allocator@PA_W@std@@@std@@@Z
?StringToGUID@Help32@@YAXPA_WAAU_GUID@@@Z
?Encrypto@Help32@@YAXPAEK@Z
?InternetCheckResult@Help32@@YAHPBDH@Z
?GetIPv4InAddr@Help32@@YAKPBD@Z
?GetIPv4InAddr@Help32@@YAKPB_W@Z
?WriteFile@Help32@@YAKPA_WKPAXK@Z
?Expansion@Help32@@YAXPAEIPADI@Z
?CopyString@Help32@@YAPA_WPA_W@Z
?CopyString@Help32@@YAXPAD0@Z
?CopyString@Help32@@YAXPA_W0@Z
?CheckWindowsUserAndPasswordIsValid@Help32@@YAHPA_W0@Z
?GetAddrInIPv4@Help32@@YAXKPA_W@Z
?Chartowchar@Help32@@YAXPBDPA_WH@Z
?GetModuleFilePath@Help32@@YAXPA_W@Z
?GetModuleFilePath@Help32@@YAXPAD@Z
?EqualString@Help32@@YAHPA_WPAD@Z
?EqualString@Help32@@YAHPA_W0@Z
?ReadFile@Help32@@YAKPA_WKPAXK@Z
?MakeGUID@Help32@@YAXAAU_GUID@@@Z

usbdetect

?RegisterNotification@USBDriveDetector@@QAE_NPAUSERVICE_STATUS_HANDLE__@@PAVHandler@1@@Z
?EventHandler@USBDriveDetector@@QAEXKKPAX@Z
?GetCurRemovablePartitions@DeviceUtil@@SAXPAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@DU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@D@std@@@2@@std@@@Z
?Get@USBDriveDetector@@SAAAV1@XZ
?GetCurRemovableDrives@DeviceUtil@@SAXPAV?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z

funclogic

CreateEnumDisk

kernel32

HeapFree
GetProcessHeap
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedCompareExchange
LocalFree
GenerateConsoleCtrlEvent
GetCurrentThread
GetVersion
LocalAlloc
DeviceIoControl
PeekNamedPipe
CreatePipe
FlushFileBuffers
MoveFileW
lstrlenW
SetFilePointerEx
SetLastError
GetStdHandle
GetFileSizeEx
WriteConsoleA
QueryPerformanceCounter
WriteConsoleW
GetLocalTime
DeleteCriticalSection
GetLastError
lstrcpyW
Sleep
DeleteFileW
EnterCriticalSection
CreateEventW
CreateThread
GetCurrentProcess
WaitForSingleObject
FindFirstFileW
CreateMutexW
SetSystemPowerState
InitializeCriticalSection
ReleaseMutex
GetTickCount
LeaveCriticalSection
SetEvent
FindClose
QueueUserWorkItem
CloseHandle
GetModuleFileNameW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetProcAddress
LoadLibraryW
GetVersionExW
Process32FirstW
MultiByteToWideChar
GetExitCodeProcess
GetStartupInfoW
FreeLibrary
WritePrivateProfileStringW
CreateProcessW
WideCharToMultiByte
GetFileAttributesW
GetPrivateProfileIntW
TerminateProcess
GetModuleFileNameA
SetFilePointer
ReadFile
GetPrivateProfileStringW
WTSGetActiveConsoleSessionId
CreateFileW
CreateDirectoryW
WriteFile
SetProcessPriorityBoost
SetPriorityClass
CreateMutexA
LoadLibraryA
GetModuleHandleW
GetLogicalDriveStringsW
RemoveDirectoryW
FindNextFileW
OpenEventW
SetUnhandledExceptionFilter
GetEnvironmentVariableW
GetCurrentProcessId
InterlockedIncrement
GetSystemInfo
InterlockedExchange
GetCurrentThreadId
OutputDebugStringA
GetDriveTypeW
OpenMutexW
OutputDebugStringW
InterlockedDecrement
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileStringA
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateFileA
GetFileSize
TerminateThread
GetComputerNameW
GetFileAttributesA
CreateDirectoryA
IsBadWritePtr
IsBadReadPtr
GetWindowsDirectoryW
GetSystemDirectoryW
GetVersionExA
GetSystemTimeAsFileTime

user32

RegisterClassExW
SetUserObjectSecurity
GetUserObjectSecurity
SetThreadDesktop
GetThreadDesktop
wsprintfW
ExitWindowsEx
wvsprintfW
GetWindowLongW
PostQuitMessage
SendMessageW
DispatchMessageW
RegisterDeviceNotificationW
LoadCursorW
GetMessageW
SetWindowLongW
DefWindowProcW
UnregisterDeviceNotification
TranslateMessage
CreateWindowExW
OpenDesktopW
SetProcessWindowStation
CloseDesktop
CloseWindowStation
OpenWindowStationW
GetProcessWindowStation

advapi32

AddAce
RegDeleteKeyA
GetAclInformation
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
LogonUserW
RegOpenKeyExA
InitializeAcl
GetLengthSid
AddAccessAllowedAce
GetAce
ImpersonateLoggedOnUser
OpenThreadToken
CopySid
InitializeSecurityDescriptor
RegEnumKeyW
RegQueryInfoKeyW
RegSetValueExA
RegFlushKey
RegOpenKeyW
RegOpenKeyA
RegQueryValueExA
LookupAccountSidW
RegQueryValueExW
ChangeServiceConfig2W
ControlService
DeleteService
CloseServiceHandle
OpenServiceW
CreateServiceW
QueryServiceStatus
OpenSCManagerW
ReportEventW
RegisterEventSourceW
SetServiceStatus
DeregisterEventSource
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegDeleteValueW
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RevertToSelf

shell32

SHGetFolderPathA
SHGetFolderPathW
ShellExecuteExW

ole32

CoUninitialize
StringFromCLSID
CoInitializeEx
CoInitialize
CoTaskMemFree
CoCreateInstance
CLSIDFromString

oleaut32

SysFreeString
SysStringLen
SysAllocString

msvcp80

?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eof@?$char_traits@D@std@@SAHXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?max_size@?$allocator@_W@std@@QBEIXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$allocator@_W@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$allocator@_W@std@@QAE@ABV01@@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flags@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

activeds

ord9

msvcr80

ferror
_wfsopen
ftell
fread
_CIpow
_fsopen
fseek
_vsnprintf_s
isspace
isalnum
tolower
_beginthread
_purecall
fprintf
printf
swscanf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_swprintf
strrchr
??0exception@std@@QAE@XZ
sprintf
wcstombs
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
wcsncmp
_localtime64
_invalid_parameter_noinfo
_vswprintf
??_V@YAXPAX@Z
_localtime64_s
fputc
memmove
_strnicmp
_itoa
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__CxxFrameHandler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
fclose
fopen_s
_wcsicmp
wcschr
atoi
strstr
_mktime64
_wtoi
wcsrchr
strchr
_itow
fopen
_wcsnicmp
_vsnwprintf
wprintf
feof
_beginthreadex
fgets
strtok
atol
vswprintf_s
wcsncpy
sscanf_s
__winitenv
towupper
_wcsupr
srand
_endthreadex
strncmp
mbstowcs
strcpy_s
wcsstr
_vsnprintf
strtol
strftime
rand
toupper
calloc
_vscprintf
_vscwprintf
vsprintf
gets
wcscpy
strcpy
wcscmp
strcmp
memcpy
strlen
div
memset
_CxxThrowException
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
strncpy
isalpha
exit
wcscat_s
swprintf_s
??2@YAPAXI@Z
_time64
memmove_s
wcscpy_s
malloc
free

iphlpapi

AddIPAddress
GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winhttp

WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpCloseHandle
WinHttpReadData
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpSetTimeouts

enumfolder

CreateEnumRemoteFolder

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06a33c9d423fb5cd482fa8fdab5f93a7

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

71:fc:51:e9:78:d2:76:b5:6e:0a:c6:b2:01:67:b1:fa:87:d4:73:43:f3:b7:aa:f3:a7:2d:61:60:06:4f:e7:50Signer

ee:0b:45:51:11:6e:5e:da:6a:ec:27:98:39:22:7d:a5:6f:5e:fa:65Signer

Headers

File Characteristics

Imports

uilogic

userenv

wtsapi32

rpcrt4

comn

ws2_32

encrypt

diskmgr

shlwapi

amnet

ntlog

nthelp

usbdetect

funclogic

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

activeds

msvcr80

iphlpapi

version

winhttp

enumfolder

Exports

Exports

Sections

.text Size: 640KB - Virtual size: 639KB

.rdata Size: 112KB - Virtual size: 110KB

.data Size: 4KB - Virtual size: 89KB

.rsrc Size: 296KB - Virtual size: 292KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

71:fc:51:e9:78:d2:76:b5:6e:0a:c6:b2:01:67:b1:fa:87:d4:73:43:f3:b7:aa:f3:a7:2d:61:60:06:4f:e7:50
Signer

ee:0b:45:51:11:6e:5e:da:6a:ec:27:98:39:22:7d:a5:6f:5e:fa:65
Signer

.text
Size: 640KB - Virtual size: 639KB

.rdata
Size: 112KB - Virtual size: 110KB

.data
Size: 4KB - Virtual size: 89KB

.rsrc
Size: 296KB - Virtual size: 292KB