7c5de762e59767b7e6e14a82365f7ef3404e3160a79d22c3e7908ee25b086292

Sharing

Copy URL Twitter E-mail

General

Target

7c5de762e59767b7e6e14a82365f7ef3404e3160a79d22c3e7908ee25b086292
Size

9.3MB
MD5

0d3576d2f87d6bfec284312875d06709
SHA1

a90786295170d0684a583eefbcecff975792e1af
SHA256

7c5de762e59767b7e6e14a82365f7ef3404e3160a79d22c3e7908ee25b086292
SHA512

ae2893c243356dab58ff7c7e4579fa322c89ccd36182817db04fa18f4891d12572e3d294192827eef6a200b4e548e58ff9e4e360fa12cc5f92644ccca5f000e1
SSDEEP

196608:gLuTlc6udLPU+TsI/25YegSBAa7V1Tw5aaa7WXK1M:rWrLPXsa6NqaHL0K1M

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BouncyCastle.Crypto.dll
unpack001/Ionic.Zlib.dll
unpack001/LiveCharts.Wpf.dll
unpack001/LiveCharts.dll
unpack001/SOFAtl.dll
unpack001/SOFAtl_proxy.dll
unpack001/SQLite.Interop.dll
unpack001/Spire.License.dll
unpack001/System.Data.SQLite.dll

Files

7c5de762e59767b7e6e14a82365f7ef3404e3160a79d22c3e7908ee25b086292
.zip
BouncyCastle.Crypto.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ionic.Zlib.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LiveCharts.Wpf.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LiveCharts.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NJMB0001.pfx
SOFAtl.dll
.dll regsvr32 windows:5 windows x86

8afb762e6a6e89f6018d6952a501931c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
GetStringTypeW
GetStringTypeA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
SetFilePointer
SetStdHandle
FlushFileBuffers
GetConsoleCP
ReadFile
GetTickCount
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
WriteFile
HeapDestroy
GetStdHandle
GetFileType
GetVersion
GetModuleHandleA
SetLastError
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
WideCharToMultiByte
GetCurrentThreadId
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateMutexW
FindResourceExW
LockResource
GetThreadLocale
SetThreadLocale
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
LCMapStringW
InterlockedDecrement
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
LeaveCriticalSection
EnterCriticalSection
RaiseException
LCMapStringA
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapCreate
GetProcessHeap
SetEndOfFile
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
VirtualAlloc
VirtualFree
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
HeapReAlloc
SetConsoleCtrlHandler
ExitProcess
Sleep
GetSystemTimeAsFileTime
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
HeapFree
HeapAlloc

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
CreateWindowExW
RegisterClassExW
GetKeyState
InvalidateRect
IsWindow
UnregisterClassA
GetFocus
IsChild
SetFocus
UnionRect
PtInRect
CallWindowProcW
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetDC
ReleaseDC
LoadCursorW
GetClassInfoExW
ShowWindow
GetWindowLongW
SetWindowLongW
DestroyWindow
DefWindowProcW
CharNextW

gdi32

LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCW
GetClipRgn
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
TextOutW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps

advapi32

RegEnumKeyExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

OleSaveToStream
WriteClassStm
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CreateOleAdviseHolder
OleLoadFromStream
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantChangeType
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayGetUBound
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VarUI4FromStr
VariantClear

rpcrt4

NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SOFAtl_proxy.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SQLite.Interop.dll
.dll windows:4 windows x86

d823803c5c4ad3a59e9faebd0dd0f7a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
GetDiskFreeSpaceA
InterlockedCompareExchange
GetFileSize
GetVersionExW
DeleteCriticalSection
SetEndOfFile
LockFileEx
EnterCriticalSection
HeapDestroy
UnlockFile
MultiByteToWideChar
CreateMutexW
FreeLibrary
GetCurrentThreadId
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringA
HeapCompact
GetFileAttributesA
FlushViewOfFile
HeapCreate
GetDiskFreeSpaceW
HeapAlloc
FlushFileBuffers
LockFile
GetTempPathW
GetVersionExA
LoadLibraryA
GetSystemInfo
GetFullPathNameW
SystemTimeToFileTime
FormatMessageW
WaitForSingleObjectEx
GetFileAttributesW
CloseHandle
GetFullPathNameA
OutputDebugStringW
WideCharToMultiByte
FileTimeToLocalFileTime
SetFilePointer
GetTickCount
CreateFileMappingA
FileTimeToSystemTime
TryEnterCriticalSection
UnlockFileEx
LoadLibraryW
DeleteFileW
QueryPerformanceCounter
GetProcessHeap
GetCurrentProcessId
HeapFree
GetLastError
ReadFile
GetSystemTimeAsFileTime
MapViewOfFile
GetModuleFileNameW
CreateFileMappingW
GetProcAddress
UnmapViewOfFile
FormatMessageA
GetTempPathA
Sleep
GetFileTime
LocalFree
WriteFile
CreateFileA
AreFileApisANSI
WaitForSingleObject
GetSystemTime
GetFileAttributesExW
HeapSize
CreateFileW
HeapValidate
HeapReAlloc
InterlockedExchange
ExitThread
CreateThread
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
GetConsoleCP
GetConsoleMode
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
RaiseException
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

CryptCreateHash
CryptDeriveKey
CryptAcquireContextW
CryptDestroyKey
CryptEncrypt
CryptDestroyHash
CryptDecrypt
CryptDuplicateKey
CryptHashData

Exports

Exports

CT_DeCrypt
CT_EnCrypt
CT_NUM3
_interop_compileoption_get@4
_interop_compileoption_used@4
_interop_libversion@0
_interop_sourceid@0
_sqlite3_backup_finish_interop@4
_sqlite3_bind_double_interop@12
_sqlite3_bind_int64_interop@12
_sqlite3_bind_parameter_name_interop@12
_sqlite3_blob_close_interop@4
_sqlite3_changes_interop@4
_sqlite3_close_interop@4
_sqlite3_column_database_name16_interop@12
_sqlite3_column_database_name_interop@12
_sqlite3_column_decltype16_interop@12
_sqlite3_column_decltype_interop@12
_sqlite3_column_double_interop@12
_sqlite3_column_int64_interop@12
_sqlite3_column_name16_interop@12
_sqlite3_column_name_interop@12
_sqlite3_column_origin_name16_interop@12
_sqlite3_column_origin_name_interop@12
_sqlite3_column_table_name16_interop@12
_sqlite3_column_table_name_interop@12
_sqlite3_column_text16_interop@12
_sqlite3_column_text_interop@12
_sqlite3_context_collcompare_interop@20
_sqlite3_context_collseq_interop@16
_sqlite3_create_disposable_module_interop@112
_sqlite3_create_function_interop@36
_sqlite3_cursor_rowid_interop@12
_sqlite3_errmsg_interop@8
_sqlite3_finalize_interop@4
_sqlite3_index_column_info_interop@32
_sqlite3_last_insert_rowid_interop@8
_sqlite3_malloc_size_interop@4
_sqlite3_memory_highwater_interop@8
_sqlite3_memory_used_interop@4
_sqlite3_open16_interop@20
_sqlite3_open_interop@20
_sqlite3_prepare16_interop@24
_sqlite3_prepare_interop@24
_sqlite3_reset_interop@4
_sqlite3_result_double_interop@8
_sqlite3_result_int64_interop@8
_sqlite3_table_column_metadata_interop@44
_sqlite3_table_cursor_interop@12
_sqlite3_value_double_interop@8
_sqlite3_value_int64_interop@8
_sqlite3_value_text16_interop@8
_sqlite3_value_text_interop@8
sqlite3_activate_see
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_disposable_module
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_dispose_module
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_json_init
sqlite3_key
sqlite3_key_v2
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_percentile_init
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_regexp_init
sqlite3_rekey
sqlite3_rekey_v2
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_totype_init
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_vtshim_init
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_compact_heap
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_reset_heap
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug

Sections

.text
Size: 880KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sky.Decrypt.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:4e:bf:52:5e:08:5f:a2:31:c9:b2:7c:13:6c:4c:ce
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

19/04/2021, 09:20

Not After

18/04/2024, 09:20

Subject

CN=南京擎天全税通信息科技有限公司,O=南京擎天全税通信息科技有限公司,L=南京市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7f:f5:2e:bf:82:03:2b:26:cf:c1:a3:dd:32:8a:47:f0:6e:0a:e5:b5:55:92:da:87:df:ed:95:ef:f2:74:ef:1c
Signer

Actual PE Digest

7f:f5:2e:bf:82:03:2b:26:cf:c1:a3:dd:32:8a:47:f0:6e:0a:e5:b5:55:92:da:87:df:ed:95:ef:f2:74:ef:1c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sky.Encrypt.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:4e:bf:52:5e:08:5f:a2:31:c9:b2:7c:13:6c:4c:ce
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

19/04/2021, 09:20

Not After

18/04/2024, 09:20

Subject

CN=南京擎天全税通信息科技有限公司,O=南京擎天全税通信息科技有限公司,L=南京市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:b1:ce:86:1f:f5:3c:ce:25:3a:01:3d:71:35:1d:a0:43:c6:a3:ce:d6:6d:17:32:8a:4c:a6:17:2b:31:e1:ec
Signer

Actual PE Digest

fe:b1:ce:86:1f:f5:3c:ce:25:3a:01:3d:71:35:1d:a0:43:c6:a3:ce:d6:6d:17:32:8a:4c:a6:17:2b:31:e1:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sky.LTLib.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:4e:bf:52:5e:08:5f:a2:31:c9:b2:7c:13:6c:4c:ce
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

19/04/2021, 09:20

Not After

18/04/2024, 09:20

Subject

CN=南京擎天全税通信息科技有限公司,O=南京擎天全税通信息科技有限公司,L=南京市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d8:53:eb:65:37:90:c5:73:fa:bb:9e:8f:11:5c:36:d1:0d:bd:69:25:bd:95:15:61:c5:97:5f:36:a8:26:a9:f0
Signer

Actual PE Digest

d8:53:eb:65:37:90:c5:73:fa:bb:9e:8f:11:5c:36:d1:0d:bd:69:25:bd:95:15:61:c5:97:5f:36:a8:26:a9:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sky.RegisterUnit.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:4e:bf:52:5e:08:5f:a2:31:c9:b2:7c:13:6c:4c:ce
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

19/04/2021, 09:20

Not After

18/04/2024, 09:20

Subject

CN=南京擎天全税通信息科技有限公司,O=南京擎天全税通信息科技有限公司,L=南京市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:0d:42:23:c7:b2:c6:51:c7:89:97:d5:e4:42:62:28:2a:80:77:9c:a7:60:d1:de:cb:ae:d6:b9:2a:54:d1:e2
Signer

Actual PE Digest

44:0d:42:23:c7:b2:c6:51:c7:89:97:d5:e4:42:62:28:2a:80:77:9c:a7:60:d1:de:cb:ae:d6:b9:2a:54:d1:e2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sky.Tax.Doubt.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:4e:bf:52:5e:08:5f:a2:31:c9:b2:7c:13:6c:4c:ce
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

19/04/2021, 09:20

Not After

18/04/2024, 09:20

Subject

CN=南京擎天全税通信息科技有限公司,O=南京擎天全税通信息科技有限公司,L=南京市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e3:61:7d:4d:ea:6b:95:91:cf:c1:da:68:fc:cb:60:f4:4d:ad:cd:ad:57:a0:0b:40:67:a1:40:45:7d:8d:2d:b4
Signer

Actual PE Digest

e3:61:7d:4d:ea:6b:95:91:cf:c1:da:68:fc:cb:60:f4:4d:ad:cd:ad:57:a0:0b:40:67:a1:40:45:7d:8d:2d:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sky.VATInvoiceAssistance2.DataMigrate.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:4e:bf:52:5e:08:5f:a2:31:c9:b2:7c:13:6c:4c:ce
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

19/04/2021, 09:20

Not After

18/04/2024, 09:20

Subject

CN=南京擎天全税通信息科技有限公司,O=南京擎天全税通信息科技有限公司,L=南京市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8b:4a:c8:08:a4:46:cf:bd:a3:a4:2a:06:14:80:3b:e5:b8:9a:5a:d5:b2:a0:dd:b8:31:a0:c7:06:4c:62:29:10
Signer

Actual PE Digest

8b:4a:c8:08:a4:46:cf:bd:a3:a4:2a:06:14:80:3b:e5:b8:9a:5a:d5:b2:a0:dd:b8:31:a0:c7:06:4c:62:29:10

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Spire.License.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Spire.Pdf.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:8c:36:28:f1:d3:07:d7:c3:86:b6:58:9f:2a:82:5d
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/12/2019, 00:00

Not After

11/12/2022, 23:59

Subject

CN=Chengdu E-iceblue Technology Co.\, Ltd.,O=Chengdu E-iceblue Technology Co.\, Ltd.,POSTALCODE=610041,STREET=Room 601\, Building 5\, Kaile International Center\, 14 Jiuxing Street\, Wuhou District,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

db:2f:f4:31:97:f9:79:80:f3:d3:4a:da:93:b3:69:3e:ce:99:4d:f5
Signer

Actual PE Digest

db:2f:f4:31:97:f9:79:80:f3:d3:4a:da:93:b3:69:3e:ce:99:4d:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 13.9MB - Virtual size: 13.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System.Data.SQLite.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tax.Catch.Factory.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:4e:bf:52:5e:08:5f:a2:31:c9:b2:7c:13:6c:4c:ce
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

19/04/2021, 09:20

Not After

18/04/2024, 09:20

Subject

CN=南京擎天全税通信息科技有限公司,O=南京擎天全税通信息科技有限公司,L=南京市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ce:02:b9:46:39:fb:8b:20:fc:e0:2b:89:25:43:aa:a4:53:ef:55:ff:a4:fe:89:e3:ec:db:ae:a0:14:b8:d2:b3
Signer

Actual PE Digest

ce:02:b9:46:39:fb:8b:20:fc:e0:2b:89:25:43:aa:a4:53:ef:55:ff:a4:fe:89:e3:ec:db:ae:a0:14:b8:d2:b3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tax.Catch.Mapping.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:4e:bf:52:5e:08:5f:a2:31:c9:b2:7c:13:6c:4c:ce
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

19/04/2021, 09:20

Not After

18/04/2024, 09:20

Subject

CN=南京擎天全税通信息科技有限公司,O=南京擎天全税通信息科技有限公司,L=南京市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:03:c9:d6:0f:65:c4:42:78:c8:c3:2b:f7:ea:46:07:cb:1f:73:75:43:4b:41:0f:21:48:40:11:99:a7:a7:df
Signer

Actual PE Digest

46:03:c9:d6:0f:65:c4:42:78:c8:c3:2b:f7:ea:46:07:cb:1f:73:75:43:4b:41:0f:21:48:40:11:99:a7:a7:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tax.Catch.Model.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:4e:bf:52:5e:08:5f:a2:31:c9:b2:7c:13:6c:4c:ce
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

19/04/2021, 09:20

Not After

18/04/2024, 09:20

Subject

CN=南京擎天全税通信息科技有限公司,O=南京擎天全税通信息科技有限公司,L=南京市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:46:a0:eb:36:fb:92:60:08:f4:e7:f3:cd:a3:ac:2f:68:c7:3c:02:18:33:20:01:0d:69:de:ea:3b:07:c6:2a
Signer

Actual PE Digest

4c:46:a0:eb:36:fb:92:60:08:f4:e7:f3:cd:a3:ac:2f:68:c7:3c:02:18:33:20:01:0d:69:de:ea:3b:07:c6:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updatecategory.sql
zc.bat

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 88KB - Virtual size: 84KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 210KB - Virtual size: 210KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 146KB - Virtual size: 146KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 512B - Virtual size: 12B

8afb762e6a6e89f6018d6952a501931c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 619KB - Virtual size: 618KB

.orpc Size: 512B - Virtual size: 51B

.rdata Size: 205KB - Virtual size: 205KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 42KB - Virtual size: 42KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 816B

.reloc Size: 512B - Virtual size: 12B

d823803c5c4ad3a59e9faebd0dd0f7a4

Headers

File Characteristics

Imports

.text
Size: 2.5MB - Virtual size: 2.5MB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 88KB - Virtual size: 84KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 210KB - Virtual size: 210KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 146KB - Virtual size: 146KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 619KB - Virtual size: 618KB

.orpc
Size: 512B - Virtual size: 51B

.rdata
Size: 205KB - Virtual size: 205KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 42KB - Virtual size: 42KB

.text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 816B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 880KB - Virtual size: 876KB

.rdata
Size: 136KB - Virtual size: 133KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

76:4e:bf:52:5e:08:5f:a2:31:c9:b2:7c:13:6c:4c:ce
Certificate

7f:f5:2e:bf:82:03:2b:26:cf:c1:a3:dd:32:8a:47:f0:6e:0a:e5:b5:55:92:da:87:df:ed:95:ef:f2:74:ef:1c
Signer

.text
Size: 115KB - Virtual size: 115KB

.sdata
Size: 512B - Virtual size: 496B

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

76:4e:bf:52:5e:08:5f:a2:31:c9:b2:7c:13:6c:4c:ce
Certificate

fe:b1:ce:86:1f:f5:3c:ce:25:3a:01:3d:71:35:1d:a0:43:c6:a3:ce:d6:6d:17:32:8a:4c:a6:17:2b:31:e1:ec
Signer

.text
Size: 114KB - Virtual size: 114KB

.sdata
Size: 512B - Virtual size: 496B

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

76:4e:bf:52:5e:08:5f:a2:31:c9:b2:7c:13:6c:4c:ce
Certificate

d8:53:eb:65:37:90:c5:73:fa:bb:9e:8f:11:5c:36:d1:0d:bd:69:25:bd:95:15:61:c5:97:5f:36:a8:26:a9:f0
Signer

.text
Size: 108KB - Virtual size: 108KB

.sdata
Size: 512B - Virtual size: 488B

.rsrc
Size: 1024B - Virtual size: 900B

.reloc
Size: 512B - Virtual size: 12B

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate