fb0bf72253732ceeb28d097030b0e3fe4605ea2e346dddba755e801cf8889640

Sharing

Copy URL

Twitter E-mail

General

Target

fb0bf72253732ceeb28d097030b0e3fe4605ea2e346dddba755e801cf8889640
Size

5.7MB
MD5

f1f973d215c3b3ad19cb7f88bcb3f50b
SHA1

c39988e7c9939ef511cda3bea3a2aaf21197e90e
SHA256

fb0bf72253732ceeb28d097030b0e3fe4605ea2e346dddba755e801cf8889640
SHA512

6b276afb507200b92af13192d138d9de7efa5230f7cc9b3f487c9cdcff47ffb47af1ef491c4c9126222b2efbb0487d8e4d72ac8491d90868333281ad8b4a800f
SSDEEP

98304:NWsrCzmBRDlvfzPKmErfEEzu81UwFXiKbI1EUPFJluxGhjDEQ3hn1guQsMe6Q2n/:DrCKBRZvtifEE/1UQSWKVoG++h1HgezW

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/OpenDoor/Nancy.dll
unpack001/OpenDoor/NetIO.dll
unpack001/OpenDoor/OpenDoor.exe
unpack001/OpenDoor/SPReader.dll
unpack001/OpenDoor/Topshelf.dll
unpack001/OpenDoor/log4net.dll

Files

fb0bf72253732ceeb28d097030b0e3fe4605ea2e346dddba755e801cf8889640
.zip
OpenDoor/Install.bat
OpenDoor/Microsoft.Web.Infrastructure.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8d:f2:63:9c:88:00:64:5b:6c:91:4c:d5:41:1b:72:f6:9b:45:90:8f
Signer

Actual PE Digest

8d:f2:63:9c:88:00:64:5b:6c:91:4c:d5:41:1b:72:f6:9b:45:90:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/Nancy.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 898KB - Virtual size: 898KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/Nancy.xml
.xml
OpenDoor/NetIO.dll
.dll regsvr32 windows:6 windows x64

b90bff174bdd8bd2dc9a7780b20af0bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mfc140

ord2291
ord14075
ord2207
ord2279
ord2167
ord2168
ord1037
ord323
ord12161
ord2263
ord7685
ord1446
ord981
ord7363
ord4503
ord1674
ord4903
ord5691
ord305
ord2917
ord3723
ord5687
ord11869
ord11878
ord7888
ord10080
ord11881
ord11849
ord5064
ord5347
ord5536
ord9001
ord5323
ord5539
ord5213
ord5049
ord7430
ord7431
ord7420
ord5211
ord7890
ord9898
ord8862
ord1504
ord2177
ord4648
ord265
ord300
ord7198
ord4438
ord310
ord1117
ord480
ord964
ord1427
ord8131
ord8050
ord12490
ord7989
ord5167
ord2437
ord12170
ord12171
ord14135
ord7619
ord14133
ord9049
ord6241
ord1449
ord986
ord7152
ord1507
ord1032
ord2344
ord2348
ord316
ord4002
ord3941
ord12571
ord7637
ord2004
ord11614
ord11615
ord14007
ord12160
ord7688
ord14207
ord6100
ord14209
ord6102
ord14208
ord6101
ord11877
ord4436
ord10079
ord12552
ord6590
ord5067
ord2143
ord3720
ord1488
ord324
ord1038
ord2321
ord2367
ord2370
ord2334
ord2369
ord473
ord2229
ord2332
ord2155
ord2260
ord2358
ord1676
ord266
ord1485
ord1487

kernel32

Sleep
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ResetEvent
WaitForSingleObject
GetTickCount64
ResumeThread
SetEvent
InitializeCriticalSectionEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
CloseHandle
LocalFree
LocalAlloc
GetLastError

ws2_32

WSAStartup
socket
setsockopt
WSACleanup
htonl
htons
connect
closesocket
send
shutdown
recv

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

vcruntime140

memcpy
memset
__C_specific_handler
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
__std_type_info_destroy_list
_CxxThrowException
memmove

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NETIO_GetStatus
NETIO_InitNet
NETIO_Reconnect
NETIO_ReconnectWithOldSet
NETIO_SetDO
NETIO_UninitNet

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/NetIO.exp
OpenDoor/NetIO.lib
OpenDoor/NetIO.pdb
OpenDoor/Newtonsoft.Json.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20
Certificate

Issuer

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Not Before

15-01-2021 00:00

Not After

14-01-2046 23:59

Subject

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73
Certificate

Issuer

CN=DigiCert CS RSA4096 Root G5,O=DigiCert\, Inc.,C=US

Not Before

15-07-2021 00:00

Not After

14-07-2031 23:59

Subject

CN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA2,O=.NET Foundation,C=US

Not Before

13-08-2021 00:00

Not After

29-10-2024 23:59

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a57617368696e67746f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b
Signer

Actual PE Digest

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/Newtonsoft.Json.xml
.xml
OpenDoor/OpenDoor.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/OpenDoor.exe.config
OpenDoor/OpenDoor.pdb
OpenDoor/SPReader.dll
.dll windows:6 windows x64

36cb2fd2e69fd7acd75d6ce7ddbe4836

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mfc140

ord5536
ord9001
ord5323
ord5539
ord5067
ord5213
ord5049
ord7430
ord7431
ord7420
ord5211
ord7890
ord9898
ord8862
ord6590
ord1037
ord323
ord4436
ord7685
ord1446
ord981
ord7363
ord5347
ord8418
ord4503
ord266
ord265
ord2142
ord1504
ord2175
ord1507
ord1674
ord1670
ord4938
ord310
ord12189
ord300
ord1032
ord964
ord1427
ord6241
ord2344
ord2348
ord1485
ord5064
ord12552
ord11849
ord11881
ord10079
ord7888
ord11877
ord11869
ord5687
ord3723
ord6101
ord14208
ord6102
ord14209
ord6100
ord14207
ord7688
ord12160
ord14007
ord11615
ord11614
ord8131
ord8050
ord12490
ord7989
ord5167
ord2437
ord12170
ord12171
ord14135
ord7619
ord14133
ord9049
ord4002
ord3941
ord12571
ord7637
ord12547
ord2004
ord3720
ord1488
ord324
ord1038
ord2321
ord2207
ord2367
ord2370
ord2334
ord2369
ord473
ord2229
ord2332
ord2155
ord2260
ord2358
ord1487

kernel32

GetCommMask
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
LocalAlloc
InitializeCriticalSectionEx
ReadFile
GetOverlappedResult
WriteFile
ResetEvent
LocalFree
FormatMessageA
OutputDebugStringW
WaitForMultipleObjects
WaitCommEvent
ClearCommError
CloseHandle
SetEvent
PurgeComm
SetCommState
BuildCommDCBA
GetCommState
SetCommMask
SetCommTimeouts
CreateEventA
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError

user32

MessageBoxA

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

vcruntime140

__std_type_info_destroy_list
__vcrt_InitializeCriticalSectionEx
memmove
memset
__C_specific_handler
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e

api-ms-win-crt-convert-l1-1-0

strtoll

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

GetALLStrData
GetOneIntVal
GetOneStrData
InitSerialPort
UninitSerialPort

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/SPReader.exp
OpenDoor/SPReader.lib
OpenDoor/System.Web.Helpers.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:32

Not After

01-09-2022 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:68:1b:2c:98:99:4f:11:50:83:4e:38:7e:70:4f:31:7d:2d:25:4b:4d:a5:7d:4d:bc:fd:fd:0f:e3:a6:fd:21
Signer

Actual PE Digest

57:68:1b:2c:98:99:4f:11:50:83:4e:38:7e:70:4f:31:7d:2d:25:4b:4d:a5:7d:4d:bc:fd:fd:0f:e3:a6:fd:21

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/System.Web.Helpers.xml
OpenDoor/System.Web.Mvc.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:32

Not After

01-09-2022 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:42:6c:09:af:a5:03:4f:2b:56:6c:cf:05:ed:12:45:1c:0f:8d:51:be:5e:56:ba:ce:c5:bb:05:dd:55:f7:fe
Signer

Actual PE Digest

41:42:6c:09:af:a5:03:4f:2b:56:6c:cf:05:ed:12:45:1c:0f:8d:51:be:5e:56:ba:ce:c5:bb:05:dd:55:f7:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/System.Web.Mvc.xml
OpenDoor/System.Web.Razor.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:32

Not After

01-09-2022 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:c7:83:9d:36:9b:c3:35:25:5f:e5:9f:8b:3e:c8:fb:9a:59:a9:6b:bd:87:09:33:79:66:b0:7e:1b:66:48:70
Signer

Actual PE Digest

8c:c7:83:9d:36:9b:c3:35:25:5f:e5:9f:8b:3e:c8:fb:9a:59:a9:6b:bd:87:09:33:79:66:b0:7e:1b:66:48:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/System.Web.Razor.xml
OpenDoor/System.Web.WebPages.Deployment.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:32

Not After

01-09-2022 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:74:52:ce:d0:44:b4:20:5d:77:9f:30:0f:1e:00:9b:c9:c6:76:4f:80:cb:67:aa:3e:18:4e:b2:5e:02:df:25
Signer

Actual PE Digest

c9:74:52:ce:d0:44:b4:20:5d:77:9f:30:0f:1e:00:9b:c9:c6:76:4f:80:cb:67:aa:3e:18:4e:b2:5e:02:df:25

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/System.Web.WebPages.Deployment.xml
OpenDoor/System.Web.WebPages.Razor.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:32

Not After

01-09-2022 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:c7:18:5e:2f:d5:31:aa:f3:37:5d:7d:20:e3:d0:81:1b:a9:d3:68:29:c6:ca:8a:b6:72:f1:32:4c:50:40:48
Signer

Actual PE Digest

93:c7:18:5e:2f:d5:31:aa:f3:37:5d:7d:20:e3:d0:81:1b:a9:d3:68:29:c6:ca:8a:b6:72:f1:32:4c:50:40:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/System.Web.WebPages.Razor.xml
OpenDoor/System.Web.WebPages.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:32

Not After

01-09-2022 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:7d:a5:a9:76:f0:95:0f:49:fd:f1:4f:98:17:51:0a:c3:f7:e3:66:e9:ab:37:ec:e2:ca:38:4d:d7:5a:fd:ec
Signer

Actual PE Digest

1e:7d:a5:a9:76:f0:95:0f:49:fd:f1:4f:98:17:51:0a:c3:f7:e3:66:e9:ab:37:ec:e2:ca:38:4d:d7:5a:fd:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/System.Web.WebPages.xml
OpenDoor/Topshelf.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/Topshelf.xml
.xml
OpenDoor/log4net.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenDoor/log4net.xml
.xml
OpenDoor/uninstall.bat
OpenDoor/װ˵.docx
.docx office2007
OpenDoor//CDM21226_Setup.exe
.exe windows:5 windows x86

02184023c46b09c1acf1ff24f0feed1e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04-03-2014 00:00

Not After

03-03-2024 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:c6:83:b4:48:9e:f0:a3:de:2c:a4:ac:08:5c:21:1c
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19-11-2015 00:00

Not After

18-11-2018 23:59

Subject

SERIALNUMBER=SC136640,CN=Future Technology Devices International Ltd,O=Future Technology Devices International Ltd,L=Glasgow,ST=Glasgow,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9a:44:56:ce:4e:f6:77:ab:e2:68:08:5f:1f:db:20:e6:4b:11:f3:1e
Signer

Actual PE Digest

9a:44:56:ce:4e:f6:77:ab:e2:68:08:5f:1f:db:20:e6:4b:11:f3:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFileTimeToFileTime
RemoveDirectoryA
SetFileTime
WriteFile
GetLastError
WaitForSingleObject
Sleep
GetCurrentProcess
ExitProcess
CreateThread
CreateProcessA
GetSystemDirectoryA
MapViewOfFile
GetModuleFileNameA
GetModuleHandleA
GetFullPathNameA
DosDateTimeToFileTime
FormatMessageA
lstrcmpA
lstrcpyA
lstrcatA
CreateFileMappingA
GetStartupInfoA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTempPathA
GetTempFileNameA
IsBadReadPtr
MultiByteToWideChar
GetFileAttributesA
DeleteFileA
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileA
ExpandEnvironmentStringsA
GetCommandLineA
lstrlenA
VirtualFree
VirtualAlloc
CloseHandle
SetFilePointer
ReadFile
WinExec

user32

ReleaseDC
BeginPaint
EndPaint
SetWindowTextA
MessageBoxA
SetCursor
ClientToScreen
ChildWindowFromPoint
SetClassLongA
LoadBitmapA
LoadCursorA
LoadIconA
GetDC
DestroyMenu
LoadMenuA
EnableWindow
GetDialogBaseUnits
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamA
CreateDialogParamA
ShowWindow
DestroyWindow
UpdateWindow
TrackPopupMenu
GetSubMenu
wsprintfA
SendMessageA
PostMessageA
SetWindowPos

gdi32

Rectangle
SelectObject
SetBkMode
GetStockObject
SetROP2
SetTextColor
GetObjectA
DeleteObject
CreateFontIndirectA
StretchBlt
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

8d:f2:63:9c:88:00:64:5b:6c:91:4c:d5:41:1b:72:f6:9b:45:90:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 36KB - Virtual size: 35KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 898KB - Virtual size: 898KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

b90bff174bdd8bd2dc9a7780b20af0bc

Headers

DLL Characteristics

File Characteristics

Imports

mfc140

kernel32

ws2_32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 52B

.giats Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 344B

dae02f32a21e03ce65412f6e56942daa

Code Sign

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20Certificate

Key Usages

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73Certificate

Extended Key Usages

Key Usages

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

8d:f2:63:9c:88:00:64:5b:6c:91:4c:d5:41:1b:72:f6:9b:45:90:8f
Signer

.text
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 898KB - Virtual size: 898KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 52B

.giats
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 344B

06:ce:e1:31:be:6d:55:c8:07:f7:c0:c7:fb:44:e6:20
Certificate

0a:de:32:e9:50:9b:44:aa:34:b1:da:f1:bc:0e:c8:73
Certificate

0c:d1:40:7a:5a:bd:ed:43:d5:c1:73:12:1d:38:c5:29
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

38:27:11:d0:35:02:fc:58:64:ae:1e:6c:cb:c5:eb:67:eb:5d:dc:c8:86:9e:e4:59:cc:0d:02:0e:5f:d1:fc:9b
Signer

.text
Size: 681KB - Virtual size: 680KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 260B

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

57:68:1b:2c:98:99:4f:11:50:83:4e:38:7e:70:4f:31:7d:2d:25:4b:4d:a5:7d:4d:bc:fd:fd:0f:e3:a6:fd:21
Signer

.text
Size: 122KB - Virtual size: 122KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate