NEAS[.]53b42335ab4f46eb2967338e0d111150_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.53b42335ab4f46eb2967338e0d111150_JC.exe
Size

2.0MB
MD5

53b42335ab4f46eb2967338e0d111150
SHA1

e7e16395ddd31e2c830a370cbfda2a6f93ca04dd
SHA256

1d9e1e4622db36db66413a180a4b07571cb7ab65ffa199fcaa5d067b3fcffd20
SHA512

a1880b482ac68122a872116a1739501675a544d860b33699b4a978bcffe9a9c82905877848ed0bb831b42f7736abc1b0581fe7235ed764d327429ae376a7dbc7
SSDEEP

49152:+gfiqoZJ31HYDYrGjPPQvay4L0XQGT7OrMvxtT/M3lcX2:VjPd0XJ1D2

Score

1^/10

Malware Config

Signatures

Files

NEAS.53b42335ab4f46eb2967338e0d111150_JC.exe
.exe windows:5 windows x86

8e231015d7ee9fb074bbcfa82853e9d1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:cf:6f:8a:41:9c:ad:3b:3b:de:ca:09:2b:cb:a3:fa
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02-02-2012 00:00

Not After

01-02-2015 23:59

Subject

CN=Guangzhou KuGou Computer Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Guangzhou KuGou Computer Technology Co.\, Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:06:8c:ea:b8:a1:5b:39:35:51:41:6c:80:82:85:27:52:43:60:9a
Signer

Actual PE Digest

b9:06:8c:ea:b8:a1:5b:39:35:51:41:6c:80:82:85:27:52:43:60:9a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

accept
WSAIoctl
WSAStartup
ntohl
WSACleanup
closesocket
listen
htonl
recvfrom
connect
ioctlsocket
getpeername
socket
getsockopt
send
__WSAFDIsSet
freeaddrinfo
bind
recv
sendto
setsockopt
gethostname
shutdown
getsockname
ntohs
htons
WSAGetLastError
select
WSASocketA
getaddrinfo

kernel32

HeapSetInformation
GetEnvironmentVariableA
ConnectNamedPipe
CreateNamedPipeW
CancelIo
OutputDebugStringA
GetModuleFileNameW
WriteFile
MultiByteToWideChar
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedExchange
GetQueuedCompletionStatus
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
QueryPerformanceFrequency
WideCharToMultiByte
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
CreateEventW
ResetEvent
SetEvent
FindNextFileW
FindClose
GetCurrentDirectoryW
GetWindowsDirectoryW
lstrlenW
FileTimeToSystemTime
CreateDirectoryW
FindFirstFileW
GetFileInformationByHandle
FlushFileBuffers
SetFilePointerEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
LocalFree
GetCommandLineW
CreateThread
IsDebuggerPresent
InterlockedExchangeAdd
GetModuleHandleA
SetLastError
FormatMessageA
GetTickCount
DeleteFileW
GetPrivateProfileIntW
RaiseException
WritePrivateProfileStringW
GetExitCodeProcess
GetCurrentThread
SetUnhandledExceptionFilter
CreateProcessW
SetErrorMode
GetLastError
GetFileSizeEx
GetCurrentProcessId
ReleaseMutex
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TerminateProcess
OpenProcess
WaitForSingleObject
GetCurrentProcess
CreateMutexW
GlobalUnlock
GlobalLock
SetFilePointer
SetThreadPriority
GetThreadPriority
CreateMutexA
GetSystemDirectoryW
GetVersionExW
GetTempPathW
GetNativeSystemInfo
GetTimeZoneInformation
MulDiv
GetStartupInfoW
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetFileAttributesW
ReadFile
GetFileSize
CreateFileW
MoveFileW
GetPrivateProfileStringW
Sleep
GetModuleHandleW
GetCurrentThreadId
GetProcAddress
LoadLibraryW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
OutputDebugStringW
GetFileAttributesW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
InitializeCriticalSection
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
CreateEventA

user32

GetQueueStatus
WaitMessage
KillTimer
UnregisterClassW
SetTimer
DestroyWindow
GetKeyState
IsRectEmpty
GetWindow
GetWindowThreadProcessId
EndDeferWindowPos
SetWindowTextW
EnableWindow
IsWindowVisible
RegisterClassW
BeginDeferWindowPos
DeferWindowPos
EqualRect
GetCaretPos
SetWindowLongW
MonitorFromWindow
BringWindowToTop
UnionRect
IntersectRect
SetRect
GetAsyncKeyState
OffsetRect
GetWindowPlacement
GetForegroundWindow
GetClassInfoW
BeginPaint
SetFocus
GetClientRect
SetParent
WindowFromPoint
IsWindowEnabled
LoadCursorW
InvalidateRgn
RegisterClassExW
TrackMouseEvent
GetParent
GetFocus
IsZoomed
IsChild
IsIconic
SetActiveWindow
GetWindowRect
ScreenToClient
SetWindowRgn
UpdateLayeredWindow
EnumDisplayMonitors
SetWindowPlacement
EndPaint
ReleaseDC
InvalidateRect
GetDC
SetRectEmpty
FillRect
SetCursor
UpdateWindow
DrawTextW
ClipCursor
DragDetect
DrawIconEx
GetSystemMetrics
CreateWindowExW
DefWindowProcW
SendMessageW
GetWindowLongW
TranslateMessage
DispatchMessageW
DestroyIcon
RegisterWindowMessageW
LoadIconW
CallMsgFilterW
MsgWaitForMultipleObjectsEx
PeekMessageW
MessageBoxW
GetCursorPos
PostQuitMessage
RegisterClipboardFormatW
SystemParametersInfoW
CopyRect
PtInRect
IsWindow
PostMessageW
MonitorFromPoint
GetMonitorInfoW
SetWindowPos
SetCapture
SetForegroundWindow
GetMessageW
AttachThreadInput
ReleaseCapture
GetCapture
ShowWindow
ClientToScreen

shell32

Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
RegisterDragDrop
ReleaseStgMedium
CoInitialize

transmission

?CurlEasyPerform@kugou@@YA?AW4CURLcode@@PAX@Z
?CurlEasyCleanup@kugou@@YAXPAX@Z
?CurlEasySetOpt@kugou@@YA?AW4CURLcode@@PAXW4CURLoption@@0@Z
?CurlEasySetOpt@kugou@@YA?AW4CURLcode@@PAXW4CURLoption@@PBD@Z
?CurlEasyInit@kugou@@YAPAXXZ
?CurlEasyGetInfo@kugou@@YA?AW4CURLcode@@PAXW4CURLINFO@@PAN@Z
?CurlEasyGetInfo@kugou@@YA?AW4CURLcode@@PAXW4CURLINFO@@PAJ@Z
?CurlGlobalCleanup@kugou@@YAXXZ
?CurlGlobalInit@kugou@@YA?AW4CURLcode@@J@Z
?CurlEasySetOpt@kugou@@YA?AW4CURLcode@@PAXW4CURLoption@@J@Z

msvcp100

??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?toupper@?$ctype@_W@std@@QBE_W_W@Z
??1_Container_base12@std@@QAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?widen@?$ctype@D@std@@QBEDD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_BADOFF@std@@3_JB
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?_Xfunc@tr1@std@@YAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Incref@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??Bid@locale@std@@QAEIXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QBE_WD@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?narrow@?$ctype@_W@std@@QBED_WD@Z
?exceptions@ios_base@std@@QAEXH@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z

msvcr100

_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_cexit
__wgetmainargs
_amsg_exit
__CxxFrameHandler3
wcstok_s
_set_errno
wcstoul
wcsncpy
printf
qsort
_snprintf
strncmp
sscanf
abort
calloc
_ftime64_s
_dupenv_s
_wstat64
feof
_ftelli64
_snprintf_s
_beginthreadex
_vsnprintf_s
fread
realloc
strchr
_exit
malloc
free
_vsnwprintf_s
_vscwprintf
_vscprintf
ceil
srand
rand
_wfsopen
ldiv
_time64
wcscat_s
fprintf
wcsrchr
__iob_func
_localtime64_s
_errno
isspace
_wcsicmp
exit
_set_invalid_parameter_handler
_set_abort_behavior
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
signal
_set_purecall_handler
??0exception@std@@QAE@ABQBDH@Z
wcschr
vswprintf_s
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
memchr
sprintf
??8type_info@@QBE_NABV0@@Z
fclose
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
fwrite
_unlock_file
_lock_file
_wtoi
_swprintf
wprintf
iswprint
tolower
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
ungetc
fputc
fgetc
memcpy_s
??_V@YAXPAX@Z
??0exception@std@@QAE@XZ
wcscpy_s
_purecall
_vswprintf
memmove
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
_vsnprintf
_CxxThrowException
memset
memcpy
strerror
_wcsnicmp
wcsstr
wcsncmp
longjmp
strtod
getenv
_CIfmod
_CIpow
_CIacos
_CIsqrt
_CIsin
_CIcos
floor
_setjmp3
__CxxLongjmpUnwind
_CIexp
_CIlog
??0exception@std@@QAE@ABV01@@Z

winmm

timeEndPeriod
timeKillEvent
timeSetEvent
timeBeginPeriod
timeGetTime

dbghelp

SymFunctionTableAccess64
MiniDumpWriteDump
StackWalk64
SymGetModuleBase64

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleInformation

usp10

ScriptItemize
ScriptFreeCache
ScriptShape

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

gdi32

GetDeviceCaps
PathToRegion
GetStockObject
PolyBezier
GetTextExtentPointW
BitBlt
EndPath
AbortPath
BeginPath
GetRgnBox
CreateRectRgnIndirect
CreateRectRgn
GetGlyphIndicesW
GetFontData
SetTextAlign
GetGlyphOutlineW
SetWorldTransform
GetTextExtentPointI
GetOutlineTextMetricsW
ExtTextOutW
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
GdiFlush
CreateFontIndirectW
CreateDIBSection
DeleteDC
SetTextColor
GetTextMetricsW
SetGraphicsMode
SetPolyFillMode
CombineRgn

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
IsTextUnicode

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e231015d7ee9fb074bbcfa82853e9d1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

26:cf:6f:8a:41:9c:ad:3b:3b:de:ca:09:2b:cb:a3:faCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b9:06:8c:ea:b8:a1:5b:39:35:51:41:6c:80:82:85:27:52:43:60:9aSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

shell32

ole32

transmission

msvcp100

msvcr100

winmm

dbghelp

psapi

usp10

imm32

version

gdi32

advapi32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 391KB - Virtual size: 391KB

.data Size: 70KB - Virtual size: 92KB

.rsrc Size: 61KB - Virtual size: 61KB

.reloc Size: 98KB - Virtual size: 97KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

26:cf:6f:8a:41:9c:ad:3b:3b:de:ca:09:2b:cb:a3:fa
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b9:06:8c:ea:b8:a1:5b:39:35:51:41:6c:80:82:85:27:52:43:60:9a
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 391KB - Virtual size: 391KB

.data
Size: 70KB - Virtual size: 92KB

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 98KB - Virtual size: 97KB