NEAS[.]8fd5c1e2a8f0a60e8b5f223168fee700[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.8fd5c1e2a8f0a60e8b5f223168fee700.exe
Size

422KB
MD5

8fd5c1e2a8f0a60e8b5f223168fee700
SHA1

03713e52efa029c5ee7a6b188d8b706e4759cf06
SHA256

b622ed3861e4276cfb07dfa68b1d5318c4a4fc7c74ca696f81506d35f9c90190
SHA512

602dc40c619c54eaf9965f9858cae69111396e4dfe666661a31ccd7fb2c4a249d88ed25796a2f04af2e9b4bd226fca6d5fc49496b1fb887dc4248ad9b4cf65dd
SSDEEP

12288:Vg5xgcIddW/u68olYJY/JbrUFBcd7F3Ou0:65bIddW/u6R2EM6d7F3Ou0

Score

1^/10

Malware Config

Signatures

Files

NEAS.8fd5c1e2a8f0a60e8b5f223168fee700.exe
.dll windows:4 windows x64

5cc553e6be1e46e34ce7bf7076c6c6a5

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

01-05-2023 00:00

Not After

31-07-2026 23:59

Subject

CN=K Desktop Environment e. V.,O=K Desktop Environment e. V.,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:45:7d:02:8c:eb:18:a6:35:a6:a5:bf:69:e7:27:5e:71:14:71:00:7a:93:fb:97:8d:c1:e8:9a:a8:13:6c:38
Signer

Actual PE Digest

e2:45:7d:02:8c:eb:18:a6:35:a6:a5:bf:69:e7:27:5e:71:14:71:00:7a:93:fb:97:8d:c1:e8:9a:a8:13:6c:38

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libintl-8

DllMain
libintl_dgettext
libintl_dngettext
libintl_fprintf
libintl_sprintf
libintl_vasprintf
libintl_vfprintf

iconv

iconv
iconv_close
iconv_open

kernel32

CloseHandle
CreateEventA
CreateFileA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileA
FlushFileBuffers
GetACP
GetCurrentProcess
GetCurrentThreadId
GetFileInformationByHandle
GetFileType
GetFinalPathNameByHandleA
GetHandleInformation
GetLastError
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
PeekNamedPipe
SetEvent
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argv
__iob_func
_amsg_exit
_close
_dup2
_errno
_fdopen
_fileno
_get_osfhandle
_getmaxstdio
_initterm
_lock
_open
_open_osfhandle
_setjmp
_setmaxstdio
_setmode
_stricmp
_strdup
_unlock
abort
atol
calloc
exit
fclose
ferror
fflush
fopen
fputc
fputs
free
fwrite
getc
getenv
iscntrl
isprint
isspace
iswctype
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
puts
qsort
raise
realloc
setlocale
signal
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strrchr
strtoul
towlower
towupper
vfprintf
wcslen

Exports

Exports

libgettextpo__gl_convert_FILETIME_to_POSIX
libgettextpo__gl_fstat_by_handle
libgettextpo__gl_nothrow_get_osfhandle
libgettextpo__gl_raise_SIGPIPE
libgettextpo__obstack_allocated_p
libgettextpo__obstack_begin
libgettextpo__obstack_begin_1
libgettextpo__obstack_free
libgettextpo__obstack_memory_used
libgettextpo__obstack_newchunk
libgettextpo_allow_duplicates
libgettextpo_asnprintf
libgettextpo_base_len
libgettextpo_c_isalnum
libgettextpo_c_isalpha
libgettextpo_c_isascii
libgettextpo_c_isblank
libgettextpo_c_iscntrl
libgettextpo_c_isdigit
libgettextpo_c_isgraph
libgettextpo_c_islower
libgettextpo_c_isprint
libgettextpo_c_ispunct
libgettextpo_c_isspace
libgettextpo_c_isupper
libgettextpo_c_isxdigit
libgettextpo_c_strcasecmp
libgettextpo_c_strncasecmp
libgettextpo_c_strstr
libgettextpo_c_tolower
libgettextpo_c_toupper
libgettextpo_catalog_reader_alloc
libgettextpo_catalog_reader_free
libgettextpo_catalog_reader_parse
libgettextpo_check_message
libgettextpo_check_message_list
libgettextpo_check_msgid_msgstr_format
libgettextpo_check_msgid_msgstr_format_i
libgettextpo_check_plural_eval
libgettextpo_concatenated_filename
libgettextpo_default_add_message
libgettextpo_default_catalog_reader_alloc
libgettextpo_default_comment
libgettextpo_default_comment_dot
libgettextpo_default_comment_filepos
libgettextpo_default_comment_special
libgettextpo_default_constructor
libgettextpo_default_destructor
libgettextpo_default_directive_domain
libgettextpo_default_directive_message
libgettextpo_default_parse_brief
libgettextpo_default_parse_debrief
libgettextpo_default_set_domain
libgettextpo_dir_list_append
libgettextpo_dir_list_nth
libgettextpo_dir_list_restore
libgettextpo_dir_list_save_reset
libgettextpo_dup_cloexec
libgettextpo_error
libgettextpo_error_at_line
libgettextpo_error_with_progname
libgettextpo_execute_all_close_hooks
libgettextpo_execute_all_ioctl_hooks
libgettextpo_execute_close_hooks
libgettextpo_execute_ioctl_hooks
libgettextpo_exit_failure
libgettextpo_extract_plural_expression
libgettextpo_fcntl
libgettextpo_format_language
libgettextpo_format_language_pretty
libgettextpo_formatstring_awk
libgettextpo_formatstring_boost
libgettextpo_formatstring_c
libgettextpo_formatstring_csharp
libgettextpo_formatstring_elisp
libgettextpo_formatstring_gcc_internal
libgettextpo_formatstring_gfc_internal
libgettextpo_formatstring_java
libgettextpo_formatstring_java_printf
libgettextpo_formatstring_javascript
libgettextpo_formatstring_kde
libgettextpo_formatstring_kde_kuit
libgettextpo_formatstring_librep
libgettextpo_formatstring_lisp
libgettextpo_formatstring_lua
libgettextpo_formatstring_objc
libgettextpo_formatstring_parsers
libgettextpo_formatstring_pascal
libgettextpo_formatstring_perl
libgettextpo_formatstring_perl_brace
libgettextpo_formatstring_php
libgettextpo_formatstring_python
libgettextpo_formatstring_python_brace
libgettextpo_formatstring_qt
libgettextpo_formatstring_qt_plural
libgettextpo_formatstring_ruby
libgettextpo_formatstring_scheme
libgettextpo_formatstring_sh
libgettextpo_formatstring_smalltalk
libgettextpo_formatstring_tcl
libgettextpo_formatstring_ycp
libgettextpo_free_plural_expression
libgettextpo_freea
libgettextpo_fstrcmp_bounded
libgettextpo_fstrcmp_free_resources
libgettextpo_fsync
libgettextpo_fuzzy_search_goal_function
libgettextpo_fwriteerror
libgettextpo_fwriteerror_no_ebadf
libgettextpo_gcd
libgettextpo_germanic_plural
libgettextpo_get_python_format_unnamed_arg_count
libgettextpo_get_stat_atime
libgettextpo_get_stat_atime_ns
libgettextpo_get_stat_birthtime
libgettextpo_get_stat_birthtime_ns
libgettextpo_get_stat_ctime
libgettextpo_get_stat_ctime_ns
libgettextpo_get_stat_mtime
libgettextpo_get_stat_mtime_ns
libgettextpo_get_sysdep_c_format_directives
libgettextpo_getdelim
libgettextpo_getdtablesize
libgettextpo_getprogname
libgettextpo_gl_linked_list_implementation
libgettextpo_gl_list_add_after
libgettextpo_gl_list_add_at
libgettextpo_gl_list_add_before
libgettextpo_gl_list_add_first
libgettextpo_gl_list_add_last
libgettextpo_gl_list_create
libgettextpo_gl_list_create_empty
libgettextpo_gl_list_free
libgettextpo_gl_list_get_at
libgettextpo_gl_list_get_first
libgettextpo_gl_list_get_last
libgettextpo_gl_list_indexof
libgettextpo_gl_list_indexof_from
libgettextpo_gl_list_indexof_from_to
libgettextpo_gl_list_iterator
libgettextpo_gl_list_iterator_free
libgettextpo_gl_list_iterator_from_to
libgettextpo_gl_list_iterator_next
libgettextpo_gl_list_next_node
libgettextpo_gl_list_node_nx_set_value
libgettextpo_gl_list_node_set_value
libgettextpo_gl_list_node_value
libgettextpo_gl_list_nx_add_after
libgettextpo_gl_list_nx_add_at
libgettextpo_gl_list_nx_add_before
libgettextpo_gl_list_nx_add_first
libgettextpo_gl_list_nx_add_last
libgettextpo_gl_list_nx_create
libgettextpo_gl_list_nx_create_empty
libgettextpo_gl_list_nx_set_at
libgettextpo_gl_list_nx_set_first
libgettextpo_gl_list_nx_set_last
libgettextpo_gl_list_previous_node
libgettextpo_gl_list_remove
libgettextpo_gl_list_remove_at
libgettextpo_gl_list_remove_first
libgettextpo_gl_list_remove_last
libgettextpo_gl_list_remove_node
libgettextpo_gl_list_search
libgettextpo_gl_list_search_from
libgettextpo_gl_list_search_from_to
libgettextpo_gl_list_set_at
libgettextpo_gl_list_set_first
libgettextpo_gl_list_set_last
libgettextpo_gl_list_size
libgettextpo_gl_msvc_inval_ensure_handler
libgettextpo_gl_sortedlist_add
libgettextpo_gl_sortedlist_indexof
libgettextpo_gl_sortedlist_indexof_from_to
libgettextpo_gl_sortedlist_nx_add
libgettextpo_gl_sortedlist_remove
libgettextpo_gl_sortedlist_search
libgettextpo_gl_sortedlist_search_from_to
libgettextpo_glwthread_mutex_destroy
libgettextpo_glwthread_mutex_init
libgettextpo_glwthread_mutex_lock
libgettextpo_glwthread_mutex_trylock
libgettextpo_glwthread_mutex_unlock
libgettextpo_glwthread_once
libgettextpo_glwthread_recmutex_destroy
libgettextpo_glwthread_recmutex_init
libgettextpo_glwthread_recmutex_lock
libgettextpo_glwthread_recmutex_trylock
libgettextpo_glwthread_recmutex_unlock
libgettextpo_glwthread_rwlock_destroy
libgettextpo_glwthread_rwlock_init
libgettextpo_glwthread_rwlock_rdlock
libgettextpo_glwthread_rwlock_tryrdlock
libgettextpo_glwthread_rwlock_trywrlock
libgettextpo_glwthread_rwlock_unlock
libgettextpo_glwthread_rwlock_wrlock
libgettextpo_glwthread_tls_get
libgettextpo_glwthread_tls_key_create
libgettextpo_glwthread_tls_key_delete
libgettextpo_glwthread_tls_process_destructors
libgettextpo_glwthread_tls_set
libgettextpo_gnu_mbswidth
libgettextpo_gram_max_allowed_errors
libgettextpo_gram_pos
libgettextpo_gram_pos_column
libgettextpo_handle_filepos_comment_option
libgettextpo_hard_locale
libgettextpo_hash_destroy
libgettextpo_hash_find_entry
libgettextpo_hash_init
libgettextpo_hash_insert_entry
libgettextpo_hash_iterate
libgettextpo_hash_iterate_modify
libgettextpo_hash_set_value
libgettextpo_iconveh_close
libgettextpo_iconveh_open
libgettextpo_input_format_po
libgettextpo_install_sigfpe_handler
libgettextpo_is_ascii_message
libgettextpo_is_ascii_message_list
libgettextpo_is_ascii_msgdomain_list
libgettextpo_is_ascii_string
libgettextpo_is_ascii_string_list
libgettextpo_last_component
libgettextpo_lex_end
libgettextpo_lex_start
libgettextpo_locale_charset
libgettextpo_make_format_description_string
libgettextpo_make_range_description_string
libgettextpo_markup_parse_context_end_parse
libgettextpo_markup_parse_context_free
libgettextpo_markup_parse_context_get_error
libgettextpo_markup_parse_context_new
libgettextpo_markup_parse_context_parse
libgettextpo_maybe_print_progname
libgettextpo_mbsnwidth
libgettextpo_mem_cd_iconv
libgettextpo_mem_cd_iconveh
libgettextpo_mem_iconveh
libgettextpo_mem_iconveha
libgettextpo_message_alloc
libgettextpo_message_comment_append
libgettextpo_message_comment_dot_append
libgettextpo_message_comment_filepos
libgettextpo_message_copy
libgettextpo_message_free
libgettextpo_message_list_alloc
libgettextpo_message_list_append
libgettextpo_message_list_copy
libgettextpo_message_list_free
libgettextpo_message_list_insert_at
libgettextpo_message_list_list_alloc
libgettextpo_message_list_list_append
libgettextpo_message_list_list_append_list
libgettextpo_message_list_list_free
libgettextpo_message_list_list_search
libgettextpo_message_list_msgids_changed
libgettextpo_message_list_prepend
libgettextpo_message_list_remove_if_not
libgettextpo_message_list_search
libgettextpo_message_list_search_fuzzy
libgettextpo_message_page_width_ignore
libgettextpo_message_page_width_set
libgettextpo_message_print_comment
libgettextpo_message_print_comment_dot
libgettextpo_message_print_comment_filepos
libgettextpo_message_print_comment_flags
libgettextpo_message_print_style_comment
libgettextpo_message_print_style_escape
libgettextpo_message_print_style_filepos
libgettextpo_message_print_style_indent
libgettextpo_message_print_style_uniforum
libgettextpo_mmalloca
libgettextpo_msgdomain_alloc
libgettextpo_msgdomain_free
libgettextpo_msgdomain_list_alloc
libgettextpo_msgdomain_list_append
libgettextpo_msgdomain_list_copy
libgettextpo_msgdomain_list_free
libgettextpo_msgdomain_list_print
libgettextpo_msgdomain_list_sort_by_filepos
libgettextpo_msgdomain_list_sort_by_msgid
libgettextpo_msgdomain_list_sublist
libgettextpo_multiline_error
libgettextpo_multiline_warning
libgettextpo_next_prime
libgettextpo_obstack_alloc_failed_handler
libgettextpo_open_catalog_file
libgettextpo_output_format_po
libgettextpo_parse_plural_expression
libgettextpo_pass_obsolete_entries
libgettextpo_plural_eval
libgettextpo_plural_table
libgettextpo_plural_table_size
libgettextpo_po_callback_comment
libgettextpo_po_callback_comment_dispatcher
libgettextpo_po_callback_comment_dot
libgettextpo_po_callback_comment_filepos
libgettextpo_po_callback_comment_special
libgettextpo_po_callback_domain
libgettextpo_po_callback_message
libgettextpo_po_charset_ascii
libgettextpo_po_charset_ascii_compatible
libgettextpo_po_charset_canonicalize
libgettextpo_po_charset_character_iterator
libgettextpo_po_charset_utf8
libgettextpo_po_error
libgettextpo_po_error_at_line
libgettextpo_po_gram_char
libgettextpo_po_gram_error
libgettextpo_po_gram_error_at_line
libgettextpo_po_gram_lex
libgettextpo_po_gram_lval
libgettextpo_po_gram_nerrs
libgettextpo_po_gram_parse
libgettextpo_po_is_charset_weird
libgettextpo_po_is_charset_weird_cjk
libgettextpo_po_lex_charset
libgettextpo_po_lex_charset_close
libgettextpo_po_lex_charset_init
libgettextpo_po_lex_charset_set
libgettextpo_po_lex_iconv
libgettextpo_po_lex_pass_comments
libgettextpo_po_lex_pass_obsolete_entries
libgettextpo_po_lex_weird_cjk
libgettextpo_po_multiline_error
libgettextpo_po_multiline_warning
libgettextpo_po_parse_comment_special
libgettextpo_po_xerror
libgettextpo_po_xerror2
libgettextpo_possible_format_p
libgettextpo_printf_fetchargs
libgettextpo_printf_parse
libgettextpo_rawmemchr
libgettextpo_read_catalog_file
libgettextpo_read_catalog_stream
libgettextpo_register_fd_hook
libgettextpo_rpl_close
libgettextpo_rpl_dup2
libgettextpo_rpl_error_message_count
libgettextpo_rpl_error_one_per_line
libgettextpo_rpl_error_print_progname
libgettextpo_rpl_fdopen
libgettextpo_rpl_fopen
libgettextpo_rpl_fprintf
libgettextpo_rpl_fputc
libgettextpo_rpl_fputs
libgettextpo_rpl_fstat
libgettextpo_rpl_fwrite
libgettextpo_rpl_getline
libgettextpo_rpl_iswalnum
libgettextpo_rpl_iswalpha
libgettextpo_rpl_iswblank
libgettextpo_rpl_iswcntrl
libgettextpo_rpl_iswdigit
libgettextpo_rpl_iswgraph
libgettextpo_rpl_iswlower
libgettextpo_rpl_iswprint
libgettextpo_rpl_iswpunct
libgettextpo_rpl_iswspace
libgettextpo_rpl_iswupper
libgettextpo_rpl_iswxdigit
libgettextpo_rpl_malloc
libgettextpo_rpl_mbrtowc
libgettextpo_rpl_mbsinit
libgettextpo_rpl_open
libgettextpo_rpl_printf
libgettextpo_rpl_putchar
libgettextpo_rpl_puts
libgettextpo_rpl_raise
libgettextpo_rpl_realloc
libgettextpo_rpl_signal
libgettextpo_rpl_stat
libgettextpo_rpl_strerror
libgettextpo_rpl_strstr
libgettextpo_rpl_towlower
libgettextpo_rpl_towupper
libgettextpo_rpl_vfprintf
libgettextpo_rpl_vprintf
libgettextpo_sentence_end
libgettextpo_sentence_end_required_spaces
libgettextpo_set_cloexec_flag
libgettextpo_setlocale_null
libgettextpo_setlocale_null_r
libgettextpo_sigaddset
libgettextpo_sigdelset
libgettextpo_sigemptyset
libgettextpo_sigfillset
libgettextpo_sigfpe_exit
libgettextpo_sigismember
libgettextpo_significant_format_p
libgettextpo_sigpending
libgettextpo_sigprocmask
libgettextpo_stat_time_normalize
libgettextpo_stpcpy
libgettextpo_stpncpy
libgettextpo_str_cd_iconv
libgettextpo_str_cd_iconveh
libgettextpo_str_iconv
libgettextpo_str_iconveh
libgettextpo_str_iconveha
libgettextpo_strchrnul
libgettextpo_strerror_override
libgettextpo_string_list_alloc
libgettextpo_string_list_append
libgettextpo_string_list_append_unique
libgettextpo_string_list_concat
libgettextpo_string_list_concat_destroy
libgettextpo_string_list_destroy
libgettextpo_string_list_free
libgettextpo_string_list_init
libgettextpo_string_list_join
libgettextpo_string_list_member
libgettextpo_string_list_remove
libgettextpo_syntax_check_message_list
libgettextpo_syntax_check_name
libgettextpo_textmode_xerror
libgettextpo_textmode_xerror2
libgettextpo_u16_mbtouc_aux
libgettextpo_u8_check
libgettextpo_u8_conv_from_encoding
libgettextpo_u8_mblen
libgettextpo_u8_mbtouc_aux
libgettextpo_u8_mbtouc_unsafe_aux
libgettextpo_u8_mbtoucr
libgettextpo_u8_next
libgettextpo_u8_possible_linebreaks
libgettextpo_u8_prev
libgettextpo_u8_strmbtouc
libgettextpo_u8_uctomb_aux
libgettextpo_u8_width_linebreaks
libgettextpo_uc_is_alpha
libgettextpo_uc_is_space
libgettextpo_uc_width
libgettextpo_ulc_width_linebreaks
libgettextpo_uniconv_register_autodetect
libgettextpo_unilbrk_is_all_ascii
libgettextpo_unilbrk_is_utf8_encoding
libgettextpo_unilbrk_table
libgettextpo_unilbrkprop
libgettextpo_uninstall_sigfpe_handler
libgettextpo_unregister_fd_hook
libgettextpo_vasnprintf
libgettextpo_version
libgettextpo_wcwidth
libgettextpo_x2realloc
libgettextpo_xalloc_die
libgettextpo_xasprintf
libgettextpo_xcalloc
libgettextpo_xconcatenated_filename
libgettextpo_xmalloc
libgettextpo_xmalloc_exit_failure
libgettextpo_xmax
libgettextpo_xmem_cd_iconv
libgettextpo_xmemdup
libgettextpo_xmmalloca
libgettextpo_xnmalloc
libgettextpo_xrealloc
libgettextpo_xstr_cd_iconv
libgettextpo_xstr_iconv
libgettextpo_xstrdup
libgettextpo_xsum
libgettextpo_xsum3
libgettextpo_xsum4
libgettextpo_xvasprintf
libgettextpo_xzalloc
po_file_check_all
po_file_create
po_file_domain_header
po_file_domains
po_file_free
po_file_read
po_file_read_v2
po_file_read_v3
po_file_write
po_file_write_v2
po_filepos_file
po_filepos_start_line
po_format_list
po_format_pretty_name
po_header_field
po_header_set_field
po_message_add_filepos
po_message_check_all
po_message_check_format
po_message_check_format_v2
po_message_comments
po_message_create
po_message_extracted_comments
po_message_filepos
po_message_insert
po_message_is_format
po_message_is_fuzzy
po_message_is_obsolete
po_message_is_range
po_message_iterator
po_message_iterator_free
po_message_msgctxt
po_message_msgid
po_message_msgid_plural

Sections

.text
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cc553e6be1e46e34ce7bf7076c6c6a5

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e2:45:7d:02:8c:eb:18:a6:35:a6:a5:bf:69:e7:27:5e:71:14:71:00:7a:93:fb:97:8d:c1:e8:9a:a8:13:6c:38Signer

Headers

DLL Characteristics

File Characteristics

Imports

libintl-8

iconv

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 255KB - Virtual size: 254KB

.data Size: 4KB - Virtual size: 3KB

.rdata Size: 96KB - Virtual size: 96KB

.pdata Size: 11KB - Virtual size: 10KB

.xdata Size: 11KB - Virtual size: 10KB

.bss Size: - Virtual size: 4KB

.edata Size: 20KB - Virtual size: 20KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

/4 Size: 512B - Virtual size: 32B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e2:45:7d:02:8c:eb:18:a6:35:a6:a5:bf:69:e7:27:5e:71:14:71:00:7a:93:fb:97:8d:c1:e8:9a:a8:13:6c:38
Signer

.text
Size: 255KB - Virtual size: 254KB

.data
Size: 4KB - Virtual size: 3KB

.rdata
Size: 96KB - Virtual size: 96KB

.pdata
Size: 11KB - Virtual size: 10KB

.xdata
Size: 11KB - Virtual size: 10KB

.bss
Size: - Virtual size: 4KB

.edata
Size: 20KB - Virtual size: 20KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

/4
Size: 512B - Virtual size: 32B