NEAS[.]100be220c4d24dc98a5bb8f74baa62f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.100be220c4d24dc98a5bb8f74baa62f0.exe
Size

5.7MB
MD5

100be220c4d24dc98a5bb8f74baa62f0
SHA1

325cc62300d32a24d68a3c3616d8b1d483a0679d
SHA256

7e15a27879d46796a2daaca28ea0a40ea0ec1ad249d6e914c35d6f8286612266
SHA512

9eafe01e5f86629aef183b91f9b89d42bba91119a36b9a2d0c9a203788f19b74a172afabc98b3167d96a04f1c21b4310e498a8495cb83bb8521a57825bb4f011
SSDEEP

24576:0WmnC466yMpXQfDpZsK9S12aGM/bPsT+OHnQF6zvb3Toq0I0OeUlWO3xgrW3HWYS:+628PR600IsUxx8W3WYg/IkT

Score

1^/10

Malware Config

Signatures

Files

NEAS.100be220c4d24dc98a5bb8f74baa62f0.exe
.dll windows:4 windows x86 arch:x86

be8faec1b435e4916adb52c03f786c6a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:0f:fa:a0:eb:21:64:bd:41:38:d0:82:c4:04:61:d3:ca:ce:75:c3
Signer

Actual PE Digest

4b:0f:fa:a0:eb:21:64:bd:41:38:d0:82:c4:04:61:d3:ca:ce:75:c3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetWindowTextLengthW
SendMessageW
RegisterClassExW
PostMessageW
GetWindowTextW
SetTimer
UnregisterClassW
DestroyWindow
GetClassInfoW
RegisterClassW
KillTimer
SetWindowTextW
GetWindowLongW
DefWindowProcW
GetWindow
IsWindow
GetSysColor
SetFocus
GetFocus
IsChild
ReleaseDC
GetDC
EndPaint
FillRect
BeginPaint
GetClientRect
SetWindowPos
RedrawWindow
GetClassNameW
GetParent
GetDesktopWindow
RegisterWindowMessageW
GetClassInfoExW
CreateWindowExW
LoadCursorW
SetDlgItemTextW
EndDialog
GetMessageW
PostQuitMessage
GetWindowThreadProcessId
MapWindowPoints
EnumChildWindows
IsRectEmpty
PtInRect
SetForegroundWindow
CopyRect
GetCursorPos
FindWindowW
FindWindowExW
PeekMessageW
TranslateMessage
DispatchMessageW
wsprintfW
CallWindowProcW
GetDlgItem
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableW
SetWindowLongW

gdi32

GetObjectW
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHFileOperationW
ShellExecuteW
Shell_NotifyIconW

ole32

CoUninitialize
CoInitialize
CoFreeLibrary
CoLoadLibrary
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize

oleaut32

OleCreateFontIndirect
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysAllocStringByteLen
SysStringByteLen
VariantCopy
VariantChangeType
DispCallFunc

ws2_32

ntohs
getsockopt
WSAAsyncSelect
ioctlsocket
recvfrom
sendto
socket
closesocket
connect
setsockopt
select
__WSAFDIsSet
recv
htonl
ntohl
inet_addr
inet_ntoa
gethostbyname
gethostname
WSAGetLastError
htons
WSAStartup
WSACleanup
send

kernel32

MoveFileExW
GetDiskFreeSpaceExW
GetSystemTime
WritePrivateProfileSectionW
OpenFileMappingW
FreeLibrary
SetLastError
FormatMessageA
LocalFree
GetModuleFileNameA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
Module32FirstW
GetLongPathNameW
TerminateProcess
CreateMutexW
ReleaseMutex
GetLocalTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessTimes
CreateProcessW
GetFullPathNameW
OpenProcess
GetCurrentProcessId
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
Sleep
lstrcmpW
HeapDestroy
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
GetThreadPriority
SuspendThread
SetEvent
TerminateThread
CreateEventW
SetThreadPriority
ResumeThread
GetCurrentThreadId
WaitForSingleObject
GetExitCodeProcess
DeleteTimerQueueTimer
lstrcmpiW
lstrcpyW
FormatMessageW
DuplicateHandle
lstrcatW
QueryDosDeviceW
CreateRemoteThread
SetEndOfFile
FlushFileBuffers
RemoveDirectoryW
ResetEvent
CreateThread
GetCurrentDirectoryW
SystemTimeToFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
WideCharToMultiByte
lstrlenW
GetPrivateProfileIntW
GetTempPathW
GetTempFileNameW
WritePrivateProfileStringW
DeleteFileW
SetFileAttributesW
SetFilePointer
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
GetFileSize
CloseHandle
FindFirstFileW
FindNextFileW
FindClose
CopyFileW
MoveFileW
CreateDirectoryW
VirtualFree
VirtualAlloc
GetCurrentProcess
FlushInstructionCache
GetTickCount
GetLastError
MultiByteToWideChar
lstrlenA
DebugBreak
GetModuleHandleW
GetModuleFileNameW
GetPrivateProfileStringW
LoadLibraryW
GetProcAddress
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

psapi

EnumProcessModules
GetModuleFileNameExA
GetModuleFileNameExW

msvcp60

?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBGI@Z
?nothrow@std@@3Unothrow_t@1@B
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPAGII@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHPBG@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXPAGPBG1@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?capacity@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z

msvcrt

srand
_ftol
wcscpy
swprintf
getc
putc
exit
_iob
wcstombs
_wctime
??1type_info@@UAE@XZ
_ftime
vswprintf
_wstat
wcscat
_wgetcwd
strrchr
_callnewh
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_stricmp
_CxxThrowException
strcpy
_splitpath
strcat
getenv
_snwprintf
_itow
_wmkdir
_endthread
_beginthread
_wrmdir
_wremove
wcsncmp
realloc
_msize
wcstok
wcstod
tolower
isspace
isalnum
isalpha
sscanf
fputc
fprintf
atof
atoi
_snprintf
_except_handler3
strstr
_strnicmp
strtol
strncmp
strchr
fopen
fwrite
strerror
fseek
ftell
sprintf
_wtoi
_wcslwr
_beginthreadex
_endthreadex
strcmp
calloc
_tempnam
strlen
remove
_lseek
_write
_read
_open
_errno
free
malloc
strncpy
_close
_wcsnicmp
time
_wcsicmp
wcscmp
swscanf
_wtoi64
_wtol
memmove
memcmp
wcsstr
rand
_waccess
_wfopen
fread
fclose
memcpy
memset
_purecall
??2@YAPAXI@Z
wcschr
wcsrchr
wcsncat
_vsnwprintf
__CxxFrameHandler
wcsncpy
_wrename
wcslen

shlwapi

StrTrimW

Exports

Exports

CreateComponent
GetComponentIDs
SetDLLRegistry
SetFactoryHandle
TenioDllCanUnloadNow
TenioDllFreeMap
TenioSetDllSafe

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

be8faec1b435e4916adb52c03f786c6a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4b:0f:fa:a0:eb:21:64:bd:41:38:d0:82:c4:04:61:d3:ca:ce:75:c3Signer

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

kernel32

psapi

msvcp60

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 396KB - Virtual size: 395KB

.data Size: 24KB - Virtual size: 79KB

.idata Size: 20KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 1KB

.tvm0 Size: 8KB - Virtual size: 8KB

.reloc Size: 92KB - Virtual size: 92KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4b:0f:fa:a0:eb:21:64:bd:41:38:d0:82:c4:04:61:d3:ca:ce:75:c3
Signer

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 396KB - Virtual size: 395KB

.data
Size: 24KB - Virtual size: 79KB

.idata
Size: 20KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB

.tvm0
Size: 8KB - Virtual size: 8KB

.reloc
Size: 92KB - Virtual size: 92KB