AliProtect[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

AliProtect.rar
Size

1.2MB
MD5

6c2fc4f7c78c759e47ccde3d66e6a35b
SHA1

4e6c3addbd0d1097f3f0f9ebbf240ff755a5217a
SHA256

2c4e308c5aac3db31f704c3e5a887da9223999080d900ad14ed0dd08b66f6fde
SHA512

3cc63718e25fe975ac1cf5debd835e909ca36504ffd6a067979df9a2453c8132753cccd8e3e8d362e089ed6ef6d88b9b1cc93f2a020c5f25f2fb9d0ce43408f3
SSDEEP

24576:zUYlvG9cU62QcLbuUHYmx0IbX8/jFax5xAbcfUGhUT5Qlz8UHn0i:YYA9cJ2NbfHYmv8bFOUbc8POIUUi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AliProtect.dll

Files

AliProtect.rar
.rar
AliIMStartup.dll
.dll windows:5 windows x86 arch:x86

d530b4c8d23a73207a648244fa63cec8

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:5b:89:6e:78:74:c4:1b:0b:6b:5f:74:93:94:84:8d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/08/2019, 00:00

Not After

07/09/2022, 12:00

Subject

CN=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,OU=application security,O=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:3a:82:10:8d:0f:9c:dc:e1:e3:38:d1:35:6a:df:59
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/08/2019, 00:00

Not After

07/09/2022, 12:00

Subject

CN=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,OU=application security,O=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:d3:5f:95:ea:b1:10:57:b0:95:de:6f:5d:63:f5:b9:a7:e0:b6:77:b9:e0:d1:67:06:80:3a:e3:53:7f:23:8c
Signer

Actual PE Digest

31:d3:5f:95:ea:b1:10:57:b0:95:de:6f:5d:63:f5:b9:a7:e0:b6:77:b9:e0:d1:67:06:80:3a:e3:53:7f:23:8c

Digest Algorithm

sha256

PE Digest Matches

true

ca:59:a9:70:cf:9e:9b:50:e0:8c:dc:67:ac:c9:5a:5c:3f:2a:a1:c2
Signer

Actual PE Digest

ca:59:a9:70:cf:9e:9b:50:e0:8c:dc:67:ac:c9:5a:5c:3f:2a:a1:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

prgipc

?UnInitPrgIPCEnvironment@@YAXXZ
?InitPrgIPCEnvironment@@YAXXZ

gwsdk

?UnInitializeGateway@gw@@YAXXZ
?InitializeGateway@gw@@YAXXZ

guicore

GetI18N
GetUICore
?GenBinXmls@@YAHPA_W@Z
UIGlobalProperty

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW
EnumProcesses

wwutils

?QNCU_IsBindShopProcess@@YAHXZ
?QNCU_GetCurrentServerTime@@YA_KH@Z
?CheckUpdate@CUpdateWrapper@@QAE?AW4Update_Error@UpdateAssist@@ABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0AAW4tag_APP_UPDATE_STATE@@@Z
??0CUpdateWrapper@@QAE@XZ
??1CUpdateWrapper@@UAE@XZ

prgbase

?CreateXParam@@YAJPAPAVIXParam@prg@@@Z
?SysWideToUTF8@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?SysUTF8ToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
?NumberToString@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?UTF8ToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
??4FilePath@base@@QAEAAV01@$$QAV01@@Z
??0FilePath@base@@QAE@V?$BasicStringPiece@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@1@@Z
??1FilePath@base@@QAE@XZ
?CreateFromHere@Location@base@@SA?AV12@PBD0H@Z
?DeleteFileW@base@@YA_NABVFilePath@1@_N@Z
?NumberToString@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
??1LockImpl@internal@base@@QAE@XZ
??0LockImpl@internal@base@@QAE@XZ
?DirName@FilePath@base@@QBE?AV12@XZ
?BaseName@FilePath@base@@QBE?AV12@XZ
?Extension@FilePath@base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
??0FilePath@base@@QAE@ABV01@@Z
??0BindStateBase@internal@base@@AAE@P6AXXZP6AXPBV012@@Z@Z
??1WaitableEvent@base@@QAE@XZ
??1TraceResultBuffer@trace_event@base@@QAE@XZ
?Destruct@TaskRunnerTraits@base@@SAXPBVTaskRunner@2@@Z
?CompleteLazyInstance@internal@base@@YAXPAHHP6AXPAX@Z1@Z
?NeedsLazyInstance@internal@base@@YA_NPAH@Z
??0CallbackBase@internal@base@@QAE@$$QAVCallbackBaseCopyable@12@@Z
?Stop@Thread@base@@QAEXXZ
?Finish@TraceResultBuffer@trace_event@base@@QAEXXZ
?Wait@WaitableEvent@base@@QAEXXZ
?PostTask@TaskRunner@base@@QAE_NABVLocation@2@V?$OnceCallback@$$A6AXXZ@2@@Z
?StartWithOptions@Thread@base@@QAE_NABUOptions@12@@Z
??1Options@Thread@base@@QAE@XZ
??0Options@Thread@base@@QAE@XZ
??1Thread@base@@UAE@XZ
??0Thread@base@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0WaitableEvent@base@@QAE@W4ResetPolicy@01@W4InitialState@01@@Z
?Start@TraceResultBuffer@trace_event@base@@QAEXXZ
?SetOutputCallback@TraceResultBuffer@trace_event@base@@QAEXABV?$RepeatingCallback@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@3@@Z
??0TraceResultBuffer@trace_event@base@@QAE@XZ
?Flush@TraceLog@trace_event@base@@QAEXABV?$RepeatingCallback@$$A6AXABV?$scoped_refptr@VRefCountedString@base@@@@_N@Z@3@_N@Z
?SetDisabled@TraceLog@trace_event@base@@QAEXXZ
?SetEnabled@TraceLog@trace_event@base@@QAEXABVTraceConfig@23@E@Z
??1TraceConfig@trace_event@base@@QAE@XZ
??0TraceConfig@trace_event@base@@QAE@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@0@Z
?SetTraceEventCallbackBreak@TraceLog@trace_event@base@@QAEX_N@Z
?AsWStringUnsafe@FilePath@base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
??0CallbackBaseCopyable@internal@base@@QAE@ABV012@@Z
?SetTraceEventCallback@TraceLog@trace_event@base@@QAEXV?$RepeatingCallback@$$A6AXEABVTimeTicks@base@@ABUTraceEventData@TraceLog@trace_event@2@@Z@3@@Z
?Signal@WaitableEvent@base@@QAEXXZ
?AddFragment@TraceResultBuffer@trace_event@base@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1CallbackBase@internal@base@@IAE@XZ
??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z
?Unlock@LockImpl@internal@base@@QAEXXZ
?Lock@LockImpl@internal@base@@QAEXXZ
?GetSwitchValueNative@CommandLine@base@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@Z
?GetInstance@Pinyin@prg@@SAPAV12@XZ
?InitPinyin@Pinyin@prg@@QAE_NABVFilePath@base@@@Z
?GetCategoryGroupEnabled@TraceLog@trace_event@base@@SAPBEPBD@Z
?CreateAndStartWithDefaultParams@TaskScheduler@base@@SAXV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@Z
?GetInstance@ThreadIdNameManager@base@@SAPAV12@XZ
?SetName@ThreadIdNameManager@base@@QAEXKABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?InitUIMessageLoop@base@@YA_NXZ
??1AtExitManager@base@@QAE@XZ
??0AtExitManager@base@@QAE@XZ
?GetSwitchValueASCII@CommandLine@base@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@Z
?SysNativeMBToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
?HasSwitch@CommandLine@base@@QBE_NQBD@Z
?ForCurrentProcess@CommandLine@base@@SAPAV12@XZ
?Init@CommandLine@base@@SA_NHPBQBD@Z
?ReadFile@base@@YAHABVFilePath@1@PADH@Z
?GetFileSize@base@@YA_NABVFilePath@1@PA_J@Z
?Base64Encode@base@@YAXABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0FilePath@base@@QAE@XZ
?GetInstance@TraceLog@trace_event@base@@SAPAV123@XZ
?AddTraceEventWithThreadIdAndTimestamp@TraceLog@trace_event@base@@QAE?AUTraceEventHandle@23@DPBEPBD1_K2HABVTimeTicks@3@HPBQBD0PB_KPAV?$unique_ptr@VConvertableToTraceFormat@trace_event@base@@U?$default_delete@VConvertableToTraceFormat@trace_event@base@@@std@@@std@@I@Z
?Now@TimeTicks@base@@SA?AV12@XZ
?StringPrintV@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WPAD@Z
?InitAsycLoggingHandler@@YAHABVFilePath@base@@0@Z
?Append@FilePath@base@@QBE?AV12@V?$BasicStringPiece@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@Z
?CurrentId@PlatformThread@base@@SAKXZ

prgnet

?GetErrorMsg@net@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?GetStatusText@HttpResponseHeaders@net@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetDataInUnicode@HttpResponse@net@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
??0HttpResponse@net@@QAE@XZ
??0HttpRequest@net@@QAE@XZ
??1HttpResponse@net@@QAE@XZ
??1HttpRequest@net@@QAE@XZ
?SendRequest@net@@YAXABUHttpRequest@1@HAAVHttpResponse@1@@Z

prgcore

?GetPrgCOM@@YAJPAPAVIPrgCOM@prg@@@Z

kernel32

UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
WaitForSingleObjectEx
SetEvent
OutputDebugStringW
IsDebuggerPresent
CreateEventW
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetFileSize
FlushFileBuffers
SetFilePointer
WriteFile
CreateFileW
GetFileAttributesW
WaitForSingleObject
RemoveDirectoryW
GetProcessId
OpenProcess
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetVersionExW
SetLastError
CloseHandle
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetProcessShutdownParameters
GetProcessShutdownParameters
SetUnhandledExceptionFilter
LockResource
SizeofResource
FindResourceExW
LoadResource
FindResourceW
MulDiv
RaiseException
WritePrivateProfileStringW
GetCurrentThreadId
Sleep
InterlockedCompareExchange
LoadLibraryExW
GetCurrentProcessId
CreateProcessW
GetModuleHandleW
GetCurrentThread
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetPrivateProfileStringW
FindNextFileW
FindClose
FindFirstFileW
DeleteFileW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetLastError
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
InterlockedDecrement
GetSystemDefaultLangID
InitializeCriticalSection
DeleteCriticalSection

user32

FlashWindowEx
GetDC
ReleaseDC
MessageBoxW
FlashWindow

gdi32

GetDeviceCaps

advapi32

GetAclInformation
EqualSid
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CryptAcquireContextW
CryptImportKey
CryptSetKeyParam
CryptEncrypt
CryptDestroyKey
InitializeAcl
IsValidSid
OpenThreadToken
OpenProcessToken
CheckTokenMembership
GetTokenInformation
GetAce
AddAce
CryptReleaseContext
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
GetLengthSid
RegCreateKeyExW
RegSetValueExW
CopySid

shell32

SHCreateDirectoryExW
SHFileOperationW
CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
OleInitialize
StringFromGUID2
CoCreateGuid
OleUninitialize
CoUninitialize
CoInitialize

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

shlwapi

StrCmpW
PathCanonicalizeW
PathFileExistsW
PathFindFileNameW

msvcp140

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
??1codecvt_base@std@@UAE@XZ
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??1facet@locale@std@@MAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
??1_Facet_base@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
_Wcscoll
_Wcsxfrm
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xlength_error@std@@YAXPBD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7codecvt_base@std@@6B@
?_Xbad_alloc@std@@YAXXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??_7facet@locale@std@@6B@
??_7_Facet_base@std@@6B@
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z

rvcore

GetRvCore

arphadump

GetArphaCrashDump
GetArphaApp
GetArphaService

gdiplus

GdiplusStartup

userenv

UnloadUserProfile

vcruntime140

__CxxFrameHandler3
__RTDynamicCast
memcpy
__std_type_info_destroy_list
_CxxThrowException
_except_handler4_common
_purecall
strchr
memmove
memchr
memcmp
__std_exception_destroy
__std_exception_copy
wcsrchr
wcsstr
memset

api-ms-win-crt-string-l1-1-0

strlen
_wcsicmp
wcslen
wcscat_s
isspace
wcsnlen
wcscpy_s
wmemcpy_s
wcscmp

api-ms-win-crt-heap-l1-1-0

_recalloc
realloc
_callnewh
malloc
free
calloc

api-ms-win-crt-runtime-l1-1-0

_resetstkoflw
_seh_filter_dll
_crt_atexit
_invalid_parameter_noinfo_noreturn
_errno
_configure_narrow_argv
_initterm_e
_initterm
_execute_onexit_table
_invalid_parameter_noinfo
_register_onexit_function
_cexit
terminate
_getpid
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

_wfopen_s
fwrite
ftell
fread
fgetc
fputc
ungetc
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
__stdio_common_vfprintf
__acrt_iob_func
_get_stream_buffer_pointers
fclose
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf
fseek

api-ms-win-crt-convert-l1-1-0

_wtoi
_itow

api-ms-win-crt-environment-l1-1-0

_wputenv_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

AliEntry
ChromeTracingFilePath
ChromeTracingFlowStepDrop
ChromeTracingIsRuning
ChromeTracingStart
ChromeTracingStop

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AliProtect.dll
.dll windows:5 windows x86 arch:x86

cf0597cb08b33a296b9704ca9785337d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTimeZoneInformation
GetStringTypeW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
GetACP
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
IsValidCodePage
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetStdHandle
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
VirtualQuery
VirtualAlloc
GetSystemInfo
IsProcessorFeaturePresent
GetFileSize
IsDebuggerPresent
HeapQueryInformation
GetModuleHandleExW
ExitThread
CreateThread
GetCommandLineA
RtlUnwind
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
Sleep
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
lstrcpyW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameW
lstrcmpiW
GetCPInfo
ExitProcess
GetOEMCP
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
DeleteFileW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
CopyFileW
FormatMessageW
GlobalSize
MulDiv
GlobalFlags
GlobalFindAtomW
LoadLibraryA
FreeResource
GetSystemDirectoryW
EncodePointer
SetErrorMode
LocalFree
LocalReAlloc
LocalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryW
GetModuleHandleA
SetLastError
OutputDebugStringA
GetCurrentProcessId
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
GetVersionExW
GetCurrentThread
ResumeThread
SetThreadPriority
GetCurrentThreadId
WaitForSingleObject
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
CreateFileA
GetModuleFileNameA
ReadFile

user32

GetWindowRgn
DrawIcon
SetParent
SetRect
SetCursorPos
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetSystemMenu
IsZoomed
GetComboBoxInfo
TrackMouseEvent
GetKeyNameTextW
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
MonitorFromPoint
UpdateLayeredWindow
IsMenu
UnionRect
SetWindowRgn
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
MessageBeep
GetIconInfo
DrawIconEx
LoadImageW
IsRectEmpty
OffsetRect
SetRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
EndDialog
CreateDialogIndirectParamW
IntersectRect
SendDlgItemMessageA
InflateRect
GetMenuItemInfoW
DestroyMenu
CharUpperW
DestroyIcon
IsIconic
FillRect
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
DestroyCursor
KillTimer
SetTimer
DeleteMenu
SystemParametersInfoW
CopyImage
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
LoadCursorW
GetSysColorBrush
ReleaseDC
GetDC
GetSystemMetrics
RealChildWindowFromPoint
GetDesktopWindow
ClientToScreen
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MapDialogRect
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongW
InvalidateRect
LockWindowUpdate
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
UnhookWindowsHookEx
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongW
MessageBoxW
IsWindowEnabled
EnableWindow
SetCursor
ShowOwnedPopups
PostQuitMessage
PostMessageW
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
SendMessageW
UnregisterClassW
GetNextDlgTabItem

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
MoveToEx
Polyline
Rectangle
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
SetROP2
SetPolyFillMode
GetLayout
Polygon
CreateBitmap
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
CreateDCW
CopyMetaFileW
GetDeviceCaps
DeleteObject
GetObjectW
SetTextColor
SetBkColor
SetTextAlign

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
SHAppBarMessage
DragFinish

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
PathRemoveFileSpecA
StrFormatKBSizeW

uxtheme

CloseThemeData
GetThemePartSize
GetWindowTheme
GetThemeSysColor
DrawThemeText
DrawThemeParentBackground
OpenThemeData
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeBackground
GetThemeColor
GetCurrentThemeName

ole32

OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor

oleaut32

SysAllocString
VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Exports

Exports

Execute
OutputOperatorFileLog
SetupAPIHook
SureOperatorFileBegin
SureOperatorFileEnd
UnhookAPIHook

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AliWorkbench.exe
.exe windows:5 windows x86 arch:x86

3fc6dcbe19f618d716856c0cba59ca9d

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:5b:89:6e:78:74:c4:1b:0b:6b:5f:74:93:94:84:8d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/08/2019, 00:00

Not After

07/09/2022, 12:00

Subject

CN=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,OU=application security,O=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:3a:82:10:8d:0f:9c:dc:e1:e3:38:d1:35:6a:df:59
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/08/2019, 00:00

Not After

07/09/2022, 12:00

Subject

CN=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,OU=application security,O=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:94:1e:75:72:bc:41:cd:58:7e:f4:48:14:2d:48:c3:22:9d:da:9d:14:cb:6b:40:9b:e2:be:f1:c8:58:58:89
Signer

Actual PE Digest

79:94:1e:75:72:bc:41:cd:58:7e:f4:48:14:2d:48:c3:22:9d:da:9d:14:cb:6b:40:9b:e2:be:f1:c8:58:58:89

Digest Algorithm

sha256

PE Digest Matches

true

de:c7:3a:0d:73:a1:aa:49:ab:c2:5e:6b:e5:b8:f3:20:30:47:26:f0
Signer

Actual PE Digest

de:c7:3a:0d:73:a1:aa:49:ab:c2:5e:6b:e5:b8:f3:20:30:47:26:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateFileW
ReadFile
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
CopyFileW
DeleteFileW
FindFirstFileW
FindClose
LocalAlloc
lstrcmpA
GetFileSize
CreateProcessW
WaitForSingleObject
GetModuleHandleW
WriteFile
SetFilePointer
FlushFileBuffers
GetLocalTime
HeapSize
GetCurrentProcessId
OpenProcess
GlobalAlloc
GlobalFree
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LoadLibraryW
FreeLibrary
Sleep
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapDestroy
SetCurrentDirectoryW
GetModuleHandleA
GetProcAddress
LoadLibraryExW
SetEnvironmentVariableW
GetLastError
GetEnvironmentVariableW
GetVersionExW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
WriteConsoleW
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
EnumSystemLocalesW
LocalFree
GetPrivateProfileStringW
GetFileAttributesW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
MoveFileExW
InitializeCriticalSection
IsDebuggerPresent
OutputDebugStringW
EncodePointer
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlUnwind
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID

user32

MessageBoxW

advapi32

CheckTokenMembership
FreeSid
OpenProcessToken
GetTokenInformation
LookupAccountSidW
GetUserNameW
DuplicateTokenEx
AllocateAndInitializeSid

shell32

ShellExecuteExW
SHCreateDirectoryExW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoInitializeSecurity

oleaut32

VariantTimeToSystemTime
VarUdateFromDate
SystemTimeToVariantTime

shlwapi

PathCanonicalizeW
PathFileExistsW

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CryptDecodeObject
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CryptQueryObject

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PX.txt

Sharing

General

Malware Config

Signatures

Files

d530b4c8d23a73207a648244fa63cec8

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

07:5b:89:6e:78:74:c4:1b:0b:6b:5f:74:93:94:84:8dCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:3a:82:10:8d:0f:9c:dc:e1:e3:38:d1:35:6a:df:59Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

31:d3:5f:95:ea:b1:10:57:b0:95:de:6f:5d:63:f5:b9:a7:e0:b6:77:b9:e0:d1:67:06:80:3a:e3:53:7f:23:8cSigner

ca:59:a9:70:cf:9e:9b:50:e0:8c:dc:67:ac:c9:5a:5c:3f:2a:a1:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

prgipc

gwsdk

guicore

comctl32

psapi

wwutils

prgbase

prgnet

prgcore

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

rvcore

arphadump

gdiplus

userenv

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 263KB - Virtual size: 263KB

.rdata Size: 95KB - Virtual size: 94KB

.data Size: 3KB - Virtual size: 4KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 121KB - Virtual size: 120KB

.reloc Size: 20KB - Virtual size: 19KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

07:5b:89:6e:78:74:c4:1b:0b:6b:5f:74:93:94:84:8d
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:3a:82:10:8d:0f:9c:dc:e1:e3:38:d1:35:6a:df:59
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

31:d3:5f:95:ea:b1:10:57:b0:95:de:6f:5d:63:f5:b9:a7:e0:b6:77:b9:e0:d1:67:06:80:3a:e3:53:7f:23:8c
Signer

ca:59:a9:70:cf:9e:9b:50:e0:8c:dc:67:ac:c9:5a:5c:3f:2a:a1:c2
Signer

.text
Size: 263KB - Virtual size: 263KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 3KB - Virtual size: 4KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 121KB - Virtual size: 120KB

.reloc
Size: 20KB - Virtual size: 19KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 310KB - Virtual size: 310KB

.data
Size: 23KB - Virtual size: 53KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 114KB - Virtual size: 113KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

07:5b:89:6e:78:74:c4:1b:0b:6b:5f:74:93:94:84:8d
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:3a:82:10:8d:0f:9c:dc:e1:e3:38:d1:35:6a:df:59
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

79:94:1e:75:72:bc:41:cd:58:7e:f4:48:14:2d:48:c3:22:9d:da:9d:14:cb:6b:40:9b:e2:be:f1:c8:58:58:89
Signer

de:c7:3a:0d:73:a1:aa:49:ab:c2:5e:6b:e5:b8:f3:20:30:47:26:f0
Signer