27d1a091f5d90de8c84b6f58b000bbc03f4e19edb072b39815a2610f98de94b3

Sharing

Copy URL Twitter E-mail

General

Target

27d1a091f5d90de8c84b6f58b000bbc03f4e19edb072b39815a2610f98de94b3
Size

2.1MB
MD5

915ab773bfac7867d98e34e0b3a21c85
SHA1

2ea1eab900e4e089744b9f6233ceab0a6f83ec7a
SHA256

27d1a091f5d90de8c84b6f58b000bbc03f4e19edb072b39815a2610f98de94b3
SHA512

b0483a9a3eb2c12902819f0886b7d9e3da6e40e36ad3612e78e2db0e049a0e170492e3c874d13c8c8f86fd7e0dab7ea85d35400d5e2b69881af29156e1953625
SSDEEP

49152:hddhpkoG13DGNymNDLMddhpkoG13DGNymNDL+26kjVkmkVG:5hpHC3qNFNDL0hpHC3qNFNDL+2vVkmkU

Score

1^/10

Malware Config

Signatures

Files

27d1a091f5d90de8c84b6f58b000bbc03f4e19edb072b39815a2610f98de94b3
.zip
TSandbox64.dll
.dll windows:5 windows x64 arch:x64

38f74a4c9bdf630913de698d25ad5169

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/09/2023, 00:00

Not After

28/09/2024, 23:59

Subject

CN=Guangzhou Quan'an Software Co.\, Ltd.,O=Guangzhou Quan'an Software Co.\, Ltd.,L=guangzhou,ST=Guangdong province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/09/2023, 00:00

Not After

28/09/2024, 23:59

Subject

CN=Guangzhou Quan'an Software Co.\, Ltd.,O=Guangzhou Quan'an Software Co.\, Ltd.,L=guangzhou,ST=Guangdong province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:6f:50:31:86:19:c7:9b:9c:b9:a7:eb:85:2c:c5:ab:b0:3f:47:ac:cb:60:83:4e:37:d9:ab:1f:99:8f:67:84
Signer

Actual PE Digest

c1:6f:50:31:86:19:c7:9b:9c:b9:a7:eb:85:2c:c5:ab:b0:3f:47:ac:cb:60:83:4e:37:d9:ab:1f:99:8f:67:84

Digest Algorithm

sha256

PE Digest Matches

true

16:d2:08:3c:45:34:95:03:77:bf:72:01:d4:e4:9b:bc:a5:4f:92:51
Signer

Actual PE Digest

16:d2:08:3c:45:34:95:03:77:bf:72:01:d4:e4:9b:bc:a5:4f:92:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GlobalGetAtomNameW
CreateFileMappingW
OpenFileMappingW
RemoveDirectoryW
SetFileAttributesW
GetVolumeInformationW
GetLogicalDrives
ReadFile
GetFileSize
WriteFile
GetVersion
CreateEventW
OutputDebugStringW
LocalFree
SetFilePointer
FreeConsole
WriteConsoleW
GetStdHandle
AllocConsole
CreateIoCompletionPort
GetQueuedCompletionStatus
LoadLibraryA
GetProcessHeap
SetEndOfFile
OpenEventW
CreateProcessW
Sleep
FreeLibrary
GetFullPathNameW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
BackupWrite
BackupRead
BackupSeek
GetFileType
QueryDosDeviceW
SetEvent
GetCurrentThread
QueueUserAPC
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
GetCommandLineW
WaitForSingleObject
ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameA
GetFileAttributesW
GetTickCount
FileTimeToSystemTime
GetLocalTime
DeleteFileW
MoveFileExW
GetSystemTime
SystemTimeToFileTime
CreateFileW
SetFileTime
GetPrivateProfileStringW
GetProfileStringW
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcess
CreateThread
GetFileAttributesExA
GetFileAttributesExW
GetModuleHandleA
CreateFileA
GetFileInformationByHandle
GetModuleHandleW
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
IsBadWritePtr
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetDriveTypeW
LoadLibraryW
GetProcAddress
GetCurrentThreadId
OpenProcess
GetExitCodeProcess
CloseHandle
GetLastError
DeviceIoControl
IsBadReadPtr
QueryDosDeviceA
GetDriveTypeA
DefineDosDeviceW
GetDiskFreeSpaceExW
SetVolumeLabelW
LocalAlloc
lstrcmpA
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
CancelIo
GetOverlappedResult
OpenSemaphoreW
lstrlenA
LoadResource
FindResourceExW
lstrlenW
GetVersionExW
FormatMessageA
GetACP
FormatMessageW
DeleteCriticalSection
SleepEx
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
PulseEvent
WaitForMultipleObjects
SuspendThread
TerminateThread
ResumeThread
SetThreadPriority
GetExitCodeThread
FileTimeToLocalFileTime
lstrcmpW
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
HeapFree
HeapAlloc
FlsSetValue
GetCommandLineA
GetDateFormatW
GetTimeFormatW
FlsGetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSize
CompareStringW
HeapSetInformation
HeapCreate
HeapDestroy
LCMapStringW
GetLocaleInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
GetTimeZoneInformation
FatalAppExitA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetConsoleCtrlHandler
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableA
GetSystemInfo
GetCurrentDirectoryA
GetSystemDirectoryA
SetFileAttributesA
GetFileAttributesA
DeleteFileA
MoveFileA
MoveFileW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
CopyFileW
MoveFileExA
CopyFileA
GetTempPathA
GetTempPathW
GetEnvironmentVariableA
GetEnvironmentVariableW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
OpenMutexW
CreateProcessA
SetPriorityClass
GetPriorityClass
GetThreadPriority
VirtualQueryEx
CreateFileMappingA
GetWindowsDirectoryA
VirtualProtect
LoadLibraryExW
FreeResource
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
VirtualQuery
LockResource
SizeofResource

user32

GetThreadDesktop
GetUserObjectInformationW
TranslateMessage
CloseDesktop
SetThreadDesktop
OpenDesktopW
OpenInputDesktop
MsgWaitForMultipleObjects
GetSystemMetrics
CloseWindow
DestroyWindow
DispatchMessageW
DefWindowProcW
GetWindowLongPtrW
ShowWindow
SetWindowLongPtrW
CreateWindowExW
RegisterClassW
SendMessageW
GetDesktopWindow
SystemParametersInfoW
EnumWindowStationsW
EnumDesktopsW
EnumDesktopWindows
GetProcessWindowStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetWindowThreadProcessId
PostMessageW
SetWindowTextW
IsWindowVisible
GetWindowTextW
GetMessageW
EnumWindows
FindWindowW
GetClassNameW
wsprintfW
PostThreadMessageW
PeekMessageW
MessageBoxW

gdi32

GetGlyphIndicesW
GetFontUnicodeRanges
GetTextFaceW
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateFontIndirectW
GetObjectW
GetStockObject
CreateDCW
GetDeviceCaps
CreateCompatibleBitmap
GetBitmapBits
BitBlt

advapi32

AdjustTokenPrivileges
ReportEventW
DeregisterEventSource
RegOpenKeyA
RegConnectRegistryW
RegDeleteKeyW
GetFileSecurityW
SetFileSecurityW
RegQueryValueExA
RegSetValueExW
ControlService
StartServiceW
OpenServiceW
DeleteService
OpenSCManagerW
LockServiceDatabase
CreateServiceW
CloseServiceHandle
UnlockServiceDatabase
RegLoadKeyW
RegQueryInfoKeyW
RegEnumKeyExW
GetTokenInformation
RegOpenKeyW
OpenProcessToken
RegCreateKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetKeySecurity
RegOpenKeyExW
RegGetKeySecurity
RegCloseKey
LookupPrivilegeValueW
RegisterEventSourceW
EnumServicesStatusW
ChangeServiceConfigW
QueryServiceConfigW
QueryServiceStatus
GetUserNameW
RegCreateKeyExA
RegCreateKeyA
LookupAccountSidW
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
RegEnumKeyW
RegDeleteValueW
RegSetValueExA
RegEnumValueW
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce

shell32

DragQueryFileW
SHFileOperationW

ole32

ProgIDFromCLSID
CoGetMalloc
CoInitialize
CoInitializeEx

ws2_32

htons
closesocket
recvfrom
WSAGetLastError
getpeername
setsockopt
getsockname
ntohl
ntohs
WSASetLastError
WSACleanup
WSAStartup
accept
bind
htonl
sendto
WSAIoctl
socket
connect
shutdown
listen
getsockopt
send
recv

mpr

WNetGetConnectionW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

oleaut32

DosDateTimeToVariantTime

Exports

Exports

AddDynamicSandboxPolicy
AddDynamicSandboxPolicy2
AddFileControlPolicy
AddFileControlPolicyByProcessID
AddFileControlPolicyByProcessSandbox
AddPassthru
AddSandboxProcess
CheckDetoursDelay
CreateSandboxInstance
CreateSandboxInstanceEx
DelDynamicSandboxPolicy
DelFileControlPolicyByFile
DelFileControlPolicyByProcess
DelFileControlPolicyByProcessID
DelFileControlPolicyByProcessSandbox
DelPassthru
DelSandboxProcess
DeleteSandboxData
DestroySandboxInstance
DisableFileInfoCache
EnableFileInfoCache
EnumFileControlPolicy
EnumSandboxClassName
EnumSandboxInstanceName
EnumSandboxRunningProcess
FLogPEEnable
FLogPESetPath
FreeBuffer
GenerateSandboxFilePath
GenerateSandboxFilePolicy
GenerateSandboxPolicyEntry
GenerateSandboxPolicyLib
GenerateSandboxRegPath
GetActualFilePath
GetCreateProcessNotifyData
GetCreateProcessNotifyDataEx
GetDebugConfig
GetProcessActualFullPath
GetProcessEventNotifyData
GetSandboxFilePath
GetSandboxPolicyLib
GetSandboxProcessCommonPolicy
GetSandboxProcessFilePath
GetSandboxProcessFlags
GetSandboxProcessIndex
GetSandboxProcessState
GetSecObjChanged
GetSystemPolicyLibPath
LoadDriver
LoadTsdLogDrv
ParseSandboxFilePath
ParseSandboxPolicyLib
ParseSandboxRegPath
QuerySandboxClassInformation
QuerySandboxInstanceInformation
RegisterCallback
RegisterSandboxClass
RegisterTSafeDocCallback
ResetFileInfoCache
ResetFileInfoCacheOfFile
SandboxFileOperate
SetCreateProcessEvent
SetDebugConfig
SetProcessAccessPolicy
SetProcessEventNotifyResult
SetProcessFilePolicy
SetProcessFilePolicyEx
SetProcessObjectPolicy
SetProcessRegPolicy
SetProcessWindowPolicy
SetSandboxPolicyLib
SetSandboxPolicyLibFile
SetSandboxProcessCommonPolicy
SetSandboxProcessCommonPolicyEx
SetSandboxProcessFlags
SetSandboxProcessIndex
SetSandboxProcessPolicy
SetSandboxProcessState
SetSystemPolicyLibPath
StartSandboxDrvTimer
StopSandboxDrvTimer
UnloadDriver
UnloadTsdLogDrv
UnregisterSandboxClass
UpdateDriveData
UpdateSandboxRunningProcess
UpdateSystemPolicyLib

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

TSDoc64
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TSandboxHook64.dll
.dll windows:5 windows x64 arch:x64

854aad73c99c4ba26540c281e2229f0b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/09/2023, 00:00

Not After

28/09/2024, 23:59

Subject

CN=Guangzhou Quan'an Software Co.\, Ltd.,O=Guangzhou Quan'an Software Co.\, Ltd.,L=guangzhou,ST=Guangdong province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/09/2023, 00:00

Not After

28/09/2024, 23:59

Subject

CN=Guangzhou Quan'an Software Co.\, Ltd.,O=Guangzhou Quan'an Software Co.\, Ltd.,L=guangzhou,ST=Guangdong province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:48:40:6c:e3:0a:85:b7:95:02:c1:3c:a1:aa:be:74:7a:ed:a9:fb:1c:3a:e2:db:34:3a:f9:fc:d9:26:86:71
Signer

Actual PE Digest

77:48:40:6c:e3:0a:85:b7:95:02:c1:3c:a1:aa:be:74:7a:ed:a9:fb:1c:3a:e2:db:34:3a:f9:fc:d9:26:86:71

Digest Algorithm

sha256

PE Digest Matches

true

a0:65:6c:f1:a7:48:47:27:1b:28:0a:08:9e:c0:25:d7:d0:0f:48:c7
Signer

Actual PE Digest

a0:65:6c:f1:a7:48:47:27:1b:28:0a:08:9e:c0:25:d7:d0:0f:48:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
IsBadWritePtr
GetCurrentDirectoryW
GetSystemDirectoryW
LoadLibraryA
GetQueuedCompletionStatus
GetFileInformationByHandle
CreateFileA
GetFileAttributesExW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
GetPrivateProfileStringW
GetProfileStringW
OpenProcess
FindNextFileW
GetFileAttributesW
SetFileAttributesW
CreateIoCompletionPort
FreeLibrary
AllocConsole
GetStdHandle
WriteConsoleW
FreeConsole
SetFilePointer
WriteFile
LocalFree
GetModuleHandleW
OutputDebugStringW
GetLocalTime
DeviceIoControl
GetVersion
WaitForSingleObject
GetFullPathNameW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetFileType
QueryDosDeviceW
GetDriveTypeW
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
GetModuleHandleA
FindFirstFileW
FindClose
GetModuleFileNameW
GetModuleFileNameA
lstrlenA
LoadResource
FindResourceExW
lstrlenW
GetVersionExW
FormatMessageA
GetACP
FormatMessageW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
SleepEx
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
GetTickCount
CreateEventW
SetEvent
PulseEvent
ResetEvent
WaitForMultipleObjects
SuspendThread
TerminateThread
ResumeThread
SetThreadPriority
GetExitCodeThread
lstrcmpW
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
HeapFree
HeapAlloc
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
FindFirstFileA
FlsFree
GetCurrentThread
FlsAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
HeapSize
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
LCMapStringW
GetLocaleInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
FatalAppExitA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
ReadFile
CreateProcessA
CreateProcessW
SetPriorityClass
GetPriorityClass
GetThreadPriority
GetExitCodeProcess
VirtualQueryEx
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetWindowsDirectoryA
GetSystemDirectoryA
GetFileAttributesA
VirtualProtect
LoadLibraryExW
FreeResource
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
VirtualQuery
LockResource
SizeofResource
GetSystemInfo
GetCurrentDirectoryA
SetFileAttributesA
DeleteFileA
DeleteFileW
MoveFileA
MoveFileW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
MoveFileExW
CopyFileW
MoveFileExA
CopyFileA
GetTempPathA
GetTempPathW
GetEnvironmentVariableA
GetEnvironmentVariableW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
CreateFileMappingW
OpenFileMappingW
OpenMutexW
lstrcmpA
LocalAlloc
GetLogicalDrives
GetVolumeInformationW
SetVolumeLabelW
GetDiskFreeSpaceExW
DefineDosDeviceW
GetDriveTypeA
QueryDosDeviceA
CreateFileW
GetLastError
CloseHandle
FindNextFileA
GetCurrentProcess
CreateThread
FlsGetValue
GetFileAttributesExA
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryW
GetProcAddress
ReleaseMutex
IsBadReadPtr

user32

CloseDesktop
wsprintfW
MsgWaitForMultipleObjects
GetSystemMetrics
GetThreadDesktop
OpenDesktopW
SetThreadDesktop
MessageBoxW
GetDesktopWindow
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
GetProcessWindowStation
GetUserObjectInformationW
OpenInputDesktop

gdi32

CreateDCW
CreateCompatibleBitmap
BitBlt
GetBitmapBits
GetDeviceCaps
GetStockObject
GetObjectW
CreateFontIndirectW
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
GetTextFaceW
GetFontUnicodeRanges
GetGlyphIndicesW

advapi32

RegDeleteValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegConnectRegistryW
RegSetValueExA
RegEnumValueW
LookupAccountNameW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
LookupAccountSidW
GetTokenInformation
RegSetKeySecurity
GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetFileSecurityW
SetFileSecurityW
RegCreateKeyExW
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
ControlService
StartServiceW
OpenServiceW
DeleteService
OpenSCManagerW
LockServiceDatabase
CreateServiceW
CloseServiceHandle
UnlockServiceDatabase
RegCreateKeyA
RegCreateKeyExA
QueryServiceStatus
QueryServiceConfigW
ChangeServiceConfigW
EnumServicesStatusW
RegOpenKeyA
DeregisterEventSource
ReportEventW
RegisterEventSourceW

shell32

DragQueryFileW

ws2_32

WSAGetLastError

mpr

WNetGetConnectionW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ole32

CoInitializeEx
CoInitialize

Exports

Exports

EmptyInterface

Sections

.text
Size: 925KB - Virtual size: 925KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tsandbox64(1).dll
.dll windows:5 windows x64 arch:x64

38f74a4c9bdf630913de698d25ad5169

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/09/2023, 00:00

Not After

28/09/2024, 23:59

Subject

CN=Guangzhou Quan'an Software Co.\, Ltd.,O=Guangzhou Quan'an Software Co.\, Ltd.,L=guangzhou,ST=Guangdong province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/09/2023, 00:00

Not After

28/09/2024, 23:59

Subject

CN=Guangzhou Quan'an Software Co.\, Ltd.,O=Guangzhou Quan'an Software Co.\, Ltd.,L=guangzhou,ST=Guangdong province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:6f:50:31:86:19:c7:9b:9c:b9:a7:eb:85:2c:c5:ab:b0:3f:47:ac:cb:60:83:4e:37:d9:ab:1f:99:8f:67:84
Signer

Actual PE Digest

c1:6f:50:31:86:19:c7:9b:9c:b9:a7:eb:85:2c:c5:ab:b0:3f:47:ac:cb:60:83:4e:37:d9:ab:1f:99:8f:67:84

Digest Algorithm

sha256

PE Digest Matches

true

16:d2:08:3c:45:34:95:03:77:bf:72:01:d4:e4:9b:bc:a5:4f:92:51
Signer

Actual PE Digest

16:d2:08:3c:45:34:95:03:77:bf:72:01:d4:e4:9b:bc:a5:4f:92:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GlobalGetAtomNameW
CreateFileMappingW
OpenFileMappingW
RemoveDirectoryW
SetFileAttributesW
GetVolumeInformationW
GetLogicalDrives
ReadFile
GetFileSize
WriteFile
GetVersion
CreateEventW
OutputDebugStringW
LocalFree
SetFilePointer
FreeConsole
WriteConsoleW
GetStdHandle
AllocConsole
CreateIoCompletionPort
GetQueuedCompletionStatus
LoadLibraryA
GetProcessHeap
SetEndOfFile
OpenEventW
CreateProcessW
Sleep
FreeLibrary
GetFullPathNameW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
BackupWrite
BackupRead
BackupSeek
GetFileType
QueryDosDeviceW
SetEvent
GetCurrentThread
QueueUserAPC
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalAlloc
GlobalFree
SetLastError
GetCommandLineW
WaitForSingleObject
ResetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameA
GetFileAttributesW
GetTickCount
FileTimeToSystemTime
GetLocalTime
DeleteFileW
MoveFileExW
GetSystemTime
SystemTimeToFileTime
CreateFileW
SetFileTime
GetPrivateProfileStringW
GetProfileStringW
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcess
CreateThread
GetFileAttributesExA
GetFileAttributesExW
GetModuleHandleA
CreateFileA
GetFileInformationByHandle
GetModuleHandleW
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
IsBadWritePtr
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetDriveTypeW
LoadLibraryW
GetProcAddress
GetCurrentThreadId
OpenProcess
GetExitCodeProcess
CloseHandle
GetLastError
DeviceIoControl
IsBadReadPtr
QueryDosDeviceA
GetDriveTypeA
DefineDosDeviceW
GetDiskFreeSpaceExW
SetVolumeLabelW
LocalAlloc
lstrcmpA
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
CancelIo
GetOverlappedResult
OpenSemaphoreW
lstrlenA
LoadResource
FindResourceExW
lstrlenW
GetVersionExW
FormatMessageA
GetACP
FormatMessageW
DeleteCriticalSection
SleepEx
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
PulseEvent
WaitForMultipleObjects
SuspendThread
TerminateThread
ResumeThread
SetThreadPriority
GetExitCodeThread
FileTimeToLocalFileTime
lstrcmpW
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
HeapFree
HeapAlloc
FlsSetValue
GetCommandLineA
GetDateFormatW
GetTimeFormatW
FlsGetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSize
CompareStringW
HeapSetInformation
HeapCreate
HeapDestroy
LCMapStringW
GetLocaleInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
GetTimeZoneInformation
FatalAppExitA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetConsoleCtrlHandler
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableA
GetSystemInfo
GetCurrentDirectoryA
GetSystemDirectoryA
SetFileAttributesA
GetFileAttributesA
DeleteFileA
MoveFileA
MoveFileW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
CopyFileW
MoveFileExA
CopyFileA
GetTempPathA
GetTempPathW
GetEnvironmentVariableA
GetEnvironmentVariableW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
OpenMutexW
CreateProcessA
SetPriorityClass
GetPriorityClass
GetThreadPriority
VirtualQueryEx
CreateFileMappingA
GetWindowsDirectoryA
VirtualProtect
LoadLibraryExW
FreeResource
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
VirtualQuery
LockResource
SizeofResource

user32

GetThreadDesktop
GetUserObjectInformationW
TranslateMessage
CloseDesktop
SetThreadDesktop
OpenDesktopW
OpenInputDesktop
MsgWaitForMultipleObjects
GetSystemMetrics
CloseWindow
DestroyWindow
DispatchMessageW
DefWindowProcW
GetWindowLongPtrW
ShowWindow
SetWindowLongPtrW
CreateWindowExW
RegisterClassW
SendMessageW
GetDesktopWindow
SystemParametersInfoW
EnumWindowStationsW
EnumDesktopsW
EnumDesktopWindows
GetProcessWindowStation
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetWindowThreadProcessId
PostMessageW
SetWindowTextW
IsWindowVisible
GetWindowTextW
GetMessageW
EnumWindows
FindWindowW
GetClassNameW
wsprintfW
PostThreadMessageW
PeekMessageW
MessageBoxW

gdi32

GetGlyphIndicesW
GetFontUnicodeRanges
GetTextFaceW
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateFontIndirectW
GetObjectW
GetStockObject
CreateDCW
GetDeviceCaps
CreateCompatibleBitmap
GetBitmapBits
BitBlt

advapi32

AdjustTokenPrivileges
ReportEventW
DeregisterEventSource
RegOpenKeyA
RegConnectRegistryW
RegDeleteKeyW
GetFileSecurityW
SetFileSecurityW
RegQueryValueExA
RegSetValueExW
ControlService
StartServiceW
OpenServiceW
DeleteService
OpenSCManagerW
LockServiceDatabase
CreateServiceW
CloseServiceHandle
UnlockServiceDatabase
RegLoadKeyW
RegQueryInfoKeyW
RegEnumKeyExW
GetTokenInformation
RegOpenKeyW
OpenProcessToken
RegCreateKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetKeySecurity
RegOpenKeyExW
RegGetKeySecurity
RegCloseKey
LookupPrivilegeValueW
RegisterEventSourceW
EnumServicesStatusW
ChangeServiceConfigW
QueryServiceConfigW
QueryServiceStatus
GetUserNameW
RegCreateKeyExA
RegCreateKeyA
LookupAccountSidW
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
RegEnumKeyW
RegDeleteValueW
RegSetValueExA
RegEnumValueW
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
AddAccessAllowedAce

shell32

DragQueryFileW
SHFileOperationW

ole32

ProgIDFromCLSID
CoGetMalloc
CoInitialize
CoInitializeEx

ws2_32

htons
closesocket
recvfrom
WSAGetLastError
getpeername
setsockopt
getsockname
ntohl
ntohs
WSASetLastError
WSACleanup
WSAStartup
accept
bind
htonl
sendto
WSAIoctl
socket
connect
shutdown
listen
getsockopt
send
recv

mpr

WNetGetConnectionW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

oleaut32

DosDateTimeToVariantTime

Exports

Exports

AddDynamicSandboxPolicy
AddDynamicSandboxPolicy2
AddFileControlPolicy
AddFileControlPolicyByProcessID
AddFileControlPolicyByProcessSandbox
AddPassthru
AddSandboxProcess
CheckDetoursDelay
CreateSandboxInstance
CreateSandboxInstanceEx
DelDynamicSandboxPolicy
DelFileControlPolicyByFile
DelFileControlPolicyByProcess
DelFileControlPolicyByProcessID
DelFileControlPolicyByProcessSandbox
DelPassthru
DelSandboxProcess
DeleteSandboxData
DestroySandboxInstance
DisableFileInfoCache
EnableFileInfoCache
EnumFileControlPolicy
EnumSandboxClassName
EnumSandboxInstanceName
EnumSandboxRunningProcess
FLogPEEnable
FLogPESetPath
FreeBuffer
GenerateSandboxFilePath
GenerateSandboxFilePolicy
GenerateSandboxPolicyEntry
GenerateSandboxPolicyLib
GenerateSandboxRegPath
GetActualFilePath
GetCreateProcessNotifyData
GetCreateProcessNotifyDataEx
GetDebugConfig
GetProcessActualFullPath
GetProcessEventNotifyData
GetSandboxFilePath
GetSandboxPolicyLib
GetSandboxProcessCommonPolicy
GetSandboxProcessFilePath
GetSandboxProcessFlags
GetSandboxProcessIndex
GetSandboxProcessState
GetSecObjChanged
GetSystemPolicyLibPath
LoadDriver
LoadTsdLogDrv
ParseSandboxFilePath
ParseSandboxPolicyLib
ParseSandboxRegPath
QuerySandboxClassInformation
QuerySandboxInstanceInformation
RegisterCallback
RegisterSandboxClass
RegisterTSafeDocCallback
ResetFileInfoCache
ResetFileInfoCacheOfFile
SandboxFileOperate
SetCreateProcessEvent
SetDebugConfig
SetProcessAccessPolicy
SetProcessEventNotifyResult
SetProcessFilePolicy
SetProcessFilePolicyEx
SetProcessObjectPolicy
SetProcessRegPolicy
SetProcessWindowPolicy
SetSandboxPolicyLib
SetSandboxPolicyLibFile
SetSandboxProcessCommonPolicy
SetSandboxProcessCommonPolicyEx
SetSandboxProcessFlags
SetSandboxProcessIndex
SetSandboxProcessPolicy
SetSandboxProcessState
SetSystemPolicyLibPath
StartSandboxDrvTimer
StopSandboxDrvTimer
UnloadDriver
UnloadTsdLogDrv
UnregisterSandboxClass
UpdateDriveData
UpdateSandboxRunningProcess
UpdateSystemPolicyLib

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

TSDoc64
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38f74a4c9bdf630913de698d25ad5169

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0fCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c1:6f:50:31:86:19:c7:9b:9c:b9:a7:eb:85:2c:c5:ab:b0:3f:47:ac:cb:60:83:4e:37:d9:ab:1f:99:8f:67:84Signer

16:d2:08:3c:45:34:95:03:77:bf:72:01:d4:e4:9b:bc:a5:4f:92:51Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

mpr

version

oleaut32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 465KB - Virtual size: 464KB

.data Size: 91KB - Virtual size: 151KB

.pdata Size: 96KB - Virtual size: 96KB

TSDoc64 Size: 512B - Virtual size: 4B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 22KB - Virtual size: 22KB

854aad73c99c4ba26540c281e2229f0b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0fCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0f
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c1:6f:50:31:86:19:c7:9b:9c:b9:a7:eb:85:2c:c5:ab:b0:3f:47:ac:cb:60:83:4e:37:d9:ab:1f:99:8f:67:84
Signer

16:d2:08:3c:45:34:95:03:77:bf:72:01:d4:e4:9b:bc:a5:4f:92:51
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 465KB - Virtual size: 464KB

.data
Size: 91KB - Virtual size: 151KB

.pdata
Size: 96KB - Virtual size: 96KB

TSDoc64
Size: 512B - Virtual size: 4B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 22KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0f
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

77:48:40:6c:e3:0a:85:b7:95:02:c1:3c:a1:aa:be:74:7a:ed:a9:fb:1c:3a:e2:db:34:3a:f9:fc:d9:26:86:71
Signer

a0:65:6c:f1:a7:48:47:27:1b:28:0a:08:9e:c0:25:d7:d0:0f:48:c7
Signer

.text
Size: 925KB - Virtual size: 925KB

.rdata
Size: 260KB - Virtual size: 260KB

.data
Size: 74KB - Virtual size: 126KB

.pdata
Size: 62KB - Virtual size: 62KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0f
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:91:63:57:a2:12:db:be:15:d9:71:74:87:90:fa:0f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c1:6f:50:31:86:19:c7:9b:9c:b9:a7:eb:85:2c:c5:ab:b0:3f:47:ac:cb:60:83:4e:37:d9:ab:1f:99:8f:67:84
Signer

16:d2:08:3c:45:34:95:03:77:bf:72:01:d4:e4:9b:bc:a5:4f:92:51
Signer