db11553834349b2706f8e5b8ae5a5baf37ad1db522cef54f33a623c8bf59d337

Sharing

Copy URL Twitter E-mail

General

Target

db11553834349b2706f8e5b8ae5a5baf37ad1db522cef54f33a623c8bf59d337
Size

6.2MB
MD5

9c390c7b3ad64f74701a17cca7b21ade
SHA1

7b8e27be1a458200b1cf05693846352eaffa258f
SHA256

db11553834349b2706f8e5b8ae5a5baf37ad1db522cef54f33a623c8bf59d337
SHA512

d74af09397855e370d0cbac2976e90271c92cd245bf0a17a329ed6196b52881fdbfd4d5c1ceeea01ad048d2f3abac7ebb294649c52e081b3fd1df2059132b2f4
SSDEEP

196608:gzW4CZ+q3zbhp5Y7gQcGKe0L6e7g7DeBZx:IW4CZ3zbhbMzKrW9DeBZx

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

db11553834349b2706f8e5b8ae5a5baf37ad1db522cef54f33a623c8bf59d337
.exe windows:5 windows x86 arch:x86

e6e54113cf41b4d0b923c00c963d8f4d

Code Sign

4c:2b:e5:47:98:7b:54:5d:b6:68:7d:8b:57:a2:0e:83
Certificate

Issuer

CN=GDA,OU=www.gda.wiki,O=GDA,1.2.840.113549.1.9.1=#0c11676a64656e406f75746c6f6f6b2e636f6d

Not Before

19/02/2021, 08:07

Not After

31/12/2039, 23:59

Subject

CN=GDA,OU=www.gda.wiki,O=GDA,1.2.840.113549.1.9.1=#0c11676a64656e406f75746c6f6f6b2e636f6d

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:27:60:24:80:e9:b3:8a:ad:b4:d6:c6:e0:2d:fe:65:30:9c:f9:23
Signer

Actual PE Digest

62:27:60:24:80:e9:b3:8a:ad:b4:d6:c6:e0:2d:fe:65:30:9c:f9:23

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6762
ord3293
ord6696
ord470
ord2582
ord6215
ord3996
ord4299
ord3797
ord6223
ord1795
ord2575
ord4396
ord3574
ord609
ord4284
ord6197
ord3874
ord3721
ord2116
ord3752
ord6377
ord1949
ord6442
ord6283
ord6379
ord6605
ord6170
ord5788
ord472
ord5787
ord4200
ord1941
ord3398
ord3733
ord810
ord4271
ord3706
ord3297
ord3296
ord5781
ord2971
ord1768
ord5710
ord6282
ord4160
ord3499
ord2515
ord355
ord1200
ord4204
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord3028
ord950
ord807
ord809
ord686
ord2621
ord1134
ord1205
ord4220
ord2584
ord3654
ord2438
ord4402
ord693
ord2725
ord589
ord826
ord260
ord824
ord593
ord324
ord4476
ord3092
ord6199
ord3370
ord3640
ord384
ord556
ord554
ord2370
ord2302
ord2086
ord2096
ord2862
ord2645
ord4163
ord6625
ord2078
ord1087
ord2122
ord5655
ord3138
ord6655
ord6146
ord1158
ord4203
ord1644
ord5572
ord2919
ord2863
ord5981
ord1105
ord5937
ord3061
ord2639
ord3914
ord6134
ord6904
ord3283
ord6334
ord3763
ord4130
ord536
ord4224
ord6270
ord3089
ord3754
ord6136
ord3771
ord6905
ord3767
ord6453
ord4774
ord2935
ord2516
ord360
ord2299
ord665
ord1979
ord5442
ord3318
ord5186
ord354
ord2642
ord6927
ord2340
ord6007
ord3998
ord2513
ord293
ord3286
ord663
ord348
ord6907
ord2587
ord4406
ord3394
ord3729
ord804
ord6785
ord3302
ord3305
ord3311
ord3011
ord3319
ord3097
ord5953
ord4234
ord4287
ord6241
ord816
ord562
ord1269
ord3708
ord781
ord6129
ord4133
ord4297
ord613
ord289
ord3329
ord6128
ord4132
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord540
ord1576
ord2614
ord941
ord858
ord4278
ord6662
ord535
ord5683
ord4129
ord2764
ord825
ord823
ord1802
ord4275
ord2578
ord3582
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord6374
ord3402
ord3639
ord3663
ord3619
ord3693
ord3626
ord2411
ord2023
ord4218
ord6055
ord4078
ord1776
ord4398
ord5241
ord2385
ord5163
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord692
ord616
ord818
ord1641
ord2860
ord567
ord2414
ord795
ord800
ord537
ord1146
ord1168
ord3301
ord755
ord4243
ord1848
ord3803
ord6172
ord2754
ord2450
ord1847
ord3303
ord4125
ord3287
ord356
ord2770
ord2781
ord4058
ord3178
ord3181
ord1980
ord668
ord4202
ord641
ord3597
ord4425
ord5280
ord1775
ord6052
ord4710
ord4998
ord4853
ord4376
ord5265
ord2514
ord2915
ord940
ord6008
ord4000
ord2763
ord6876
ord6778
ord543
ord803
ord3584
ord656
ord3610
ord4407
ord1829
ord6394
ord5834
ord6383
ord5440
ord5450
ord2107
ord3903
ord2841
ord6929
ord2044
ord6663
ord6648
ord6779
ord6874
ord926
ord2448
ord924
ord5856
ord2818
ord939
ord6877
ord922
ord860
ord2859
ord6242
ord2864
ord6880
ord2379
ord323
ord1640
ord5785
ord283
ord5875
ord5789
ord2405
ord640
ord3573
ord3571
ord2452
ord3317

msvcrt

fflush
_ftol
sscanf
strspn
tolower
_pctype
__mb_cur_max
_isctype
qsort
_errno
_setmode
fgets
abort
wcsstr
strcmp
strtoul
fwrite
gmtime
_itoa
_strnicmp
_strdup
_fileno
_getch
toupper
_purecall
_setmbcp
strncmp
memmove
_mbscmp
fopen
fseek
ftell
fclose
fread
realloc
_vsnprintf
_snprintf
strncpy
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
time
srand
rand
_mbsstr
_mbsnbcpy
isdigit
strtok
islower
isupper
longjmp
signal
mbstowcs
wcstombs
calloc
rename
rewind
memchr
isspace
isxdigit
exit
?what@exception@@UBEPBDXZ
getenv
fputs
scanf
freopen
_open_osfhandle
_fdopen
_stricmp
fprintf
printf
vfprintf
strchr
isprint
wcslen
atoi
malloc
free
strstr
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
__p__fmode
__set_app_type
sprintf
_mbsicmp
isgraph
isalnum
_mbsnbicmp
_except_handler3
__CxxFrameHandler
_stat
_iob
_controlfp

kernel32

GetVersion
GetFileType
GlobalMemoryStatus
QueryPerformanceCounter
GetVersionExA
FlushConsoleInputBuffer
SetLastError
VirtualAlloc
VirtualFree
VirtualQuery
GetExitCodeProcess
GetLocalTime
GetFileInformationByHandle
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
GetCurrentProcessId
ReleaseMutex
CreateMutexA
lstrcpyA
SetCurrentDirectoryA
FileTimeToLocalFileTime
GetCurrentDirectoryA
PulseEvent
GetTickCount
CopyFileA
GetModuleFileNameA
VirtualProtect
FileTimeToSystemTime
InterlockedDecrement
GetExitCodeThread
GetCurrentThreadId
GetLastError
FreeLibrary
LocalFree
FreeConsole
InterlockedIncrement
GetVolumeInformationA
WideCharToMultiByte
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFileAttributesA
CreateFileA
SetFileTime
FindFirstFileA
GetSystemDirectoryA
GetConsoleWindow
SetConsoleTextAttribute
AllocConsole
GetStdHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
GetSystemInfo
GetPrivateProfileIntA
lstrcpynA
GetPrivateProfileStringA
WritePrivateProfileStringA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
GetTempPathA
DeleteFileA
CreateDirectoryA
GetFileAttributesA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
IsBadReadPtr
lstrlenA
SetEvent
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
WaitForSingleObject
WriteFile
CreatePipe
GetStartupInfoA
CreateProcessA
CloseHandle
CreateThread
CreateEventA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
ShowWindow
DestroyWindow
SetWindowPos
CreateWindowExA
DefWindowProcA
RegisterClassExA
wsprintfA
GrayStringA
DrawTextA
TabbedTextOutA
GetMenuItemID
SetMenuItemBitmaps
SetWindowRgn
GetWindowDC
FindWindowA
MonitorFromWindow
FillRect
GetCapture
LoadMenuA
GetClassLongA
SetTimer
SetForegroundWindow
GetMessagePos
GetMessageA
TranslateMessage
DispatchMessageA
SetActiveWindow
SetParent
HideCaret
GetUpdateRect
GetClipboardData
IsMenu
GetFocus
EqualRect
InvalidateRgn
SetCursor
LockWindowUpdate
UpdateWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
ClientToScreen
RedrawWindow
IsIconic
DrawIcon
GetWindowLongA
SetWindowLongA
GetDlgCtrlID
SetWindowsHookExA
CreateMenu
GetMenuItemInfoA
CheckMenuItem
SetMenu
DeleteMenu
GetSubMenu
GetMenuItemCount
GetMenuStringA
RemoveMenu
InsertMenuA
CreatePopupMenu
AppendMenuA
SetClassLongA
SystemParametersInfoA
IsZoomed
LoadImageA
PostMessageA
SetMenuInfo
MessageBoxA
GetWindow
ReleaseCapture
SetCapture
LoadCursorA
IsWindowVisible
GetScrollBarInfo
GetSysColor
GetSystemMetrics
GetDC
ReleaseDC
DestroyIcon
CopyRect
OffsetRect
IsWindow
GetCursorPos
ScreenToClient
PtInRect
GetWindowRect
InflateRect
GetParent
InvalidateRect
GetClientRect
DrawIconEx
LoadIconA
SendMessageA
EnableWindow
GetKeyState
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

RoundRect
CreateRectRgnIndirect
Rectangle
SelectObject
StretchBlt
GetObjectA
GetTextExtentPoint32A
DeleteObject
CreateSolidBrush
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateFontIndirectA
GetStockObject
CreatePen
CombineRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateRectRgn
GetDeviceCaps
Ellipse
Polygon
DeleteDC
GetTextMetricsA

advapi32

CryptReleaseContext
RegQueryValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyA
RegSetValueA
RegCreateKeyA
CryptDestroyKey
CryptExportKey
CryptAcquireContextA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegCloseKey

shell32

StrStrIA
SHFileOperationA
SHGetFileInfoA
ShellExecuteA
SHChangeNotify
SHGetSpecialFolderLocation
DragQueryFileA
DragFinish
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

_TrackMouseEvent
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_AddMasked

ole32

CreateStreamOnHGlobal
CoInitialize
OleCreateStaticFromData
OleDuplicateData
ReleaseStgMedium
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject

gdiplus

GdipCreatePath
GdipSetLineColors
GdipRotateMatrix
GdipTranslateMatrix
GdipCreateMatrix
GdipAddPathPieI
GdipSetSolidFillColor
GdipSetInterpolationMode
GdipAddPathEllipseI
GdipFillRectangle
GdipDeleteRegion
GdipGetRegionHRgn
GdipCreateRegionPath
GdipDrawLineI
GdipFillPolygonI
GdipDrawEllipseI
GdipFillEllipseI
GdipSetClipRegion
GdipCreateRegionRectI
GdipTransformPath
GdipFillPath
GdipSetMatrixElements
GdipDeletePath
GdipDeleteMatrix
GdipDeleteGraphics
GdipReleaseDC
GdipDrawImageRectI
GdipDrawLine
GdipDrawArc
GdipDrawArcI
GdipSetPenColor
GdipCreatePen1
GdipDeletePen
GdipCloneBitmapAreaI
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateFontFamilyFromName
GdipCreateFont
GdipCreateLineBrushFromRectWithAngle
GdipCreateStringFormat
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetTextRenderingHint
GdipDrawString
GdipDeleteFont
GdipDeleteFontFamily
GdipAddPathArc
GdipAddPathLine
GdipCloneImage
GdipCloneBrush
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipSetSmoothingMode
GdipCreateHBITMAPFromBitmap
GdipFree
GdipFillPieI
GdipFillRectangleI
GdipCreateSolidFill
GdipFillPolygon
GdipDeleteBrush
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFromHDC
GdipDeleteStringFormat

msvcp60

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIID@Z
??_7bad_alloc@std@@6B@
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Xlen@std@@YAXXZ
??_7logic_error@std@@6B@
wctype
??_7out_of_range@std@@6B@
??1logic_error@std@@UAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@ios_base@std@@QAEXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z
??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
?what@logic_error@std@@UBEPBDXZ
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

ws2_32

shutdown
recv
send
closesocket
WSASetLastError
WSAGetLastError

wininet

HttpOpenRequestA
InternetOpenA
InternetConnectA
InternetReadFile
HttpSendRequestA
InternetCloseHandle

crypt32

CertNameToStrA
CertCreateCertificateContext
CryptImportPublicKeyInfo
CertFreeCertificateContext

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 340KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mjg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e6e54113cf41b4d0b923c00c963d8f4d

Code Sign

4c:2b:e5:47:98:7b:54:5d:b6:68:7d:8b:57:a2:0e:83Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

62:27:60:24:80:e9:b3:8a:ad:b4:d6:c6:e0:2d:fe:65:30:9c:f9:23Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

gdiplus

msvcp60

ws2_32

wininet

crypt32

wtsapi32

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: - Virtual size: 323KB

.data Size: - Virtual size: 277KB

.vmp0 Size: - Virtual size: 3.4MB

.vmp1 Size: 5.7MB - Virtual size: 5.7MB

.rsrc Size: 340KB - Virtual size: 336KB

.mjg Size: 4KB - Virtual size: 4KB

4c:2b:e5:47:98:7b:54:5d:b6:68:7d:8b:57:a2:0e:83
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

62:27:60:24:80:e9:b3:8a:ad:b4:d6:c6:e0:2d:fe:65:30:9c:f9:23
Signer

.text
Size: - Virtual size: 1.6MB

.rdata
Size: - Virtual size: 323KB

.data
Size: - Virtual size: 277KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 5.7MB - Virtual size: 5.7MB

.rsrc
Size: 340KB - Virtual size: 336KB

.mjg
Size: 4KB - Virtual size: 4KB