Downloads[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Downloads.rar
Size

61.5MB
MD5

f50ffe05b387e9ce0c58fc6585a8e855
SHA1

2397a405e67b452de0c75dd8419b679f633ddc3c
SHA256

2efc259c304abff9c9fa2ce310c74fca11bc1d67fa2acadd3284ca39a3cfa6c8
SHA512

768cfd339c78a6288c786a5e3caefc3ddc52d07e21b82d2dbdedd6de5fd4f99c5b004dbaeacb10099f1835ae68ecf3613bfe78df82908221b824b45a66a5c17a
SSDEEP

1572864:8ZLjLErJV+oVCA+jMQiJ2TnQQ1DY//BrqtrVYXyNSjsVX4:AErySCAJ2TVs/JrqU5GI

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/360.exe.vir
unpack001/Loader2-2.exe.vir
unpack001/hhhgd1.exe.vir
unpack001/全球接码T10.exe.vir
unpack001/浏览器修复程序.exe.vir

Files

Downloads.rar
.rar
2023财会人员薪资补贴调整新政策所需材料【电脑版】.exe.vir
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:a7:fe:8e:04:ff:e7:35:b7:83:b5:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

03/07/2023, 09:22

Not After

30/06/2024, 09:19

Subject

SERIALNUMBER=91130108MA09RXE44W,CN=Sharp Brilliance Communication Technology Co.\, Ltd.,O=Sharp Brilliance Communication Technology Co.\, Ltd.,L=Shijiazhuang,ST=Hebei,C=CN,1.3.6.1.4.1.311.60.2.1.1=#130c5368696a69617a6875616e67,1.3.6.1.4.1.311.60.2.1.2=#13054865626569,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:a7:fe:8e:04:ff:e7:35:b7:83:b5:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

03/07/2023, 09:22

Not After

30/06/2024, 09:19

Subject

SERIALNUMBER=91130108MA09RXE44W,CN=Sharp Brilliance Communication Technology Co.\, Ltd.,O=Sharp Brilliance Communication Technology Co.\, Ltd.,L=Shijiazhuang,ST=Hebei,C=CN,1.3.6.1.4.1.311.60.2.1.1=#130c5368696a69617a6875616e67,1.3.6.1.4.1.311.60.2.1.2=#13054865626569,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:a6:63:b2:3e:93:b2:10:b6:54:15:8b:cc:54:35:b9:bc:ad:a0:4f:e2:cb:3d:da:38:8f:99:b8:09:48:ba:03
Signer

Actual PE Digest

bc:a6:63:b2:3e:93:b2:10:b6:54:15:8b:cc:54:35:b9:bc:ad:a0:4f:e2:cb:3d:da:38:8f:99:b8:09:48:ba:03

Digest Algorithm

sha256

PE Digest Matches

true

a7:c1:ff:d0:72:55:79:65:30:5b:21:fd:cf:46:76:b6:1d:9c:26:11
Signer

Actual PE Digest

a7:c1:ff:d0:72:55:79:65:30:5b:21:fd:cf:46:76:b6:1d:9c:26:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 900KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360.exe.vir
.exe windows:5 windows x86 arch:x86

dd024f04a45ea4528356ec54de0e0819

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceExA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
WinExec
ExitProcess
GetModuleFileNameA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetSystemInfo
CreateFileW
HeapSize
WriteConsoleW
SetStdHandle
GetCommandLineA
HeapSetInformation
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetLastError
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
HeapFree
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryW
RtlUnwind
IsProcessorFeaturePresent
HeapAlloc
HeapReAlloc
FlushFileBuffers

user32

MessageBoxA

shell32

ShellExecuteA

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Loader2-1.exe.vir
.exe windows:6 windows x64 arch:x64

d4ddd68a29a0753d95995f7838b1df9f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:88:61:06:2e:3b:97:5a:b7:6d:a2:89:80:c5:b9:5e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/03/2023, 00:00

Not After

20/03/2025, 23:59

Subject

CN=Chongqing Zhongcheng Network Technology Co. Ltd.,O=Chongqing Zhongcheng Network Technology Co. Ltd.,ST=重庆市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:17:30:27:e2:11:f3:c4:70:d8:3b:d9:4c:4b:e7:df:36:e9:5e:bd:2b:1d:b1:7c:d0:2f:1d:43:94:dd:ac:11
Signer

Actual PE Digest

87:17:30:27:e2:11:f3:c4:70:d8:3b:d9:4c:4b:e7:df:36:e9:5e:bd:2b:1d:b1:7c:d0:2f:1d:43:94:dd:ac:11

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_beginthread
memcpy
malloc
fwrite
free
fprintf
exit
abort
_errno
__iob_func

kernel32

WaitForSingleObject
SetEvent
CreateEventA
WriteFile
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
TerminateProcess
Sleep
ReleaseSRWLockExclusive
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
LeaveCriticalSection
K32GetProcessMemoryInfo
IsDebuggerPresent
InitializeCriticalSection
GetSystemInfo
GetStdHandle
GetProcessId
GetNativeSystemInfo
GetLastError
GetFileAttributesA
GetEnvironmentVariableA
GetCurrentThreadId
GetCurrentProcess
EnterCriticalSection
CreateFileA
CloseHandle
AcquireSRWLockExclusive
WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
Sleep
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Exports

Exports

_cgo_panic
_cgo_topofstack
crosscall2

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 344KB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Loader2-2.exe.vir
.exe windows:6 windows x64 arch:x64

d4ddd68a29a0753d95995f7838b1df9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_beginthread
memcpy
malloc
fwrite
free
fprintf
exit
abort
_errno
__iob_func

kernel32

WaitForSingleObject
SetEvent
CreateEventA
WriteFile
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
TerminateProcess
Sleep
ReleaseSRWLockExclusive
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
LeaveCriticalSection
K32GetProcessMemoryInfo
IsDebuggerPresent
InitializeCriticalSection
GetSystemInfo
GetStdHandle
GetProcessId
GetNativeSystemInfo
GetLastError
GetFileAttributesA
GetEnvironmentVariableA
GetCurrentThreadId
GetCurrentProcess
EnterCriticalSection
CreateFileA
CloseHandle
AcquireSRWLockExclusive
WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
Sleep
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Exports

Exports

_cgo_panic
_cgo_topofstack
crosscall2

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 344KB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b427f787b812ec1d93bf5e0506aec802b4e84f2929f9647637bc9faad384ccc9.msi.vir
.msi .vbs polyglot
hhhgd1.exe.vir
.exe windows:6 windows x86 arch:x86

70dace9bd3ee8f9cbe77fc5b617b8cba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
ExitProcess
GetFileType
SetStdHandle
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
CompareStringW
GetConsoleOutputCP
QueryPerformanceFrequency
VirtualQuery
GetSystemInfo
RtlUnwind
GetStringTypeW
LCMapStringEx
OutputDebugStringW
LCMapStringW
IsValidLocale
GetCommandLineW
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
EnumSystemLocalesW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
FindResourceExW
SystemTimeToTzSpecificLocalTime
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetACP
FileTimeToSystemTime
GetStringTypeExA
GetThreadLocale
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
GetCurrentProcess
DuplicateHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetEndOfFile
ReadFile
LockFile
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
GetTempPathA
SetFilePointer
SearchPathA
GetProfileIntA
GetTickCount
GetCPInfo
GetOEMCP
VirtualProtect
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
VerifyVersionInfoA
VerSetConditionMask
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetUserDefaultLCID
SystemTimeToFileTime
ReplaceFileA
GetTempFileNameA
SetFileTime
GetFullPathNameA
GetFileTime
GetDiskFreeSpaceA
ResumeThread
SetThreadPriority
WaitForSingleObject
SetEvent
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetVersionExA
lstrcmpA
CopyFileA
FormatMessageA
MulDiv
LocalFree
GetCurrentDirectoryA
GlobalFree
GlobalSize
GlobalReAlloc
GlobalAlloc
GetFileSize
GetFileAttributesA
CreateFileA
lstrcpyA
CompareStringA
GlobalFindAtomA
FindResourceA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
MultiByteToWideChar
GlobalGetAtomNameA
GlobalAddAtomA
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
VirtualAlloc
Sleep
SuspendThread
GetCurrentThread
OutputDebugStringA
SetLastError
GetLastError
CloseHandle
GetModuleFileNameA
GetWindowsDirectoryA
ReadProcessMemory
WideCharToMultiByte
OpenProcess
GetCurrentProcessId
GetModuleHandleA
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
GetCommandLineA
WriteConsoleW

user32

DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetMenuItemInfoA
DrawFrameControl
MessageBeep
DeleteMenu
GetSystemMenu
LoadMenuW
KillTimer
SetTimer
CharUpperA
TrackMouseEvent
NotifyWinEvent
SystemParametersInfoA
SetClassLongA
WindowFromPoint
AppendMenuA
GetMenuState
DestroyAcceleratorTable
GetAsyncKeyState
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoA
MonitorFromWindow
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
MapWindowPoints
MessageBoxA
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
TrackPopupMenu
DeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsMenu
GetClassInfoExA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
DispatchMessageA
ReuseDDElParam
UnpackDDElParam
WinHelpA
LoadImageA
DestroyIcon
LoadIconW
GetLastActivePopup
GetWindowThreadProcessId
GetClassNameA
GetDesktopWindow
IntersectRect
GetSysColor
SetActiveWindow
InsertMenuItemA
GetMenuItemCount
GetMenuItemID
GetSubMenu
DestroyMenu
CreatePopupMenu
SetMenu
GetMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
GetActiveWindow
BringWindowToTop
GetClassInfoA
PeekMessageA
IsDialogMessageA
SetWindowLongA
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsWindowEnabled
SetFocus
SendDlgItemMessageA
LoadImageW
CopyImage
UnionRect
SendMessageA
EnableWindow
RedrawWindow
UpdateWindow
CheckDlgButton
GetDlgItem
SetWindowPos
MoveWindow
ShowWindow
DestroyCursor
LoadCursorW
LoadCursorA
PtInRect
EqualRect
InflateRect
ScreenToClient
GetCursorPos
GetMessageA
UpdateLayeredWindow
EnableScrollBar
MonitorFromPoint
GetMenuStringA
InsertMenuA
RemoveMenu
ModifyMenuA
LockWindowUpdate
CharUpperBuffA
DrawEdge
GetSysColorBrush
DrawFocusRect
DrawIconEx
SetRect
PostQuitMessage
LoadAcceleratorsW
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
DrawTextA
FillRect
GetSystemMetrics
EnumWindows
ClientToScreen
RegisterWindowMessageA
PostMessageA
IsWindow
DestroyWindow
IsWindowVisible
IsIconic
IsZoomed
GetCapture
SetForegroundWindow
SetWindowRgn
GetClientRect
GetWindowRect
SetRectEmpty
CopyRect
OffsetRect
IsRectEmpty
GetClassLongA
GetParent
SetParent
GetTopWindow
GetWindow
CreateWindowExA
IsChild
BeginDeferWindowPos
EndDeferWindowPos
GetDlgCtrlID
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
InvalidateRect
SetScrollPos
GetScrollPos
SetCursorPos
SetCursor
DrawIcon
GetKeyNameTextA
MapVirtualKeyA
RealChildWindowFromPoint
MapDialogRect
CopyAcceleratorTableA
GetMenuDefaultItem
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
RegisterClipboardFormatA
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
CopyIcon
GetComboBoxInfo
EnumChildWindows
SubtractRect
GetNextDlgGroupItem
GetIconInfo
GetDoubleClickTime
CreateMenu
GetWindowRgn
IsCharLowerA
MapVirtualKeyExA
HideCaret
InvertRect
EnumDisplayMonitors
SetLayeredWindowAttributes
ShowOwnedPopups
WaitMessage
PostThreadMessageA
TranslateMessage
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA

gdi32

RealizePalette
SelectPalette
SetPixel
StretchBlt
SetDIBColorTable
CopyMetaFileA
CreateDCA
GetDeviceCaps
CreateEllipticRgn
CreateHatchBrush
CreateRectRgnIndirect
CreateSolidBrush
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32A
ExtTextOutA
CreatePolygonRgn
Polygon
Polyline
CreatePatternBrush
Rectangle
RoundRect
GetTextMetricsA
CreateFontIndirectA
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
GetStockObject
MoveToEx
TextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetRectRgn
DPtoLP
LPtoDP
GetRgnBox
OffsetRgn
CreatePalette
GetPaletteEntries
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
EnumFontFamiliesExA
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetNearestPaletteIndex
GetSystemPaletteEntries
GetTextFaceA
SetPixelV
GetPixel
GetDIBits
CreateRectRgn
CombineRgn
BitBlt
CreateRoundRectRgn
CreatePen
CreateBitmap
SetTextColor
CreateCompatibleBitmap
PatBlt
GetObjectA
CreateDIBSection
SelectObject
DeleteObject
CreateCompatibleDC
SetBkColor
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumValueA
RegOpenKeyExW
RegEnumKeyExA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueA
RegCloseKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

shell32

ShellExecuteA
DragQueryFileA
DragFinish
SHAppBarMessage
SHGetFileInfoA
ExtractIconA
SHAddToRecentDocs
SHGetDesktopFolder
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

shlwapi

PathFindFileNameA
PathIsUNCA
StrFormatKBSizeA
PathStripToRootA
PathRemoveFileSpecW
PathFindExtensionA

uxtheme

GetThemePartSize
OpenThemeData
CloseThemeData
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
IsAppThemed
DrawThemeText
DrawThemeParentBackground

ole32

DoDragDrop
OleGetClipboard
CoLockObjectExternal
OleLockRunning
CoDisconnectObject
OleCreateMenuDescriptor
CoInitialize
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoGetObject
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
RegisterDragDrop
RevokeDragDrop
CoCreateInstance

oleaut32

LoadTypeLi
VarBstrFromDate
VariantCopy
SystemTimeToVariantTime
SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
VariantTimeToSystemTime

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipDrawImageI
GdiplusShutdown
GdipCreateBitmapFromStream

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Exports

Exports

_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA10@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA11@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA12@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA13@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA14@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA15@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA16@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA17@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA18@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA19@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA20@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA21@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0@0
_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAC0@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj100@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj101@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj102@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj103@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj104@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj105@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj106@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj107@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj108@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj109@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj10@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj110@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj111@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj112@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj113@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj114@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj115@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj116@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj117@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj118@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj119@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj11@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj120@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj121@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj122@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj123@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj124@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj125@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj126@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj127@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj128@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj129@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj12@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj130@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj131@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj132@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj133@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj134@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj135@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj136@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj137@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj138@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj139@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj13@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj140@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj141@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj142@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj143@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj144@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj145@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj146@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj147@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj148@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj149@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj14@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj150@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj151@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj152@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj153@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj154@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj155@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj156@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj157@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj158@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj159@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj15@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj160@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj161@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj162@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj163@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj164@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj165@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj166@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj167@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj168@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj169@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj16@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj170@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj171@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj172@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj173@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj174@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj175@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj176@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj177@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj178@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj179@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj17@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj180@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj181@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj182@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj183@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj184@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj185@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj186@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj187@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj188@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj189@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj18@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj190@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj191@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj192@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj193@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj194@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj195@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj196@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj197@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj198@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj199@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj19@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj1@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj200@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj20@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj21@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj22@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj23@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj24@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj25@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj26@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj27@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj28@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj29@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj2@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj30@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj31@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj32@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj33@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj34@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj35@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj36@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj37@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj38@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj39@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj3@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj40@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj41@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj42@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj43@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj44@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj45@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj46@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj47@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj48@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj49@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj4@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj50@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj51@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj52@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj53@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj54@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj55@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj56@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj57@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj58@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj59@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj5@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj60@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj61@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj62@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj63@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj64@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj65@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj66@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj67@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj68@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj69@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj6@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj70@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj71@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj72@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj73@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj74@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj75@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj76@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj77@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj78@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj79@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj7@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj80@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj81@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj82@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj83@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj84@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj85@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj86@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj87@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj88@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj89@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj8@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj90@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj91@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj92@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj93@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj94@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj95@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj96@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj97@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj98@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj99@0
_safasfasfsagsafsafasfsadsafsfrgfgfdgfhj9@0

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37.2MB - Virtual size: 37.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
全球接码T10.exe.vir
.exe windows:4 windows x86 arch:x86

4196d869a2739441d74597d3b1948b1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord860
ord540
ord324
ord825
ord2298
ord2289
ord2370
ord4234
ord823
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord807
ord796
ord674
ord554
ord529
ord366
ord5252
ord2362
ord4129
ord858
ord5710
ord5683
ord537
ord1134
ord1979
ord665
ord5186
ord354
ord816
ord562
ord1168
ord3706
ord3626
ord2414
ord3755
ord5875
ord2754
ord2859
ord3663
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord5261
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord986
ord520
ord4159
ord6117
ord2621
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord338
ord4823
ord4858
ord6329
ord1641
ord5440
ord6383
ord5450
ord6394
ord4614
ord4613
ord1920
ord4262
ord4589
ord4899
ord4341
ord4349
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord5290
ord3748
ord1725
ord4432
ord784
ord1146
ord517
ord804
ord693
ord5260
ord2535
ord6131
ord6216
ord2379
ord6027
ord2818
ord1175
ord6215
ord2086
ord4464
ord4224
ord2587
ord4406
ord3394
ord3729
ord2582
ord4402
ord3370
ord3640
ord567
ord2302
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4710
ord4998
ord4853
ord4376
ord3346
ord5265
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
_ftol
memmove
_setmbcp
__CxxFrameHandler
rand
atoi
exit
_controlfp
fclose
fopen
_except_handler3

kernel32

GetModuleFileNameA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
GetModuleHandleA
GetStartupInfoA
FreeLibrary
LoadLibraryA
GetProcAddress
CreateFileA
GetTickCount
WriteFile
CloseHandle

user32

SendMessageA
LoadCursorA
PtInRect
SetCursor
ReleaseDC
InvalidateRgn
wsprintfA
EnableWindow
CopyRect
InvalidateRect
GetDC

gdi32

CombineRgn
CreatePolygonRgn
GetTextExtentPoint32A
CreateRectRgnIndirect
OffsetRgn
PtInRegion

ole32

CreateStreamOnHGlobal

olepro32

ord251

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
浏览器修复程序.exe.vir
.exe windows:6 windows x64 arch:x64

78cc4a4eeb408385767dbd01bc4b5500

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
SystemFunction036
RegCloseKey
RegOpenKeyExW

kernel32

AddVectoredExceptionHandler
SetThreadStackGuarantee
GetLastError
CloseHandle
WaitForSingleObject
GetExitCodeProcess
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
lstrlenW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SwitchToThread
SetLastError
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
WakeAllConditionVariable
SetHandleInformation
GetModuleHandleA
GetProcAddress
GetCurrentThread
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentProcess
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetEnvironmentVariableW
RtlLookupFunctionEntry
CreateFileW
GetFullPathNameW
CreateDirectoryW
FindFirstFileW
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
QueryPerformanceCounter
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
SleepConditionVariableSRW
WakeConditionVariable
PostQueuedCompletionStatus
SetFilePointerEx
GetConsoleOutputCP
FlushFileBuffers
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
WriteFile
RtlPcToFileHeader
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
EncodePointer
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

ntdll

NtCreateFile
NtWriteFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtDeviceIoControlFile

ws2_32

freeaddrinfo
getpeername
WSAGetLastError
getsockname
send
WSAIoctl
closesocket
shutdown
WSASend
WSASocketW
ioctlsocket
setsockopt
connect
getsockopt
bind
getaddrinfo
WSAStartup
WSACleanup
recv

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

secur32

DeleteSecurityContext
EncryptMessage
FreeContextBuffer
AcceptSecurityContext
QueryContextAttributesW
FreeCredentialsHandle
InitializeSecurityContextW
ApplyControlToken
AcquireCredentialsHandleA
DecryptMessage

crypt32

CertFreeCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateChain
CertOpenStore
CertDuplicateCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

bcrypt

BCryptGenRandom

Sections

.text
Size: 923KB - Virtual size: 923KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 490KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

51:a7:fe:8e:04:ff:e7:35:b7:83:b5:ceCertificate

Extended Key Usages

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

51:a7:fe:8e:04:ff:e7:35:b7:83:b5:ceCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

bc:a6:63:b2:3e:93:b2:10:b6:54:15:8b:cc:54:35:b9:bc:ad:a0:4f:e2:cb:3d:da:38:8f:99:b8:09:48:ba:03Signer

a7:c1:ff:d0:72:55:79:65:30:5b:21:fd:cf:46:76:b6:1d:9c:26:11Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 900KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 4KB - Virtual size: 3KB

dd024f04a45ea4528356ec54de0e0819

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 3KB - Virtual size: 3KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

51:a7:fe:8e:04:ff:e7:35:b7:83:b5:ce
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

51:a7:fe:8e:04:ff:e7:35:b7:83:b5:ce
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

bc:a6:63:b2:3e:93:b2:10:b6:54:15:8b:cc:54:35:b9:bc:ad:a0:4f:e2:cb:3d:da:38:8f:99:b8:09:48:ba:03
Signer

a7:c1:ff:d0:72:55:79:65:30:5b:21:fd:cf:46:76:b6:1d:9c:26:11
Signer

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 900KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 3KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:88:61:06:2e:3b:97:5a:b7:6d:a2:89:80:c5:b9:5e
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

87:17:30:27:e2:11:f3:c4:70:d8:3b:d9:4c:4b:e7:df:36:e9:5e:bd:2b:1d:b1:7c:d0:2f:1d:43:94:dd:ac:11
Signer

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 344KB - Virtual size: 10.9MB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 180B

.reloc
Size: 86KB - Virtual size: 85KB

.symtab
Size: 512B - Virtual size: 4B

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 344KB - Virtual size: 10.9MB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 180B

.reloc
Size: 86KB - Virtual size: 85KB

.symtab
Size: 512B - Virtual size: 4B