27[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27.zip
Size

4.3MB
MD5

6aa104ad44c4983a3ff5b90144388ab5
SHA1

41cf6a95d772f055e16829fe00d2fac7ebab5242
SHA256

5e21516e4f03b333a1288f59793562b2352bca5a71c0e7f63fa5e561c0b67d44
SHA512

695cbfb7ccadbb52e71826dad0057cc2db5f36c81eb5436a25c7554fd672cc3a787b6a398be5764975f4894f91d5a0ea4b2fa312e3f9983f21fe7288c7d5ab0c
SSDEEP

98304:QSxWvAcL++aNi0sZGBDJyU0pIWTvw9OvgGtthW+r56AjVkzpLX:3o7LxaNiZZuDJyULwvSOvjthWQTj+N7

Score

1^/10

Malware Config

Signatures

Files

27.zip
.zip
datastate.dll
.dll windows:5 windows x86 arch:x86

b04393022fffb1a5237a1e9ffd54599a

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/04/2022, 00:00

Not After

11/04/2025, 23:59

Subject

SERIALNUMBER=91510107MA654N9046,CN=Chengdu ShanHe Information Technology Co.\, Ltd.,O=Chengdu ShanHe Information Technology Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e5775686f75204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:f0:ed:8e:d6:38:18:3e:60:d0:46:c6:13:9f:86:58
Certificate

Issuer

CN=EC-ACC,OU=Serveis Publics de Certificacio+OU=Vegeu https://www.catcert.net/verarrel (c)03+OU=Jerarquia Entitats de Certificacio Catalanes,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES

Not Before

21/06/2021, 07:59

Not After

21/06/2025, 07:59

Subject

CN=Servei de segellat de temps de PSIS,O=Consorci Administració Oberta de Catalunya (NIF Q-0801175-A),C=ES

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/04/2022, 00:00

Not After

11/04/2025, 23:59

Subject

SERIALNUMBER=91510107MA654N9046,CN=Chengdu ShanHe Information Technology Co.\, Ltd.,O=Chengdu ShanHe Information Technology Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e5775686f75204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:f0:ed:8e:d6:38:18:3e:60:d0:46:c6:13:9f:86:58
Certificate

Issuer

CN=EC-ACC,OU=Serveis Publics de Certificacio+OU=Vegeu https://www.catcert.net/verarrel (c)03+OU=Jerarquia Entitats de Certificacio Catalanes,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES

Not Before

21/06/2021, 07:59

Not After

21/06/2025, 07:59

Subject

CN=Servei de segellat de temps de PSIS,O=Consorci Administració Oberta de Catalunya (NIF Q-0801175-A),C=ES

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a1:0e:20:83:40:6b:05:34:6e:04:e0:42:d7:65:fc:8e:d0:d3:7e:be:d7:e4:b1:9c:e0:3c:a4:73:5a:f1:7d
Signer

Actual PE Digest

01:a1:0e:20:83:40:6b:05:34:6e:04:e0:42:d7:65:fc:8e:d0:d3:7e:be:d7:e4:b1:9c:e0:3c:a4:73:5a:f1:7d

Digest Algorithm

sha256

PE Digest Matches

true

b9:9d:d3:18:23:e1:ce:9f:4a:2d:71:7f:2c:47:ac:47:a3:a6:52:a1
Signer

Actual PE Digest

b9:9d:d3:18:23:e1:ce:9f:4a:2d:71:7f:2c:47:ac:47:a3:a6:52:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityInfo

kernel32

CloseHandle
DisconnectNamedPipe
WriteFile
ReadFile
ConnectNamedPipe
CreateFileW
Sleep
GetLastError
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
LocalFree
CreateNamedPipeW
GetVersion
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCurrentThreadId
GetCommandLineA
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

Clear
Func
GetWaitTime
Server
SetWaitTime

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iTopVPN.exe
.exe windows:5 windows x86 arch:x86

870040097535d74eeddfd5ff3fe135ee

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/04/2022, 00:00

Not After

11/04/2025, 23:59

Subject

SERIALNUMBER=91510107MA654N9046,CN=Chengdu ShanHe Information Technology Co.\, Ltd.,O=Chengdu ShanHe Information Technology Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e5775686f75204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:5b:97:5e:d8:eb:41:a4:dc:54:ac:49:7f:08:c0:e2
Certificate

Issuer

CN=EC-ACC,OU=Serveis Publics de Certificacio+OU=Vegeu https://www.catcert.net/verarrel (c)03+OU=Jerarquia Entitats de Certificacio Catalanes,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES

Not Before

06/06/2023, 09:02

Not After

05/06/2027, 09:02

Subject

CN=Servei de segellat de temps de PSIS,O=Consorci Administració Oberta de Catalunya (NIF Q-0801175-A),C=ES

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/04/2022, 00:00

Not After

11/04/2025, 23:59

Subject

SERIALNUMBER=91510107MA654N9046,CN=Chengdu ShanHe Information Technology Co.\, Ltd.,O=Chengdu ShanHe Information Technology Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e5775686f75204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:5b:97:5e:d8:eb:41:a4:dc:54:ac:49:7f:08:c0:e2
Certificate

Issuer

CN=EC-ACC,OU=Serveis Publics de Certificacio+OU=Vegeu https://www.catcert.net/verarrel (c)03+OU=Jerarquia Entitats de Certificacio Catalanes,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES

Not Before

06/06/2023, 09:02

Not After

05/06/2027, 09:02

Subject

CN=Servei de segellat de temps de PSIS,O=Consorci Administració Oberta de Catalunya (NIF Q-0801175-A),C=ES

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3e:7d:73:e0:cf:ce:01:4c:97:37:41:bc:88:af:58:60:f2:5d:9a:b3:4a:c4:f9:f4:27:68:cf:7e:cb:f5:63:5d
Signer

Actual PE Digest

3e:7d:73:e0:cf:ce:01:4c:97:37:41:bc:88:af:58:60:f2:5d:9a:b3:4a:c4:f9:f4:27:68:cf:7e:cb:f5:63:5d

Digest Algorithm

sha256

PE Digest Matches

true

b5:c7:a8:d9:6a:d4:92:b6:2a:01:e5:b4:93:24:c8:1b:28:6c:7c:ac
Signer

Actual PE Digest

b5:c7:a8:d9:6a:d4:92:b6:2a:01:e5:b4:93:24:c8:1b:28:6c:7c:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
VariantClear
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegUnLoadKeyW
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyA
RegEnumKeyExW
RegDeleteValueA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExA
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
LookupAccountNameW
IsValidSecurityDescriptor
InitializeSecurityDescriptor
GetUserNameA
GetUserNameW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorSacl
FreeSid
DuplicateTokenEx
CreateProcessAsUserW
AllocateAndInitializeSid
AdjustTokenPrivileges
ConvertSidToStringSidW
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
GetServiceDisplayNameW
EnumServicesStatusW
CloseServiceHandle
ChangeServiceConfigW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WindowFromDC
WaitMessage
WaitForInputIdle
ValidateRect
UpdateLayeredWindow
UpdateWindow
UnregisterClassA
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageTimeoutA
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassA
RegisterClassW
RedrawWindow
PtInRect
PostThreadMessageA
PostThreadMessageW
PostQuitMessage
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LockWindowUpdate
LoadStringW
LoadKeyboardLayoutW
LoadImageA
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextA
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowLongW
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageA
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastInputInfo
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassLongW
GetClassInfoW
GetCaretBlinkTime
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowA
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout
GetWindowRgnBox

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrlenW
lstrcpyW
lstrcmpiA
lstrcmpiW
lstrcmpA
lstrcmpW
WriteProcessMemory
WritePrivateProfileStringW
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SignalObjectAndWait
SetWaitableTimer
SetVolumeLabelW
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetPriorityClass
SetLastError
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
SearchPathW
ResumeThread
ResetEvent
RemoveDirectoryA
RemoveDirectoryW
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
PeekNamedPipe
OutputDebugStringW
OpenProcess
OpenFileMappingA
OpenFileMappingW
MultiByteToWideChar
MulDiv
MoveFileExW
MoveFileW
MapViewOfFile
LockResource
LocalSize
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
IsBadCodePtr
InitializeCriticalSection
HeapFree
HeapDestroy
HeapAlloc
GlobalUnlock
GlobalMemoryStatusEx
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalGetAtomNameW
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExA
GetVersionExW
GetVersion
GetUserDefaultLangID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathA
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetStdHandle
GetShortPathNameW
GetProcessTimes
GetProcAddress
GetPrivateProfileStringW
GetPriorityClass
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesExW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetComputerNameA
GetComputerNameW
GetCommandLineA
GetCommandLineW
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageA
FormatMessageW
FlushInstructionCache
FlushFileBuffers
FindResourceA
FindResourceW
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DisconnectNamedPipe
DeviceIoControl
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateWaitableTimerW
CreateThread
CreateSemaphoreW
CreateProcessA
CreateProcessW
CreatePipe
CreateNamedPipeW
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryA
CreateDirectoryW
CopyFileA
CopyFileW
ConnectNamedPipe
CompareStringA
CompareStringW
CloseHandle
Beep
RtlUnwind
GetLongPathNameW
Sleep
ProcessIdToSessionId
GetUserDefaultUILanguage
VerSetConditionMask
VerifyVersionInfoW
GetLongPathNameW
GetComputerNameW
GetTimeZoneInformation
Sleep
GetLongPathNameW
ProcessIdToSessionId
GetSystemDefaultLangID
GetSystemDefaultLangID

msimg32

TransparentBlt
AlphaBlend

gdi32

UnrealizeObject
TextOutA
TextOutW
StretchDIBits
StretchBlt
StartPage
StartDocA
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixelV
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
Pie
PatBlt
OffsetViewportOrgEx
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsW
GetTextFaceA
GetTextExtentPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentExPointW
GetTextColor
GetTextAlign
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetROP2
GetPixel
GetPaletteEntries
GetObjectType
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExcludeClipRect
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateFontA
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
BitBlt
AddFontMemResourceEx

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW

mpr

WNetGetConnectionW

wsock32

__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
gethostname
gethostbyname
socket
setsockopt
sendto
send
select
recvfrom
recv
listen
ioctlsocket
inet_ntoa
inet_addr
htons
htonl
getsockname
connect
closesocket
bind
accept

shell32

Shell_NotifyIconW
ShellExecuteExA
ShellExecuteExW
ShellExecuteA
ShellExecuteW
SHGetFileInfoW
SHFileOperationW
ExtractIconExW
SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathW
SHGetMalloc

ole32

CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
CoInitialize
IsEqualGUID
IsEqualGUID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoUninitialize
CoInitialize

wininet

InternetGetConnectedState
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache
DeleteUrlCacheEntryW

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls
ImageList_GetIconSize

comdlg32

PrintDlgW
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameW

imm32

ImmAssociateContext
ImmReleaseContext
ImmGetContext

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

netapi32

NetApiBufferFree
NetUserGetInfo
NetUserSetInfo
NetApiBufferFree
NetShareEnum
NetShareSetInfo
NetShareGetInfo
NetApiBufferFree
NetUserGetInfo
NetUserEnum

datastate

Clear
Func
Server

sqlite3

sqlite3_bind_parameter_index
sqlite3_bind_null
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_double
sqlite3_bind_text
sqlite3_bind_blob
sqlite3_reset
sqlite3_finalize
sqlite3_column_int64
sqlite3_column_type
sqlite3_column_text
sqlite3_column_double
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_step
sqlite3_column_decltype
sqlite3_column_name
sqlite3_column_count
sqlite3_prepare_v2
sqlite3_free
sqlite3_errcode
sqlite3_errmsg
sqlite3_close
sqlite3_open

shlwapi

PathCombineW

ws2_32

WSACleanup
WSAStartup
socket
htons
connect
closesocket

msvcrt

free
malloc
strchr
isxdigit
isupper
isspace
ispunct
isprint
islower
isgraph
isdigit
iscntrl
isalpha
isalnum
toupper
tolower
strlen
memcmp
strncmp
memset
memmove
memcpy

iphlpapi

GetIfTable
GetIpAddrTable

Exports

Exports

madTraceProcess

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 290KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 596B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
snick.jpeg
sqlite3.dll
.dll windows:4 windows x86 arch:x86

953394ee44f1817f72dbbc6e791bce8b

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/04/2022, 00:00

Not After

11/04/2025, 23:59

Subject

SERIALNUMBER=91510107MA654N9046,CN=Chengdu ShanHe Information Technology Co.\, Ltd.,O=Chengdu ShanHe Information Technology Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e5775686f75204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:f0:ed:8e:d6:38:18:3e:60:d0:46:c6:13:9f:86:58
Certificate

Issuer

CN=EC-ACC,OU=Serveis Publics de Certificacio+OU=Vegeu https://www.catcert.net/verarrel (c)03+OU=Jerarquia Entitats de Certificacio Catalanes,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES

Not Before

21/06/2021, 07:59

Not After

21/06/2025, 07:59

Subject

CN=Servei de segellat de temps de PSIS,O=Consorci Administració Oberta de Catalunya (NIF Q-0801175-A),C=ES

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/04/2022, 00:00

Not After

11/04/2025, 23:59

Subject

SERIALNUMBER=91510107MA654N9046,CN=Chengdu ShanHe Information Technology Co.\, Ltd.,O=Chengdu ShanHe Information Technology Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e5775686f75204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:f0:ed:8e:d6:38:18:3e:60:d0:46:c6:13:9f:86:58
Certificate

Issuer

CN=EC-ACC,OU=Serveis Publics de Certificacio+OU=Vegeu https://www.catcert.net/verarrel (c)03+OU=Jerarquia Entitats de Certificacio Catalanes,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES

Not Before

21/06/2021, 07:59

Not After

21/06/2025, 07:59

Subject

CN=Servei de segellat de temps de PSIS,O=Consorci Administració Oberta de Catalunya (NIF Q-0801175-A),C=ES

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c1:a9:7f:d1:e1:77:7e:c6:38:9f:5e:22:4b:9a:6e:21:d6:82:6e:55:a9:9b:3c:83:f0:a2:9e:fa:f4:1d:67:0e
Signer

Actual PE Digest

c1:a9:7f:d1:e1:77:7e:c6:38:9f:5e:22:4b:9a:6e:21:d6:82:6e:55:a9:9b:3c:83:f0:a2:9e:fa:f4:1d:67:0e

Digest Algorithm

sha256

PE Digest Matches

false

f3:c2:ba:60:62:72:c9:9e:6d:ad:bb:7f:b2:99:d8:74:ed:4b:ae:1f
Signer

Actual PE Digest

f3:c2:ba:60:62:72:c9:9e:6d:ad:bb:7f:b2:99:d8:74:ed:4b:ae:1f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
SystemTimeToFileTime
TlsGetValue
TryEnterCriticalSection
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
_beginthreadex
_endthreadex
_errno
_iob
_winmajor
abort
calloc
fflush
free
fwrite
localtime
malloc
memcmp
memmove
memset
qsort
realloc
strcmp
strncmp
vfprintf

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/51
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/77
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b04393022fffb1a5237a1e9ffd54599a

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63Certificate

Extended Key Usages

Key Usages

5e:f0:ed:8e:d6:38:18:3e:60:d0:46:c6:13:9f:86:58Certificate

Extended Key Usages

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63Certificate

Extended Key Usages

Key Usages

5e:f0:ed:8e:d6:38:18:3e:60:d0:46:c6:13:9f:86:58Certificate

Extended Key Usages

Key Usages

01:a1:0e:20:83:40:6b:05:34:6e:04:e0:42:d7:65:fc:8e:d0:d3:7e:be:d7:e4:b1:9c:e0:3c:a4:73:5a:f1:7dSigner

b9:9d:d3:18:23:e1:ce:9f:4a:2d:71:7f:2c:47:ac:47:a3:a6:52:a1Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

870040097535d74eeddfd5ff3fe135ee

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63Certificate

Extended Key Usages

Key Usages

52:5b:97:5e:d8:eb:41:a4:dc:54:ac:49:7f:08:c0:e2Certificate

Extended Key Usages

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63Certificate

Extended Key Usages

Key Usages

52:5b:97:5e:d8:eb:41:a4:dc:54:ac:49:7f:08:c0:e2Certificate

Extended Key Usages

Key Usages

3e:7d:73:e0:cf:ce:01:4c:97:37:41:bc:88:af:58:60:f2:5d:9a:b3:4a:c4:f9:f4:27:68:cf:7e:cb:f5:63:5dSigner

b5:c7:a8:d9:6a:d4:92:b6:2a:01:e5:b4:93:24:c8:1b:28:6c:7c:acSigner

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63
Certificate

5e:f0:ed:8e:d6:38:18:3e:60:d0:46:c6:13:9f:86:58
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63
Certificate

5e:f0:ed:8e:d6:38:18:3e:60:d0:46:c6:13:9f:86:58
Certificate

01:a1:0e:20:83:40:6b:05:34:6e:04:e0:42:d7:65:fc:8e:d0:d3:7e:be:d7:e4:b1:9c:e0:3c:a4:73:5a:f1:7d
Signer

b9:9d:d3:18:23:e1:ce:9f:4a:2d:71:7f:2c:47:ac:47:a3:a6:52:a1
Signer

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63
Certificate

52:5b:97:5e:d8:eb:41:a4:dc:54:ac:49:7f:08:c0:e2
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63
Certificate

52:5b:97:5e:d8:eb:41:a4:dc:54:ac:49:7f:08:c0:e2
Certificate

3e:7d:73:e0:cf:ce:01:4c:97:37:41:bc:88:af:58:60:f2:5d:9a:b3:4a:c4:f9:f4:27:68:cf:7e:cb:f5:63:5d
Signer

b5:c7:a8:d9:6a:d4:92:b6:2a:01:e5:b4:93:24:c8:1b:28:6c:7c:ac
Signer

.text
Size: 5.0MB - Virtual size: 5.0MB

.itext
Size: 18KB - Virtual size: 18KB

.data
Size: 208KB - Virtual size: 208KB

.bss
Size: - Virtual size: 290KB

.idata
Size: 25KB - Virtual size: 24KB

.edata
Size: 512B - Virtual size: 78B

.tls
Size: - Virtual size: 596B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 277KB - Virtual size: 277KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63
Certificate

5e:f0:ed:8e:d6:38:18:3e:60:d0:46:c6:13:9f:86:58
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:48:ca:71:4a:c0:6f:07:d2:fd:2c:38:f6:61:20:63
Certificate

5e:f0:ed:8e:d6:38:18:3e:60:d0:46:c6:13:9f:86:58
Certificate

c1:a9:7f:d1:e1:77:7e:c6:38:9f:5e:22:4b:9a:6e:21:d6:82:6e:55:a9:9b:3c:83:f0:a2:9e:fa:f4:1d:67:0e
Signer

f3:c2:ba:60:62:72:c9:9e:6d:ad:bb:7f:b2:99:d8:74:ed:4b:ae:1f
Signer

.text
Size: 462KB - Virtual size: 461KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 47KB - Virtual size: 46KB

.bss
Size: - Virtual size: 1KB