1ff3e11c0b1729d3ebb5f3ba9b9173da

Sharing

Copy URL Twitter E-mail

General

Target

1ff3e11c0b1729d3ebb5f3ba9b9173da
Size

379KB
MD5

1ff3e11c0b1729d3ebb5f3ba9b9173da
SHA1

595cf7426b29b413531eec6d9b42a7cd0ecfe0cc
SHA256

2241662f318c463e3a906ad142dc586d6766494b78226b393568081114fff013
SHA512

be49e52c89720678664e76c0d50e3e76ada79ea3331d0a44178d32f27f35d720552de0f6733776a930e7cb7bac78c3a4ffe563aa779c5d18c3325e674c85cce4
SSDEEP

6144:kY70o37432B9OV6eyu7KrZNBw7FqrsWWWK91k6U4WIhzzYkRmm1fnBT7OndGj3m6:97/37f92yBy7cgWWtXWIxkxSfBTpjW3K

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/out.upx

Files

1ff3e11c0b1729d3ebb5f3ba9b9173da
.exe windows:4 windows x86 arch:x86

Code Sign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:4f:43:5b:16:9e:c4:60:89:3a:d0:18:7e:44:d8:58
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2015, 23:59

Subject

CN=Installmatic\, LLC,O=Installmatic\, LLC,POSTALCODE=33130,STREET=80 SW 8th St #2000,L=Miami,ST=FL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:37:8b:2c:fa:3e:6c:8e:1d:6e:a3:ef:cb:58:e8:0e:3b:d8:d4:64
Signer

Actual PE Digest

02:37:8b:2c:fa:3e:6c:8e:1d:6e:a3:ef:cb:58:e8:0e:3b:d8:d4:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 712KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 353KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$26Shdocvw_tlb@TCppWebBrowser
@$xp$26Shdocvw_tlb@TCppWebBrowser
@$xp$26Shdocvw_tlb@TCppWebBrowser
@$xp$26Shdocvw_tlb@TCppWebBrowser
@$xp$26Shdocvw_tlb@TCppWebBrowser
@$xp$26Shdocvw_tlb@TCppWebBrowser
@$xp$28Shdocvw_tlb@TCppShellWindows
@$xp$28Shdocvw_tlb@TCppShellWindows
@$xp$28Shdocvw_tlb@TCppShellWindows
@$xp$28Shdocvw_tlb@TCppShellWindows
@$xp$28Shdocvw_tlb@TCppShellWindows
@$xp$28Shdocvw_tlb@TCppShellWindows
@$xp$29Shdocvw_tlb@TCppShellUIHelper
@$xp$29Shdocvw_tlb@TCppShellUIHelper
@$xp$29Shdocvw_tlb@TCppShellUIHelper
@$xp$29Shdocvw_tlb@TCppShellUIHelper
@$xp$29Shdocvw_tlb@TCppShellUIHelper
@$xp$29Shdocvw_tlb@TCppShellUIHelper
@$xp$29Shdocvw_tlb@TCppWebBrowser_V1
@$xp$29Shdocvw_tlb@TCppWebBrowser_V1
@$xp$29Shdocvw_tlb@TCppWebBrowser_V1
@$xp$29Shdocvw_tlb@TCppWebBrowser_V1
@$xp$29Shdocvw_tlb@TCppWebBrowser_V1
@$xp$29Shdocvw_tlb@TCppWebBrowser_V1
@$xp$32Shdocvw_tlb@TCppCScriptErrorList
@$xp$32Shdocvw_tlb@TCppCScriptErrorList
@$xp$32Shdocvw_tlb@TCppCScriptErrorList
@$xp$32Shdocvw_tlb@TCppCScriptErrorList
@$xp$32Shdocvw_tlb@TCppCScriptErrorList
@$xp$32Shdocvw_tlb@TCppCScriptErrorList
@$xp$32Shdocvw_tlb@TCppInternetExplorer
@$xp$32Shdocvw_tlb@TCppInternetExplorer
@$xp$32Shdocvw_tlb@TCppInternetExplorer
@$xp$32Shdocvw_tlb@TCppInternetExplorer
@$xp$32Shdocvw_tlb@TCppInternetExplorer
@$xp$32Shdocvw_tlb@TCppInternetExplorer
@$xp$33Shdocvw_tlb@TCppSearchAssistantOC
@$xp$33Shdocvw_tlb@TCppSearchAssistantOC
@$xp$33Shdocvw_tlb@TCppSearchAssistantOC
@$xp$33Shdocvw_tlb@TCppSearchAssistantOC
@$xp$33Shdocvw_tlb@TCppSearchAssistantOC
@$xp$33Shdocvw_tlb@TCppSearchAssistantOC
@$xp$34Shdocvw_tlb@TCppShellBrowserWindow
@$xp$34Shdocvw_tlb@TCppShellBrowserWindow
@$xp$34Shdocvw_tlb@TCppShellBrowserWindow
@$xp$34Shdocvw_tlb@TCppShellBrowserWindow
@$xp$34Shdocvw_tlb@TCppShellBrowserWindow
@$xp$34Shdocvw_tlb@TCppShellBrowserWindow
@$xp$36Shdocvw_tlb@TShellFavoritesNameSpace
@$xp$36Shdocvw_tlb@TShellFavoritesNameSpace
@$xp$36Shdocvw_tlb@TShellFavoritesNameSpace
@$xp$36Shdocvw_tlb@TShellFavoritesNameSpace
@$xp$36Shdocvw_tlb@TShellFavoritesNameSpace
@$xp$36Shdocvw_tlb@TShellFavoritesNameSpace
@@Shdocvw_ocx@Finalize
@@Shdocvw_ocx@Initialize
@@Unit1@Finalize
@@Unit1@Initialize
@@Unit2@Finalize
@@Unit2@Initialize
@@Unit3@Finalize
@@Unit3@Initialize
@@Unit5@Finalize
@@Unit5@Initialize
@Shdocvw_ocx@Register$qqrv
@Shdocvw_tlb@TCppCScriptErrorList@
@Shdocvw_tlb@TCppCScriptErrorList@
@Shdocvw_tlb@TCppCScriptErrorList@
@Shdocvw_tlb@TCppCScriptErrorList@
@Shdocvw_tlb@TCppCScriptErrorList@
@Shdocvw_tlb@TCppCScriptErrorList@
@Shdocvw_tlb@TCppCScriptErrorList@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppCScriptErrorList@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppCScriptErrorList@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppCScriptErrorList@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppCScriptErrorList@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppCScriptErrorList@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppCScriptErrorList@BeforeDestruction$qqrv
@Shdocvw_tlb@TCppCScriptErrorList@Connect$qqrv
@Shdocvw_tlb@TCppCScriptErrorList@ConnectTo$qqr91%TComInterface$28Shdocvw_tlb@IScriptErrorListpx5_GUID$e&@Shdocvw_tlb@IID_IScriptErrorList$%
@Shdocvw_tlb@TCppCScriptErrorList@Disconnect$qqrv
@Shdocvw_tlb@TCppCScriptErrorList@GetDefaultInterface$qv
@Shdocvw_tlb@TCppCScriptErrorList@GetDunk$qqrv
@Shdocvw_tlb@TCppCScriptErrorList@InitServerData$qqrv
@Shdocvw_tlb@TCppInternetExplorer@
@Shdocvw_tlb@TCppInternetExplorer@
@Shdocvw_tlb@TCppInternetExplorer@
@Shdocvw_tlb@TCppInternetExplorer@
@Shdocvw_tlb@TCppInternetExplorer@
@Shdocvw_tlb@TCppInternetExplorer@
@Shdocvw_tlb@TCppInternetExplorer@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppInternetExplorer@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppInternetExplorer@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppInternetExplorer@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppInternetExplorer@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppInternetExplorer@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppInternetExplorer@BeforeDestruction$qqrv
@Shdocvw_tlb@TCppInternetExplorer@Connect$qqrv
@Shdocvw_tlb@TCppInternetExplorer@ConnectTo$qqr83%TComInterface$24Shdocvw_tlb@IWebBrowser2px5_GUID$e&@Shdocvw_tlb@IID_IWebBrowser2$%
@Shdocvw_tlb@TCppInternetExplorer@Disconnect$qqrv
@Shdocvw_tlb@TCppInternetExplorer@GetDefaultInterface$qv
@Shdocvw_tlb@TCppInternetExplorer@GetDunk$qqrv
@Shdocvw_tlb@TCppInternetExplorer@InitServerData$qqrv
@Shdocvw_tlb@TCppInternetExplorer@InvokeEvent$qqrir42System@%DynamicArray$t17System@OleVariant%
@Shdocvw_tlb@TCppSearchAssistantOC@
@Shdocvw_tlb@TCppSearchAssistantOC@
@Shdocvw_tlb@TCppSearchAssistantOC@
@Shdocvw_tlb@TCppSearchAssistantOC@
@Shdocvw_tlb@TCppSearchAssistantOC@
@Shdocvw_tlb@TCppSearchAssistantOC@
@Shdocvw_tlb@TCppSearchAssistantOC@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppSearchAssistantOC@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppSearchAssistantOC@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppSearchAssistantOC@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppSearchAssistantOC@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppSearchAssistantOC@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppSearchAssistantOC@BeforeDestruction$qqrv
@Shdocvw_tlb@TCppSearchAssistantOC@Connect$qqrv
@Shdocvw_tlb@TCppSearchAssistantOC@ConnectTo$qqr97%TComInterface$31Shdocvw_tlb@ISearchAssistantOC3px5_GUID$e&@Shdocvw_tlb@IID_ISearchAssistantOC3$%
@Shdocvw_tlb@TCppSearchAssistantOC@Disconnect$qqrv
@Shdocvw_tlb@TCppSearchAssistantOC@GetDefaultInterface$qv
@Shdocvw_tlb@TCppSearchAssistantOC@GetDunk$qqrv
@Shdocvw_tlb@TCppSearchAssistantOC@InitServerData$qqrv
@Shdocvw_tlb@TCppSearchAssistantOC@InvokeEvent$qqrir42System@%DynamicArray$t17System@OleVariant%
@Shdocvw_tlb@TCppShellBrowserWindow@
@Shdocvw_tlb@TCppShellBrowserWindow@
@Shdocvw_tlb@TCppShellBrowserWindow@
@Shdocvw_tlb@TCppShellBrowserWindow@
@Shdocvw_tlb@TCppShellBrowserWindow@
@Shdocvw_tlb@TCppShellBrowserWindow@
@Shdocvw_tlb@TCppShellBrowserWindow@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellBrowserWindow@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellBrowserWindow@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellBrowserWindow@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellBrowserWindow@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellBrowserWindow@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellBrowserWindow@BeforeDestruction$qqrv
@Shdocvw_tlb@TCppShellBrowserWindow@Connect$qqrv
@Shdocvw_tlb@TCppShellBrowserWindow@ConnectTo$qqr83%TComInterface$24Shdocvw_tlb@IWebBrowser2px5_GUID$e&@Shdocvw_tlb@IID_IWebBrowser2$%
@Shdocvw_tlb@TCppShellBrowserWindow@Disconnect$qqrv
@Shdocvw_tlb@TCppShellBrowserWindow@GetDefaultInterface$qv
@Shdocvw_tlb@TCppShellBrowserWindow@GetDunk$qqrv
@Shdocvw_tlb@TCppShellBrowserWindow@InitServerData$qqrv
@Shdocvw_tlb@TCppShellBrowserWindow@InvokeEvent$qqrir42System@%DynamicArray$t17System@OleVariant%
@Shdocvw_tlb@TCppShellUIHelper@
@Shdocvw_tlb@TCppShellUIHelper@
@Shdocvw_tlb@TCppShellUIHelper@
@Shdocvw_tlb@TCppShellUIHelper@
@Shdocvw_tlb@TCppShellUIHelper@
@Shdocvw_tlb@TCppShellUIHelper@
@Shdocvw_tlb@TCppShellUIHelper@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellUIHelper@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellUIHelper@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellUIHelper@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellUIHelper@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellUIHelper@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellUIHelper@BeforeDestruction$qqrv
@Shdocvw_tlb@TCppShellUIHelper@Connect$qqrv
@Shdocvw_tlb@TCppShellUIHelper@ConnectTo$qqr87%TComInterface$26Shdocvw_tlb@IShellUIHelperpx5_GUID$e&@Shdocvw_tlb@IID_IShellUIHelper$%
@Shdocvw_tlb@TCppShellUIHelper@Disconnect$qqrv
@Shdocvw_tlb@TCppShellUIHelper@GetDefaultInterface$qv
@Shdocvw_tlb@TCppShellUIHelper@GetDunk$qqrv
@Shdocvw_tlb@TCppShellUIHelper@InitServerData$qqrv
@Shdocvw_tlb@TCppShellWindows@
@Shdocvw_tlb@TCppShellWindows@
@Shdocvw_tlb@TCppShellWindows@
@Shdocvw_tlb@TCppShellWindows@
@Shdocvw_tlb@TCppShellWindows@
@Shdocvw_tlb@TCppShellWindows@
@Shdocvw_tlb@TCppShellWindows@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellWindows@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellWindows@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellWindows@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellWindows@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellWindows@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppShellWindows@BeforeDestruction$qqrv
@Shdocvw_tlb@TCppShellWindows@Connect$qqrv
@Shdocvw_tlb@TCppShellWindows@ConnectTo$qqr85%TComInterface$25Shdocvw_tlb@IShellWindowspx5_GUID$e&@Shdocvw_tlb@IID_IShellWindows$%
@Shdocvw_tlb@TCppShellWindows@Disconnect$qqrv
@Shdocvw_tlb@TCppShellWindows@GetDefaultInterface$qv
@Shdocvw_tlb@TCppShellWindows@GetDunk$qqrv
@Shdocvw_tlb@TCppShellWindows@InitServerData$qqrv
@Shdocvw_tlb@TCppShellWindows@InvokeEvent$qqrir42System@%DynamicArray$t17System@OleVariant%
@Shdocvw_tlb@TCppWebBrowser@
@Shdocvw_tlb@TCppWebBrowser@
@Shdocvw_tlb@TCppWebBrowser@
@Shdocvw_tlb@TCppWebBrowser@
@Shdocvw_tlb@TCppWebBrowser@
@Shdocvw_tlb@TCppWebBrowser@
@Shdocvw_tlb@TCppWebBrowser@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppWebBrowser@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppWebBrowser@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppWebBrowser@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppWebBrowser@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppWebBrowser@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppWebBrowser@$bctr$qqrp6HWND__
@Shdocvw_tlb@TCppWebBrowser@$bctr$qqrpv
@Shdocvw_tlb@TCppWebBrowser@$bctr$qqrpv
@Shdocvw_tlb@TCppWebBrowser@$bctr$qqrpv
@Shdocvw_tlb@TCppWebBrowser@$bctr$qqrpv
@Shdocvw_tlb@TCppWebBrowser@$bctr$qqrpv
@Shdocvw_tlb@TCppWebBrowser@CControlData
@Shdocvw_tlb@TCppWebBrowser@ClientToWindow$qqrpit1
@Shdocvw_tlb@TCppWebBrowser@CreateControl$qqrv
@Shdocvw_tlb@TCppWebBrowser@DEF_CTL_INTF
@Shdocvw_tlb@TCppWebBrowser@EventDispIDs
@Shdocvw_tlb@TCppWebBrowser@ExecWB$qqr20Shdocvw_tlb@OLECMDID25Shdocvw_tlb@OLECMDEXECOPTp10tagVARIANTt3
@Shdocvw_tlb@TCppWebBrowser@GetDefaultInterface$qqrv
@Shdocvw_tlb@TCppWebBrowser@GetProperty$qqrpb
@Shdocvw_tlb@TCppWebBrowser@GetWordBoolProp$qqri
@Shdocvw_tlb@TCppWebBrowser@GetWordBoolProp$qqri
@Shdocvw_tlb@TCppWebBrowser@GetWordBoolProp$qqri
@Shdocvw_tlb@TCppWebBrowser@GetWordBoolProp$qqri
@Shdocvw_tlb@TCppWebBrowser@GetWordBoolProp$qqri
@Shdocvw_tlb@TCppWebBrowser@GetWordBoolProp$qqri
@Shdocvw_tlb@TCppWebBrowser@GoBack$qqrv
@Shdocvw_tlb@TCppWebBrowser@GoForward$qqrv
@Shdocvw_tlb@TCppWebBrowser@GoHome$qqrv
@Shdocvw_tlb@TCppWebBrowser@GoSearch$qqrv
@Shdocvw_tlb@TCppWebBrowser@InitControlData$qqrv
@Shdocvw_tlb@TCppWebBrowser@Navigate$qqrpbp10tagVARIANTt2t2t2
@Shdocvw_tlb@TCppWebBrowser@Navigate2$qqrp10tagVARIANTt1t1t1t1
@Shdocvw_tlb@TCppWebBrowser@OptParam
@Shdocvw_tlb@TCppWebBrowser@PutProperty$qqrpb10tagVARIANT
@Shdocvw_tlb@TCppWebBrowser@QueryStatusWB$qqr20Shdocvw_tlb@OLECMDID
@Shdocvw_tlb@TCppWebBrowser@Quit$qqrv
@Shdocvw_tlb@TCppWebBrowser@Refresh$qqrv
@Shdocvw_tlb@TCppWebBrowser@Refresh2$qqrp10tagVARIANT
@Shdocvw_tlb@TCppWebBrowser@SetWordBoolProp$qqrio
@Shdocvw_tlb@TCppWebBrowser@SetWordBoolProp$qqrio
@Shdocvw_tlb@TCppWebBrowser@SetWordBoolProp$qqrio
@Shdocvw_tlb@TCppWebBrowser@SetWordBoolProp$qqrio
@Shdocvw_tlb@TCppWebBrowser@SetWordBoolProp$qqrio
@Shdocvw_tlb@TCppWebBrowser@SetWordBoolProp$qqrio
@Shdocvw_tlb@TCppWebBrowser@ShowBrowserBar$qqrp10tagVARIANTt1t1
@Shdocvw_tlb@TCppWebBrowser@Stop$qqrv
@Shdocvw_tlb@TCppWebBrowser@get_Application$qqrv
@Shdocvw_tlb@TCppWebBrowser@get_Container$qqrv
@Shdocvw_tlb@TCppWebBrowser@get_Document$qqrv
@Shdocvw_tlb@TCppWebBrowser@get_Parent$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@
@Shdocvw_tlb@TCppWebBrowser_V1@
@Shdocvw_tlb@TCppWebBrowser_V1@
@Shdocvw_tlb@TCppWebBrowser_V1@
@Shdocvw_tlb@TCppWebBrowser_V1@
@Shdocvw_tlb@TCppWebBrowser_V1@
@Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrp6HWND__
@Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrpv
@Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrpv
@Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrpv
@Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrpv
@Shdocvw_tlb@TCppWebBrowser_V1@$bctr$qqrpv
@Shdocvw_tlb@TCppWebBrowser_V1@CControlData
@Shdocvw_tlb@TCppWebBrowser_V1@CreateControl$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@DEF_CTL_INTF
@Shdocvw_tlb@TCppWebBrowser_V1@EventDispIDs
@Shdocvw_tlb@TCppWebBrowser_V1@GetDefaultInterface$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@GoBack$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@GoForward$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@GoHome$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@GoSearch$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@InitControlData$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@Navigate$qqrpbp10tagVARIANTt2t2t2
@Shdocvw_tlb@TCppWebBrowser_V1@OptParam
@Shdocvw_tlb@TCppWebBrowser_V1@Refresh$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@Refresh2$qqrp10tagVARIANT
@Shdocvw_tlb@TCppWebBrowser_V1@Stop$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@get_Application$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@get_Container$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@get_Document$qqrv
@Shdocvw_tlb@TCppWebBrowser_V1@get_Parent$qqrv
@Shdocvw_tlb@TShellFavoritesNameSpace@
@Shdocvw_tlb@TShellFavoritesNameSpace@
@Shdocvw_tlb@TShellFavoritesNameSpace@
@Shdocvw_tlb@TShellFavoritesNameSpace@
@Shdocvw_tlb@TShellFavoritesNameSpace@
@Shdocvw_tlb@TShellFavoritesNameSpace@
@Shdocvw_tlb@TShellFavoritesNameSpace@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TShellFavoritesNameSpace@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TShellFavoritesNameSpace@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TShellFavoritesNameSpace@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TShellFavoritesNameSpace@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TShellFavoritesNameSpace@$bctr$qqrp18Classes@TComponent
@Shdocvw_tlb@TShellFavoritesNameSpace@BeforeDestruction$qqrv
@Shdocvw_tlb@TShellFavoritesNameSpace@Connect$qqrv
@Shdocvw_tlb@TShellFavoritesNameSpace@ConnectTo$qqr89%TComInterface$27Shdocvw_tlb@IShellNameSpacepx5_GUID$e&@Shdocvw_tlb@IID_IShellNameSpace$%
@Shdocvw_tlb@TShellFavoritesNameSpace@Disconnect$qqrv
@Shdocvw_tlb@TShellFavoritesNameSpace@GetDefaultInterface$qv
@Shdocvw_tlb@TShellFavoritesNameSpace@GetDunk$qqrv
@Shdocvw_tlb@TShellFavoritesNameSpace@InitServerData$qqrv
@Shdocvw_tlb@TShellFavoritesNameSpace@InvokeEvent$qqrir42System@%DynamicArray$t17System@OleVariant%
_Form1
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 677KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 233KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

01Certificate

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

57:4f:43:5b:16:9e:c4:60:89:3a:d0:18:7e:44:d8:58Certificate

Extended Key Usages

Key Usages

02:37:8b:2c:fa:3e:6c:8e:1d:6e:a3:ef:cb:58:e8:0e:3b:d8:d4:64Signer

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 712KB

UPX1 Size: 353KB - Virtual size: 356KB

.rsrc Size: 19KB - Virtual size: 20KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 677KB - Virtual size: 680KB

.data Size: 233KB - Virtual size: 252KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 12KB

.edata Size: 17KB - Virtual size: 20KB

.rsrc Size: 33KB - Virtual size: 36KB

.reloc Size: 45KB - Virtual size: 48KB

01
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

57:4f:43:5b:16:9e:c4:60:89:3a:d0:18:7e:44:d8:58
Certificate

02:37:8b:2c:fa:3e:6c:8e:1d:6e:a3:ef:cb:58:e8:0e:3b:d8:d4:64
Signer

UPX0
Size: - Virtual size: 712KB

UPX1
Size: 353KB - Virtual size: 356KB

.rsrc
Size: 19KB - Virtual size: 20KB

.text
Size: 677KB - Virtual size: 680KB

.data
Size: 233KB - Virtual size: 252KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 12KB

.edata
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 33KB - Virtual size: 36KB

.reloc
Size: 45KB - Virtual size: 48KB