06a86dded912e1dcd947ab611bdb4b17

Sharing

Copy URL

Twitter E-mail

General

Target

06a86dded912e1dcd947ab611bdb4b17
Size

996KB
MD5

06a86dded912e1dcd947ab611bdb4b17
SHA1

a5be54f2a769995317eb5926df0b41d93becbb50
SHA256

052c5fa444d08c042a38a1c6dfc04b380760152bbcafac421f2508aeb1d272a9
SHA512

83633aaa632b058f0053d767c138922c0fbf9cd2e7abc4323508704a6db92b1961b6202465c4a77feb100bc76d092e9750ff47b9a7a38e8ea9418c8b347a2e57
SSDEEP

12288:RAHCyQ+FmIVF8WXhFR2xlBnOE5IJxWjzd/mNnPADgwXmUBxcy8ZFijEqCwmT0TPh:MFR8m0BExWj8INd/AijEl0TalXVdg

Score

1^/10

Malware Config

Signatures

Files

06a86dded912e1dcd947ab611bdb4b17
.exe windows:4 windows x86 arch:x86

8c3b7a578a55f10c1e7c5bd3d47c791c

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05-05-2015 00:00

Not After

31-12-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:1f:e7:67:6a:48:49:da:ee:2b:ff:c4:a4:ff:4b:d3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29-12-2014 00:00

Not After

28-01-2016 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:47:5a:9d:dc:0c:ae:5d:3a:0c:37:12:73:d2:c2:4e:54:1d:9d:b1
Signer

Actual PE Digest

32:47:5a:9d:dc:0c:ae:5d:3a:0c:37:12:73:d2:c2:4e:54:1d:9d:b1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringW
GetLocalTime
GetTempPathW
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
LoadLibraryA
IsBadWritePtr
GetFileAttributesExW
GetLogicalDriveStringsW
GetVolumeInformationW
SetEndOfFile
GetSystemTimeAsFileTime
OpenFileMappingW
OutputDebugStringW
TerminateThread
OpenMutexW
ReleaseMutex
WaitForMultipleObjects
CreateEventW
GlobalMemoryStatusEx
DeviceIoControl
GetDriveTypeW
GetLogicalDrives
DeleteFileA
FlushViewOfFile
CreateFileMappingA
CreateFileA
CreateDirectoryA
OutputDebugStringA
HeapCreate
HeapDestroy
HeapSize
GetProcAddress
LoadLibraryW
FileTimeToSystemTime
FileTimeToLocalFileTime
WideCharToMultiByte
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
lstrlenA
OpenProcess
FreeResource
CloseHandle
WriteFile
CreateFileW
GetPrivateProfileIntW
Process32NextW
TerminateProcess
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
ReadFile
FindClose
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
VirtualFree
IsProcessorFeaturePresent
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
FindFirstFileW
Sleep
InitializeCriticalSection
DeleteCriticalSection
RaiseException
InterlockedIncrement
InterlockedDecrement
GetFileSize
GetWindowsDirectoryW
GetTickCount
lstrlenW
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
FlushInstructionCache
GetCurrentProcess
GetVersionExW
GetCurrentThreadId
SetLastError
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
WaitForSingleObject
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
CreateMutexW
CreateProcessW
SetEvent
DeleteFileW
GetCommandLineW
IsBadReadPtr
GetCurrentThread
SetProcessWorkingSetSize
GetProcessWorkingSetSize
lstrcmpW
MulDiv
CreateDirectoryW
GetFileAttributesW
FreeLibrary
GetSystemDirectoryW
LocalFree
ProcessIdToSessionId
GetPrivateProfileStringW
SetFilePointer
OpenEventW
CopyFileW

user32

SetClipboardData
CloseClipboard
GetSystemMetrics
GetClientRect
MoveWindow
GetActiveWindow
IsWindowEnabled
GetForegroundWindow
AttachThreadInput
SetActiveWindow
IsDialogMessageW
TrackPopupMenu
MonitorFromPoint
AppendMenuW
DestroyMenu
CreatePopupMenu
IsMenu
EnableWindow
GetCursorPos
UpdateLayeredWindow
GetNextDlgTabItem
IntersectRect
DrawIconEx
DrawFrameControl
DestroyIcon
SetCursor
OffsetRect
EqualRect
DrawTextW
GetDlgCtrlID
SetRect
PtInRect
LoadIconW
MonitorFromWindow
GetMonitorInfoW
SetForegroundWindow
SetRectEmpty
GetWindowRect
GetWindowLongW
MapWindowPoints
ReplyMessage
GetShellWindow
GetWindowThreadProcessId
wsprintfW
CreateAcceleratorTableW
EnumChildWindows
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
FillRect
ReleaseCapture
SetCapture
RedrawWindow
InvalidateRgn
ScreenToClient
ClientToScreen
GetSysColor
GetClassNameW
RegisterWindowMessageW
DrawEdge
EndPaint
BeginPaint
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
FindWindowExW
InvalidateRect
SetWindowPos
GetClassInfoExW
LoadCursorW
GetParent
CopyRect
GetDlgItem
RegisterClassExW
DefWindowProcW
CreateWindowExW
SetWindowLongW
CharNextW
SendMessageW
UnregisterClassA
ShowWindow
PostQuitMessage
IsWindowVisible
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
PostThreadMessageW
MessageBoxW
SetFocus
DestroyWindow
SetTimer
KillTimer
IsChild
CallWindowProcW
RegisterClipboardFormatW
OpenClipboard
EmptyClipboard
IsWindow
PostMessageW
LoadBitmapW
LoadImageW
GetDC
ReleaseDC
InflateRect
SystemParametersInfoW
GetFocus
GetKeyState

gdi32

SetPixel
CreateRoundRectRgn
CombineRgn
SetViewportOrgEx
GetClipRgn
RoundRect
OffsetRgn
ExtSelectClipRgn
GetViewportOrgEx
CreateRectRgnIndirect
GetTextExtentPoint32W
TextOutW
LineTo
MoveToEx
GetCurrentObject
RectInRegion
SetBkMode
GetTextColor
CreateSolidBrush
GetDeviceCaps
CreateFontIndirectW
SetStretchBltMode
CreateCompatibleBitmap
CreateBitmap
StretchBlt
SetTextColor
GetObjectW
BitBlt
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetStockObject
CreatePen
CreateRectRgn
SetBkColor
ExtTextOutW
Rectangle
SelectClipRgn
SelectObject
RestoreDC
SaveDC
DeleteObject

advapi32

RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
CreateProcessAsUserW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
CloseServiceHandle
DuplicateTokenEx
RegCloseKey
GetTokenInformation
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

shell32

SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderPathW
ord680
ShellExecuteExW
ShellExecuteW

ole32

CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoRevokeClassObject
CoGetClassObject
StringFromGUID2
CoRegisterClassObject
OleInitialize
OleUninitialize
OleLockRunning
CLSIDFromProgID

oleaut32

BSTR_UserSize
SysFreeString
VariantInit
VariantClear
VariantCopy
SysAllocString
SysStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VarBstrCmp
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
DispGetParam
VariantTimeToSystemTime
SystemTimeToVariantTime
BSTR_UserMarshal
BSTR_UserFree
BSTR_UserUnmarshal

rpcrt4

NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrCStdStubBuffer2_Release

msvcr80

_stat64
_gmtime64
__sys_nerr
getenv
fflush
sprintf
isdigit
fputs
qsort
fgets
strrchr
strncpy
isxdigit
sscanf
strtoul
__iob_func
_stricmp
_strtoi64
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
??3@YAXPAX@Z
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memcpy_s
memset
_CxxThrowException
_wcsicmp
_vscwprintf
vswprintf_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__CxxFrameHandler3
memmove_s
free
calloc
_recalloc
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
_waccess
memcpy
isspace
isalnum
_beginthreadex
_mbscmp
??2@YAPAXI@Z
malloc
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
wcscpy_s
_wtoi
wcsncpy_s
_mbsicmp
_vscprintf
vsprintf_s
swprintf_s
wcsrchr
realloc
_strlwr_s
_scwprintf
_ultoa_s
wcsnlen
_get_errno
_set_errno
strtol
_strnicmp
wcscat_s
iswspace
wcsstr
towupper
_resetstkoflw
strncmp
_itow_s
wcstol
strcpy_s
wcschr
_CIpow
_wcsnicmp
_wcslwr_s
wcspbrk
_time32
_wcsupr_s
_vswprintf
_ui64tow_s
ceil
swscanf_s
memmove
ferror
fputc
fprintf
atoi
_vsnprintf_s
fread
fseek
fclose
tolower
isalpha
strchr
_time64
_vscprintf_p
_vsprintf_p
_snwprintf
_mbschr
floor
wcsspn
wcscspn
__RTDynamicCast
fwprintf
_wfopen
_mbsstr
printf
wcsncpy
strerror
_errno
memchr
fopen
fwrite
_ftelli64
_fseeki64
exit
strstr
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_strdup

shlwapi

PathMatchSpecA
PathAppendW
PathFileExistsW
PathAddBackslashW
StrToIntA
PathAddBackslashA
PathRemoveFileSpecW
StrToIntW
PathFindExtensionW
PathFileExistsA

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

msvcp80

?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
?max_size@?$allocator@D@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$allocator@D@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

gdiplus

GdipTranslateWorldTransform
GdipResetWorldTransform
GdipSetClipPath
GdipAddPathPieI
GdipAddPathRectangleI
GdipDrawLine
GdipSetPenMode
GdipSetPenEndCap
GdipSetPenStartCap
GdipRotateWorldTransform
GdipSetPenDashStyle
GdipGetFontSize
GdipGetFamily
GdipDrawImageI
GdipGraphicsClear
GdipSetPixelOffsetMode
GdipDrawString
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipGetImageGraphicsContext
GdipAddPathStringI
GdipFillRectangleI
GdipSetTextRenderingHint
GdipCreateBitmapFromScan0
GdipDrawPath
GdipFillRectangle
GdipDrawLinesI
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipPrivateAddFontFile
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipGetFontCollectionFamilyCount
GdipLoadImageFromFile
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipDrawImagePointsRectI
GdipDrawImageRectRect
GdipDrawImageRectI
GdipImageRotateFlip
GdipCloneImage
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStream
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipDeleteFontFamily
GdipFree
GdipSetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdipFillPath
GdipAddPathArcI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipCloneBrush
GdipCreateFont
GdipCreateFontFromLogfontW
GdipCreateFontFromDC
GdipMeasureString
GdipSetStringFormatLineAlign

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dbghelp

StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
SymInitialize
SymCleanup

ws2_32

getpeername
getsockopt
htons
setsockopt
ntohs
getsockname
send
recv
bind
connect
getaddrinfo
WSASetLastError
socket
WSAStartup
gethostname
gethostbyname
WSACreateEvent
WSASetEvent
WSAEventSelect
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSAConnect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
freeaddrinfo
__WSAFDIsSet
select
WSASocketW
closesocket
ioctlsocket

iphlpapi

GetAdaptersInfo

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

psapi

GetProcessMemoryInfo
GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetModuleInformation

urlmon

CoInternetGetSession
URLDownloadToFileW

Sections

.text
Size: 632KB - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8c3b7a578a55f10c1e7c5bd3d47c791c

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

7a:1f:e7:67:6a:48:49:da:ee:2b:ff:c4:a4:ff:4b:d3Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

32:47:5a:9d:dc:0c:ae:5d:3a:0c:37:12:73:d2:c2:4e:54:1d:9d:b1Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

msvcr80

shlwapi

comctl32

msimg32

msvcp80

gdiplus

version

dbghelp

ws2_32

iphlpapi

wtsapi32

psapi

urlmon

Sections

.text Size: 632KB - Virtual size: 628KB

.orpc Size: 4KB - Virtual size: 576B

.rdata Size: 148KB - Virtual size: 146KB

.data Size: 16KB - Virtual size: 146KB

.Shared Size: 4KB - Virtual size: 2KB

.rsrc Size: 188KB - Virtual size: 188KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

7a:1f:e7:67:6a:48:49:da:ee:2b:ff:c4:a4:ff:4b:d3
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

32:47:5a:9d:dc:0c:ae:5d:3a:0c:37:12:73:d2:c2:4e:54:1d:9d:b1
Signer

.text
Size: 632KB - Virtual size: 628KB

.orpc
Size: 4KB - Virtual size: 576B

.rdata
Size: 148KB - Virtual size: 146KB

.data
Size: 16KB - Virtual size: 146KB

.Shared
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 188KB - Virtual size: 188KB