12c2c39d62587f837f61ab30a1ffc55c

Sharing

Copy URL

Twitter E-mail

General

Target

12c2c39d62587f837f61ab30a1ffc55c
Size

762KB
MD5

12c2c39d62587f837f61ab30a1ffc55c
SHA1

42d654bbe7017188c3bdc66ee22a283cdf1c4464
SHA256

e80c1612818abfffebf8167ca53be68e3269ed00af2a89146eaee854c98f99fa
SHA512

55d52dc88ffc72aad4899a355ed62972361b98c91cc330fb5c00987bd205668d6947726203ecee13171916a02c94390b14e01565c0ea6d112b9ac07a3cdf058c
SSDEEP

12288:1jrcNGppXGCJ29utFnQr0DM364IGf+bxu4HZNf7:CNMJ29utFQrJ6LGf+A4HD

Score

1^/10

Malware Config

Signatures

Files

12c2c39d62587f837f61ab30a1ffc55c
.exe windows:4 windows x86 arch:x86

84cf38e2852e6e2baf391c0832d2d70b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:96:30:fc:ba:7d:97:3d:05:40:ca:41:36:ed:37:ec:e0:e7:6b:07
Signer

Actual PE Digest

0d:96:30:fc:ba:7d:97:3d:05:40:ca:41:36:ed:37:ec:e0:e7:6b:07

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx
ord413
ord410
ord412

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW
GetModuleBaseNameW

common

?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??1CTXStringW@@QAE@XZ
?TXAssert@@YAXPB_W0H@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
??0CTXStringW@@QAE@PB_W@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
??0CTXStringW@@QAE@XZ
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
?Format@CTXStringW@@QAAXPB_WZZ
?GetString@CTXStringW@@QBEPB_WXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
?IsEmpty@CTXBSTR@@QAEHXZ
??ICTXBSTR@@QAEPAPA_WXZ
??BCTXBSTR@@QBEPA_WXZ
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??1CTXBSTR@@QAE@XZ
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
??0CTXBSTR@@QAE@PB_W@Z
??BCTXStringW@@QBEPB_WXZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?SetBugReportUin@TXBugReport@@YAXKPB_W@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?OnExitWinMain@Misc@Util@@YAXXZ
?OnUninitCom@Misc@Util@@YAXXZ
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
??0CTXStringW@@QAE@PA_W@Z
?Replace@CTXStringW@@QAEHPB_W0@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
??4CTXStringW@@QAEAAV0@ABV0@@Z
?GetLength@CTXStringW@@QBEHXZ
??YCTXStringW@@QAEAAV0@ABV0@@Z
?IsEmpty@CTXStringW@@QBE_NXZ
??0CTXStringW@@QAE@ABV0@@Z
?GetPlatformTpc@CoreCenter@Util@@YAHPAPAUITXDataRead@@@Z
?GetPlatformCore@CoreCenter@Util@@YAHPAPAUITXPlatformCore@@@Z
??0CTXBSTR@@QAE@XZ
??8CTXBSTR@@QBE_NPB_W@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
?RemoveFileSystem@FS@@YAHPB_W@Z
?GetLocalePath@TXI18N@@YA?AVCTXStringW@@PB_W@Z
?Find@CTXStringW@@QBEHPB_WH@Z
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?TrimLeft@CTXStringW@@QAEAAV1@PB_W@Z
?IsDirectoryExist@FS@@YAHPB_W@Z
?SplitQNC@FS@@YAHPB_WAAVCTXStringW@@1@Z
?GetFileName@FS@Util@@YA?AVCTXStringW@@ABV3@@Z
?GetParentDir@File@Util@@YA?AVCTXStringW@@ABV3@@Z
??M@YA_NABVCTXStringW@@0@Z
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?GetBuffer@CTXStringW@@QAEPA_WXZ
?ReleaseBuffer@CTXStringW@@QAEXH@Z

gf

?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0H@Z
?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z

ws2_32

htons
htonl

kernel32

ResumeThread
VirtualQuery
InterlockedCompareExchange
FlushInstructionCache
VirtualAlloc
VirtualProtect
SuspendThread
GetThreadContext
SetThreadContext
SetFilePointer
MapViewOfFile
UnmapViewOfFile
WriteFile
LoadLibraryA
GetCommandLineW
lstrcpynW
GetModuleHandleExW
ProcessIdToSessionId
GetModuleFileNameA
OpenFileMappingW
OpenEventW
InitializeCriticalSection
GetLocalTime
ExpandEnvironmentStringsW
SwitchToThread
Sleep
GetSystemInfo
GetSystemDefaultLangID
IsBadWritePtr
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetSystemDirectoryW
GetACP
GetProcessHeap
OpenMutexW
GetVersion
HeapFree
CreateProcessW
GetCurrentProcessId
GetFileSize
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
ReadFile
GetDiskFreeSpaceW
DeleteFileW
GetDriveTypeW
SetEvent
CreateEventW
IsDebuggerPresent
InterlockedExchange
GetCurrentThreadId
GetModuleFileNameW
lstrcmpiW
LoadLibraryW
OpenProcess
FormatMessageW
lstrlenW
DeviceIoControl
FreeLibrary
DeleteCriticalSection
GetProcAddress
GetCurrentThread
SetLastError
ReadDirectoryChangesW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GlobalFree
GlobalAlloc
HeapAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetThreadLocale
TerminateProcess
GetVolumeInformationW
GetCurrentProcess
GetDiskFreeSpaceExW
GetLocaleInfoA
GetVersionExW
RaiseException
CreateMutexW
GetLogicalDrives
ReleaseMutex
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
CloseHandle
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateFileW
IsBadReadPtr
GlobalUnlock
LeaveCriticalSection
EnterCriticalSection
GlobalLock
WideCharToMultiByte
GetFileAttributesW
GetLastError
GetModuleHandleW
GetTickCount
GetModuleHandleA

user32

UnregisterClassA
CheckMenuItem
SendMessageW
IsClipboardFormatAvailable
SetFocus
DestroyMenu
FindWindowA
SendMessageTimeoutW
RegisterWindowMessageW
LoadMenuW
GetSubMenu
SetMenuDefaultItem
UpdateWindow
DeleteMenu
RedrawWindow
CharUpperW
GetQueueStatus
MsgWaitForMultipleObjectsEx
LoadCursorW
ReleaseCapture
GetCursorPos
SetCapture
SetCursor
PtInRect
CallWindowProcW
GetMenuItemID
GetMenuItemInfoW
GetMenuItemCount
DispatchMessageW
TranslateMessage
GetMessageW
WaitMessage
PeekMessageW
PostQuitMessage
IsWindowVisible
GetClassNameW
GetForegroundWindow
GetWindowInfo
FindWindowExW
KillTimer
SetTimer
UnregisterDeviceNotification
RegisterDeviceNotificationW
SetParent
EnableMenuItem
UnregisterClassW
RegisterClassExW
ScreenToClient
GetKeyState
GetClientRect
SetWindowPos
SetWindowLongW
GetWindowLongW
DestroyIcon
PostMessageW
IsWindow
TrackPopupMenu
ShowWindow
DestroyWindow
RegisterClipboardFormatW
InsertMenuItemW
CreateWindowExW
DefWindowProcW
LoadStringW

advapi32

RegGetKeySecurity
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegSetKeySecurity
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegFlushKey
RegEnumKeyExW
RegNotifyChangeKeyValue
RegEnumValueW

shell32

DragQueryFileW
SHGetDesktopFolder
SHBindToParent
ord17
SHFileOperationW
ord18
SHGetFileInfoW
ord4
ord25
ord16
ord2
ord727
ord196
ord195
SHGetPathFromIDListW
ShellExecuteW
ord152
SHGetFolderLocation
ShellExecuteExW

ole32

RegisterDragDrop
OleInitialize
DoDragDrop
ReleaseStgMedium
CoCreateInstance
CoInitialize
OleDuplicateData
CoTaskMemAlloc
CLSIDFromString
RevokeDragDrop
OleGetClipboard
OleUninitialize
CoTaskMemFree
CoUninitialize

oleaut32

LoadTypeLi
LoadRegTypeLi
VariantInit
SysFreeString
SysStringLen

atl80

ord32
ord58
ord31
ord30

shlwapi

PathAppendW
PathRemoveFileSpecW
StrRetToBufW
StrStrIW
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW

msvcp80

??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WII@Z

msvcr80

wcschr
tolower
wcsncpy_s
wcsncat_s
_wcsicmp
_vscwprintf
vswprintf_s
fflush
fwrite
fseek
wcsstr
memmove
_except_handler3
memcpy
fclose
fread
wcstol
_snwprintf
wcsncmp
_wtol
wcsrchr
_CxxThrowException
_snprintf_s
strrchr
_vsnprintf_s
_memicmp
strchr
wcscpy_s
strncpy_s
_wsplitpath_s
swscanf_s
_wtoi64
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
__CxxFrameHandler3
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_cexit
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
_recalloc
memmove_s
_invalid_parameter_noinfo
_purecall
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
??_V@YAXPAX@Z
memcpy_s
free
_beginthreadex
_endthreadex
_vsnwprintf_s
swprintf_s
_snwprintf_s
malloc

imagehlp

ImageUnload
ImageRvaToSection
ImageLoad

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nstfszx
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84cf38e2852e6e2baf391c0832d2d70b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0d:96:30:fc:ba:7d:97:3d:05:40:ca:41:36:ed:37:ec:e0:e7:6b:07Signer

Headers

File Characteristics

Imports

comctl32

version

psapi

common

gf

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl80

shlwapi

msvcp80

msvcr80

imagehlp

Exports

Exports

Sections

.text Size: 276KB - Virtual size: 272KB

.rdata Size: 96KB - Virtual size: 94KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 292KB - Virtual size: 289KB

.reloc Size: 74KB - Virtual size: 74KB

nstfszx Size: 6KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0d:96:30:fc:ba:7d:97:3d:05:40:ca:41:36:ed:37:ec:e0:e7:6b:07
Signer

.text
Size: 276KB - Virtual size: 272KB

.rdata
Size: 96KB - Virtual size: 94KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 292KB - Virtual size: 289KB

.reloc
Size: 74KB - Virtual size: 74KB

nstfszx
Size: 6KB - Virtual size: 6KB