3bd68ca7c0edeb5230eafae4d19a553a

Sharing

Copy URL Twitter E-mail

General

Target

3bd68ca7c0edeb5230eafae4d19a553a
Size

19.1MB
MD5

3bd68ca7c0edeb5230eafae4d19a553a
SHA1

f2c9572f7cfdf61b118962d5dfd7dc01ea5be8e9
SHA256

af484d392b2e757f398394f9fdc88b0ded2c3ab12a0b568b25112f9004f162cb
SHA512

9d926e961302691b1da59ee79d527570fd09e0ac4a30d59ffefc8ce9ae575337162977f8084d33c9aaa6c08fb58af65b677a0ecda122f3b48cc33af3dfab4302
SSDEEP

393216:vj5VTVEPGxubjeaDDmyxQEmGPQskTH8IQnOjrs+CjVtYxX++Bm7Q:1ubrHFxQdGPzKHWOegZB2Q

Score

1^/10

Malware Config

Signatures

Files

3bd68ca7c0edeb5230eafae4d19a553a
.exe windows:4 windows x86 arch:x86

87b1ede1062849686cf06b96db97d4be

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:a8:bd:4e:79:99:ac:b2:ac:81:ef:70:62:3f:9f:f5
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/08/2020, 00:00

Not After

19/08/2022, 12:00

Subject

CN=茉柏枘（上海）软件科技有限公司,O=茉柏枘（上海）软件科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:79:6f:21:5e:17:14:c6:1f:3c:6f:6d:20:8f:49:8b
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/08/2020, 00:00

Not After

19/08/2022, 12:00

Subject

CN=茉柏枘（上海）软件科技有限公司,OU=运维部,O=茉柏枘（上海）软件科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:56:12:6c:0a:a7:99:41:c5:e3:64:4d:93:38:ab:cf:4f:f2:a5:44:d9:4d:27:a2:d7:9c:22:df:4f:34:80:0e
Signer

Actual PE Digest

2f:56:12:6c:0a:a7:99:41:c5:e3:64:4d:93:38:ab:cf:4f:f2:a5:44:d9:4d:27:a2:d7:9c:22:df:4f:34:80:0e

Digest Algorithm

sha256

PE Digest Matches

true

fc:77:38:70:ce:d7:18:52:d7:68:9f:88:b7:7b:75:6e:41:5f:17:48
Signer

Actual PE Digest

fc:77:38:70:ce:d7:18:52:d7:68:9f:88:b7:7b:75:6e:41:5f:17:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
SetFileAttributesW
lstrlenA
GetComputerNameA
GetDiskFreeSpaceExW
FlushInstructionCache
FreeLibrary
FreeResource
GetCurrentThreadId
RaiseException
ExpandEnvironmentStringsW
CreateProcessW
lstrcmpiW
TerminateThread
Sleep
GetDriveTypeW
OutputDebugStringW
GetPrivateProfileIntW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MapViewOfFileEx
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
CreateThread
SetThreadPriority
GetCommandLineW
WriteFile
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
DeviceIoControl
GlobalMemoryStatusEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
WriteConsoleW
MapViewOfFile
WriteConsoleA
lstrcpyW
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
HeapCreate
GetModuleFileNameA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetStartupInfoA
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetStartupInfoW
ExitProcess
VirtualQuery
GetModuleHandleA
VirtualProtect
ExitThread
GetFileType
SetStdHandle
GetCurrentProcessId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
LoadLibraryA
GetThreadLocale
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
InterlockedExchange
lstrcatW
CreateEventW
CreateSemaphoreW
ResetEvent
ReleaseSemaphore
GetVolumeInformationW
InitializeCriticalSection
SetEvent
WaitForSingleObject
VirtualAlloc
VirtualFree
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetStdHandle
GetUserDefaultLangID
FileTimeToLocalFileTime
GetLocalTime
SetFilePointer
GetSystemTimeAsFileTime
FileTimeToSystemTime
SetEndOfFile
FlushFileBuffers
GetTickCount
GetTempFileNameW
CopyFileW
GetTempPathW
QueryDosDeviceW
GetLogicalDriveStringsW
MoveFileW
MoveFileExW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileA
CreateFileMappingW
InterlockedCompareExchange
GetSystemInfo
GetCurrentProcess
LocalFree
LocalAlloc
LoadLibraryW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
FindResourceW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetVersionExW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
GetLastError
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetConsoleOutputCP
FindFirstFileA

user32

CharUpperW
EnumDisplayDevicesA
EnumDisplaySettingsW
EnumDisplayDevicesW
GetSystemMetrics
CharNextW
LoadStringW
GetDesktopWindow
GetWindowTextW
UnregisterClassA
CharLowerW
PtInRect
DestroyWindow
GetKeyState
WindowFromPoint
IsWindow
DefWindowProcW
GetScrollPos
GetWindowRect
SetCursor
RegisterClassExW
GetFocus
UpdateLayeredWindow
LoadCursorW
LoadIconW
IsChild
GetParent
DestroyIcon
SetRectEmpty
IsDialogMessageW
IsWindowEnabled
SendMessageW
SetWindowLongW
RegisterWindowMessageW
EndPaint
PostThreadMessageW
BeginPaint
ShowWindow
LoadImageW
GetActiveWindow
EqualRect
GetClassInfoExW
GetDC
EnableWindow
DrawTextW
MapWindowPoints
SetRect
SetWindowPos
GetClientRect
IsWindowVisible
CallWindowProcW
InvalidateRect
GetWindowThreadProcessId
PostMessageW
GetDlgItem
GetForegroundWindow
SetFocus
ReleaseDC
SystemParametersInfoW
InflateRect
AttachThreadInput
MoveWindow
SetCapture
OffsetRect
SetForegroundWindow
GetNextDlgTabItem
GetDlgCtrlID
GetWindow
FindWindowW
SetActiveWindow
ReleaseCapture
CopyRect
PeekMessageW
DrawIconEx
GetMessageW
CreateWindowExW
MonitorFromWindow
TranslateMessage
GetMonitorInfoW
DispatchMessageW
GetWindowLongW
GetWindowTextLengthW
GetCursorPos
ScreenToClient
KillTimer
LoadBitmapW
ClientToScreen
SetTimer
IntersectRect
SetWindowTextW

gdi32

GetTextMetricsW
ExtSelectClipRgn
CreateBitmap
RoundRect
CreateCompatibleBitmap
Rectangle
CreateDIBSection
DeleteObject
CombineRgn
GetClipRgn
CreateRectRgn
GetObjectW
StretchBlt
GetTextColor
RestoreDC
BitBlt
SaveDC
OffsetRgn
DeleteDC
LineTo
ExtTextOutW
MoveToEx
SetBkColor
CreatePen
SelectObject
CreateCompatibleDC
SelectClipRgn
SetBkMode
CreateFontIndirectW
RectInRegion
GetStockObject
CreateRectRgnIndirect
GetTextExtentPoint32W
SetTextColor
TextOutW
CreateRoundRectRgn
GetViewportOrgEx
SetStretchBltMode
GetCurrentObject
SetViewportOrgEx

advapi32

GetNamedSecurityInfoW
StartServiceW
QueryServiceStatus
DeleteService
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
CreateProcessAsUserW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
DeleteAce
GetAce
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
ControlService
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA

shell32

SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetSpecialFolderLocation

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
SysStringLen
VariantCopy
VariantClear
SysAllocString
SysFreeString
SafeArrayLock
VariantInit
SafeArrayUnlock

shlwapi

StrToIntW
StrToIntA
PathRemoveFileSpecW
PathFindFileNameW
PathAddBackslashW
PathAppendW
PathFileExistsW
PathRemoveExtensionW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

gdiplus

GdipDrawImagePointsRectI
GdipGetFontSize
GdipGetFamily
GdipDrawImageRectI
GdipDrawImageI
GdipSetPixelOffsetMode
GdipSetPenMode
GdipAddPathArcI
GdipCreateHBITMAPFromBitmap
GdipSetCompositingQuality
GdipFillPath
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImageGraphicsContext
GdipFillRectangle
GdipGraphicsClear
GdipCreateFontFromLogfontW
GdipCreatePath
GdipDrawLinesI
GdipDeleteFontFamily
GdipDrawImageRectRectI
GdipSetStringFormatTrimming
GdipDeletePen
GdipCreateSolidFill
GdipDrawImageRectRect
GdipCreatePen1
GdipPrivateAddFontFile
GdipDeletePrivateFontCollection
GdipCloneBrush
GdipNewPrivateFontCollection
GdipImageRotateFlip
GdipLoadImageFromStream
GdipRotateWorldTransform
GdipAddPathPieI
GdipSetStringFormatAlign
GdipTranslateWorldTransform
GdipCloneFontFamily
GdipSetStringFormatFlags
GdipGetFontCollectionFamilyList
GdipMeasureString
GdipResetWorldTransform
GdipDeleteStringFormat
GdiplusShutdown
GdipGetFontCollectionFamilyCount
GdipDrawString
GdiplusStartup
GdipAddPathRectangleI
GdipCreateStringFormat
GdipSetSmoothingMode
GdipGetImageHeight
GdipGetImageWidth
GdipSetTextRenderingHint
GdipFillRectangleI
GdipCloneImage
GdipDeleteGraphics
GdipLoadImageFromFile
GdipCreateFromHDC
GdipDisposeImage
GdipSetImageAttributesColorMatrix
GdipClosePathFigure
GdipSetClipPath
GdipDeleteFont
GdipDisposeImageAttributes
GdipAlloc
GdipCreateImageAttributes
GdipFree
GdipCreateFont
GdipDeletePath
GdipDrawLine
GdipSetPenDashStyle
GdipAddPathStringI
GdipDrawRectangleI
GdipSetStringFormatLineAlign
GdipDrawPath
GdipDeleteBrush
GdipSetInterpolationMode

iphlpapi

GetAdaptersInfo

Exports

Exports

??0?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@ABU012@@Z
??0?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@XZ
??0?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE@XZ
??0?$kxThreadBase@VLocker@kbase@@@kbase@@QAE@XZ
??0ReportHelper@business_publish@@AAE@XZ
??1?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAE@XZ
??1?$kxThreadBase@VLocker@kbase@@@kbase@@UAE@XZ
??1ReportHelper@business_publish@@UAE@XZ
??4?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEAAU012@ABU012@@Z
??_7?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@6B@
??_7?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@6B@
??_7?$kxThreadBase@VLocker@kbase@@@kbase@@6B@
??_7ReportHelper@business_publish@@6B?$_CallBack@VKSimpleDirectInfoc@@@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@@
??_7ReportHelper@business_publish@@6B?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@@
?AddItem@ReportHelper@business_publish@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@@Z
?AddItem@ReportHelper@business_publish@@QAEHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HAAV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@@Z
?AfterThreadFun@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEXH@Z
?AfterThreadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@MAEXH@Z
?BeginThreadFun@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEXXZ
?BeginThreadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@MAEXXZ
?GetHandle@?$kxThreadBase@VLocker@kbase@@@kbase@@QBEPAXXZ
?GetInstance@ReportHelper@business_publish@@SAPAV12@XZ
?Init@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEXPAU?$_CallBack@VKSimpleDirectInfoc@@@12@K@Z
?Initialzie@ReportHelper@business_publish@@QAE_NW4ReportType@2@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Insert@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAE_NABVKSimpleDirectInfoc@@@Z
?IsRunning@?$kxThreadBase@VLocker@kbase@@@kbase@@QAE_NXZ
?KCreateThread@?$kxThreadBase@VLocker@kbase@@@kbase@@SAPAXHP6GKPAX@Z0PAK0II@Z
?Kill@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAEHXZ
?Kill@?$kxThreadBase@VLocker@kbase@@@kbase@@UAEHXZ
?QueueThreadCallback@ReportHelper@business_publish@@MAEHKAAVKSimpleDirectInfoc@@@Z
?Report@ReportHelper@business_publish@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@PBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?ReportDirect@ReportHelper@business_publish@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$vector@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@V?$allocator@U?$pair@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@4@PBV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@4@@Z
?SetPriority@?$kxThreadBase@VLocker@kbase@@@kbase@@QAEHH@Z
?SetTimeOut@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEXK@Z
?Start@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEHXZ
?StartThread@?$kxThreadBase@VLocker@kbase@@@kbase@@IAEHPAX@Z
?Thread@?$kxThreadBase@VLocker@kbase@@@kbase@@AAEIPAX@Z
?Uninitialize@ReportHelper@business_publish@@QAEXXZ
?WaitKill@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@UAEHK@Z
?WaitKill@?$kxThreadBase@VLocker@kbase@@@kbase@@UAEHK@Z
?size@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@QAEIXZ
?threadFun@?$kxThreadBase@VLocker@kbase@@@kbase@@CGIPAX@Z
?threadFunImpl@?$kxQueueThreadRun@VKSimpleDirectInfoc@@$03VLocker@kbase@@@kbase@@MAEHKPAX@Z

Sections

.text
Size: 812KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87b1ede1062849686cf06b96db97d4be

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

08:a8:bd:4e:79:99:ac:b2:ac:81:ef:70:62:3f:9f:f5Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:79:6f:21:5e:17:14:c6:1f:3c:6f:6d:20:8f:49:8bCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

2f:56:12:6c:0a:a7:99:41:c5:e3:64:4d:93:38:ab:cf:4f:f2:a5:44:d9:4d:27:a2:d7:9c:22:df:4f:34:80:0eSigner

fc:77:38:70:ce:d7:18:52:d7:68:9f:88:b7:7b:75:6e:41:5f:17:48Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

version

wtsapi32

psapi

gdiplus

iphlpapi

Exports

Exports

Sections

.text Size: 812KB - Virtual size: 808KB

.rdata Size: 184KB - Virtual size: 181KB

.data Size: 24KB - Virtual size: 40KB

.rsrc Size: 104KB - Virtual size: 101KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:a8:bd:4e:79:99:ac:b2:ac:81:ef:70:62:3f:9f:f5
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:79:6f:21:5e:17:14:c6:1f:3c:6f:6d:20:8f:49:8b
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

2f:56:12:6c:0a:a7:99:41:c5:e3:64:4d:93:38:ab:cf:4f:f2:a5:44:d9:4d:27:a2:d7:9c:22:df:4f:34:80:0e
Signer

fc:77:38:70:ce:d7:18:52:d7:68:9f:88:b7:7b:75:6e:41:5f:17:48
Signer

.text
Size: 812KB - Virtual size: 808KB

.rdata
Size: 184KB - Virtual size: 181KB

.data
Size: 24KB - Virtual size: 40KB

.rsrc
Size: 104KB - Virtual size: 101KB