4da47bb66efaeda387ddea0dfd8180f2

Sharing

Copy URL Twitter E-mail

General

Target

4da47bb66efaeda387ddea0dfd8180f2
Size

855KB
MD5

4da47bb66efaeda387ddea0dfd8180f2
SHA1

6376f127e2d80c3971612f9f67df058790d3afa4
SHA256

c7e20429d2f6c0ba67f3d36e2b64742820bbebc97865ec798551830258eefe4b
SHA512

441033c33b634edc65b249852446ac7732a34a382aea8f3339aff9a3e905e7e9b08d7c1df768f840b9c96217fb19c76ae3084f68d0450b5d3b02c4194e2bdb33
SSDEEP

12288:3JdEEOvwUuQS1Xy28mYh2Pa329Tw27BAPVEbN8SEobJeIPLE9:XgiQSJYzR3213BG2bN8boTPLE9

Score

1^/10

Malware Config

Signatures

Files

4da47bb66efaeda387ddea0dfd8180f2
.dll regsvr32 windows:5 windows x86 arch:x86

e989a4f701d33391357fc77f572d5247

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:2a:78:ca:b1:00:b4:b6:d9:a0:cc:66:c1:6b:80:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/06/2015, 00:00

Not After

07/09/2018, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:80:02:ca:f3:61:6b:ee:ee:4c:04:5b:d6:99:78:d7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

31/12/2015, 00:00

Not After

07/09/2018, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:5b:99:81:d4:00:f9:c5:ae:73:61:92:53:51:e3:34:c7:0e:81:b2:39:85:30:eb:5c:17:f9:58:54:34:26:63
Signer

Actual PE Digest

00:5b:99:81:d4:00:f9:c5:ae:73:61:92:53:51:e3:34:c7:0e:81:b2:39:85:30:eb:5c:17:f9:58:54:34:26:63

Digest Algorithm

sha256

PE Digest Matches

true

7d:c3:9d:20:c1:9a:d5:95:6b:4d:42:90:66:d7:b0:e7:c8:05:cd:b9
Signer

Actual PE Digest

7d:c3:9d:20:c1:9a:d5:95:6b:4d:42:90:66:d7:b0:e7:c8:05:cd:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileTime
SetFileTime
ReadFile
DeviceIoControl
CreateFileA
LoadLibraryW
FreeLibrary
lstrcatW
SetLastError
FindFirstFileW
FindClose
FileTimeToSystemTime
FlushFileBuffers
GetWindowsDirectoryW
ExpandEnvironmentStringsW
WaitForMultipleObjects
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentThread
GetTempPathW
Beep
SetFilePointer
ResumeThread
LocalAlloc
LocalFree
lstrcmpA
FileTimeToLocalFileTime
LoadLibraryExW
EnumResourceNamesW
WriteFile
lstrcmpiW
GetCurrentProcessId
GetCurrentThreadId
lstrlenW
CreateEventW
TerminateThread
WaitForSingleObject
GetCurrentProcess
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
GetModuleHandleW
GetProcAddress
GetVersionExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
CopyFileW
lstrcpynW
InterlockedDecrement
InterlockedIncrement
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
GetProcessHeap
HeapSize
lstrcpyW
DeleteCriticalSection
GetCommandLineW
InitializeCriticalSection
IsBadReadPtr
WritePrivateProfileStringW
Sleep
ResetEvent
SetEvent
CreateThread
GetPrivateProfileIntW
GetPrivateProfileStringW
GetFileAttributesW
GetTickCount
GetLocalTime
GetModuleFileNameW
SetFileAttributesW
DeleteFileW
OutputDebugStringW
MoveFileW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError

user32

CreateIconIndirect
LoadImageW
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
RegisterWindowMessageW
GetWindowRect
MoveWindow
DestroyIcon
LoadIconW
SetTimer
PostMessageW
CharUpperW
FindWindowW
IsWindow
SendMessageW
CharLowerA
DrawIconEx
ReleaseDC
CharUpperA
GetMenuItemInfoW
CharLowerW
IsWindowVisible
GetWindowThreadProcessId
EnumWindows
GetDesktopWindow
GetWindowLongW
GetClientRect
MessageBoxW
SetForegroundWindow
ShowWindow
UpdateWindow
ExitWindowsEx
SystemParametersInfoW
GetWindowDC
wsprintfW
SetWindowRgn
UnionRect
GetDC
EndDialog
KillTimer

gdi32

BitBlt
GetPixel
CreateBitmap
ExtTextOutW
SetBkColor
GetObjectW
SelectObject
DeleteObject
CreateDIBSection
CreateCompatibleDC
DeleteDC

advapi32

RegCreateKeyW
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegNotifyChangeKeyValue
CloseServiceHandle
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
ChangeServiceConfigW
StartServiceW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteW
ShellExecuteExW

ole32

CoFreeUnusedLibraries
CoUninitialize
CoInitialize
CoInitializeSecurity
CoCreateInstance

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantClear
VariantChangeType
VariantCopy
SysAllocStringLen
SysStringLen
VarBstrCat
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
VariantInit

shlwapi

StrStrW
PathCompactPathW
PathFindFileNameW
PathFileExistsW
ord12
StrCpyNW

msvcp90

?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPB_WHH@Z
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?length@?$char_traits@_W@std@@SAIPB_W@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flags@ios_base@std@@QBEHXZ
?uncaught_exception@std@@YA_NXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Incref@facet@locale@std@@QAEXXZ
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?eof@?$char_traits@_W@std@@SAGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QBE_WD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

rssqlite

??1CppSQLite3DB@@UAE@XZ
?open@CppSQLite3DB@@QAEXPBD@Z
?execQuery@CppSQLite3DB@@QAE?AVCppSQLite3Query@@PBD@Z
??1CppSQLite3Query@@UAE@XZ
?eof@CppSQLite3Query@@QAE_NXZ
?getStringField@CppSQLite3Query@@QAEPBDPBD0@Z
??0CppSQLite3DB@@QAE@XZ
?close@CppSQLite3DB@@QAEXXZ
?nextRow@CppSQLite3Query@@QAEXXZ
?errorCode@CppSQLite3Exception@@QAE?BHXZ
?execDML@CppSQLite3DB@@QAEHPBD@Z
?tableExists@CppSQLite3DB@@QAE_NPBD@Z
?getIntField@CppSQLite3Query@@QAEHPBDH@Z

wininet

InternetConnectW
InternetAttemptConnect
HttpOpenRequestW
InternetSetOptionW
HttpSendRequestW
HttpQueryInfoW
InternetCloseHandle
InternetSetOptionA
InternetCrackUrlW
InternetOpenW
InternetReadFile

msvcr90

ferror
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memcpy
sscanf
abort
_CxxThrowException
__CxxFrameHandler3
memset
fclose
_stricmp
fread
fopen
_wstat64i32
wprintf
srand
_mktime64
_localtime64_s
_vsnwprintf
wcsncat
_mbsicmp
_wcsicoll
wcsncpy
wcstol
_waccess_s
strchr
strstr
_time64
_beginthreadex
??3@YAXPAX@Z
_snprintf
_snwprintf
_snwscanf
??0exception@std@@QAE@ABV01@@Z
malloc
calloc
free
_recalloc
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??2@YAPAXI@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_wcsicmp
wcsrchr
swprintf_s
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_purecall
memcpy_s
memmove_s
wcsnlen
wcschr
_vsnwprintf_s
memmove
swscanf_s
wcsstr
rand
??_V@YAXPAX@Z
_waccess
strnlen
wcscpy_s
_vscwprintf
vswprintf_s
_vscprintf
vsprintf_s
_wcsdup
wcstok
_wcslwr_s
wcspbrk
iswspace
sprintf
strncpy
_vswprintf
_wfullpath
wcscat_s
wcsncpy_s
_itow_s

gdiplus

GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipFree
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateHBITMAPFromBitmap
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat

rpcrt4

UuidCreate

psapi

GetProcessImageFileNameW

winmm

PlaySoundW
timeGetTime

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CryptDecodeObject
CertGetNameStringW
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
LoadSoftRule

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e989a4f701d33391357fc77f572d5247

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

32:2a:78:ca:b1:00:b4:b6:d9:a0:cc:66:c1:6b:80:2dCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

48:80:02:ca:f3:61:6b:ee:ee:4c:04:5b:d6:99:78:d7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

00:5b:99:81:d4:00:f9:c5:ae:73:61:92:53:51:e3:34:c7:0e:81:b2:39:85:30:eb:5c:17:f9:58:54:34:26:63Signer

7d:c3:9d:20:c1:9a:d5:95:6b:4d:42:90:66:d7:b0:e7:c8:05:cd:b9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp90

rssqlite

wininet

msvcr90

gdiplus

rpcrt4

psapi

winmm

version

crypt32

Exports

Exports

Sections

.text Size: 598KB - Virtual size: 598KB

.rdata Size: 178KB - Virtual size: 178KB

.data Size: 15KB - Virtual size: 27KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 43KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

32:2a:78:ca:b1:00:b4:b6:d9:a0:cc:66:c1:6b:80:2d
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

48:80:02:ca:f3:61:6b:ee:ee:4c:04:5b:d6:99:78:d7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

00:5b:99:81:d4:00:f9:c5:ae:73:61:92:53:51:e3:34:c7:0e:81:b2:39:85:30:eb:5c:17:f9:58:54:34:26:63
Signer

7d:c3:9d:20:c1:9a:d5:95:6b:4d:42:90:66:d7:b0:e7:c8:05:cd:b9
Signer

.text
Size: 598KB - Virtual size: 598KB

.rdata
Size: 178KB - Virtual size: 178KB

.data
Size: 15KB - Virtual size: 27KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 43KB