542fbe27620dd8f8e47149810b7bbc80af4299d501548ba628b223bbe9de000b

Sharing

Copy URL Twitter E-mail

General

Target

542fbe27620dd8f8e47149810b7bbc80af4299d501548ba628b223bbe9de000b
Size

1.1MB
MD5

02a4b1e61eadcfe8451ce93f963f73c2
SHA1

3b9d9eadef2498775b3f87c428fbf08956f3d490
SHA256

542fbe27620dd8f8e47149810b7bbc80af4299d501548ba628b223bbe9de000b
SHA512

53b1338ddc85485abbc1271757c568336e860b91187869982ecebe64bcf36520977fd0c85fc726d6eb07c77b6a82ff0c05ffe774844de941e5929dbe88228aee
SSDEEP

12288:PkD3Ltsa/mj62WjDerYr+tWWtlWmoT8REPphxLlD+0mbLurAcOxX1kZAdBDLcqm/:PkD3LCEbr+Zao3W0sZ1+KGUXmvqtSK

Score

1^/10

Malware Config

Signatures

Files

542fbe27620dd8f8e47149810b7bbc80af4299d501548ba628b223bbe9de000b
.dll windows:6 windows x86 arch:x86

2bd2360afdbfeac7a8d37977552b3be8

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:a3:69:27:05:89:1d:c4:d7:0d:db:4e:c4:8c:ce:be
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/04/2022, 00:00

Not After

06/05/2025, 23:59

Subject

CN=ZWSOFT CO.\, LTD.(Guangzhou),O=ZWSOFT CO.\, LTD.(Guangzhou),L=Guangzhou,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:b8:28:ef:1c:bf:9a:fd:f1:e9:f8:40:27:4d:92:d3:63:01:3f:a6:d3:ff:07:30:45:da:4b:2d:10:3a:eb:d1
Signer

Actual PE Digest

7c:b8:28:ef:1c:bf:9a:fd:f1:e9:f8:40:27:4d:92:d3:63:01:3f:a6:d3:ff:07:30:45:da:4b:2d:10:3a:eb:d1

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dhcpcsvc

DhcpRequestParams

userenv

GetProfilesDirectoryA

netapi32

Netbios

fnp_act_installer

fnpActSvcStatusCodeToText
fnpActSvcGetLastErrorWin
fnpActSvcUninstallWin
fnpActSvcInstallWin
fnpActSvcForceUninstallWin

mfc140

ord2241
ord1507
ord2370
ord2263
ord1509
ord485

kernel32

DeleteCriticalSection
GetProcessHeap
GetEnvironmentStrings
FreeEnvironmentStringsA
GetVersionExA
lstrlenA
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetCurrentProcessId
GetVersion
FindClose
FindFirstFileA
FindNextFileA
GetSystemWindowsDirectoryA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
FormatMessageA
VirtualAlloc
VirtualFree
GetDriveTypeA
GetLastError
GetCommandLineW
GetEnvironmentVariableA
GetEnvironmentVariableW
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
ReadFile
WriteFile
CloseHandle
DecodePointer
SleepEx
WaitNamedPipeA
SetEvent
ResetEvent
CreateEventA
Sleep
SetHandleInformation
SetErrorMode
GetLocalTime
GetTimeZoneInformation
GetModuleHandleA
FindFirstFileW
FindNextFileW
DeviceIoControl
GetTickCount
GetProcessTimes
GetCurrentProcess
GetSystemTimeAsFileTime
LoadLibraryExA
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetModuleHandleW
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
HeapSize
InitializeCriticalSectionEx
HeapFree
HeapDestroy
HeapAlloc
RaiseException
HeapReAlloc
SetNamedPipeHandleState
DisableThreadLibraryCalls
GetVolumeInformationA
OutputDebugStringW

user32

GetDlgItem
EndDialog
MoveWindow
SetDlgItemTextA
SendMessageA
MessageBoxA
GetActiveWindow
UnregisterClassA
GetDlgItemTextA
wsprintfA
DialogBoxIndirectParamA
CreateDialogIndirectParamA
GetDlgItemTextW
GetSystemMetrics
GetParent
GetWindowLongA
ScreenToClient
MessageBeep
GetWindowRect
GetClientRect
SetWindowTextA
EnableWindow
GetFocus
SetFocus
ShowWindow

comdlg32

GetOpenFileNameA

advapi32

GetUserNameA
RegQueryValueExA
GetUserNameW
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExW
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegSetValueExW

shell32

ord680

comctl32

ord17

shlwapi

PathRemoveBackslashW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData

ws2_32

getaddrinfo
freeaddrinfo
inet_addr
inet_ntoa
getnameinfo
getsockopt
__WSAFDIsSet
closesocket
connect
ioctlsocket
recv
select
send
setsockopt
socket
WSAGetLastError
htonl
getpeername
getsockname
WSAStartup
WSACleanup

vcruntime140

memset
memcpy
__CxxFrameHandler3
__std_terminate
memchr
memmove
__std_type_info_destroy_list
_except_handler4_common
memcmp
strstr
strrchr
strchr
wcsstr

api-ms-win-crt-string-l1-1-0

strncpy_s
strcpy_s
strcpy
strcat
_strnicmp
toupper
iscntrl
isgraph
isprint
isalnum
ispunct
isxdigit
isdigit
islower
isalpha
isspace
strlen
wcspbrk
strtok
strspn
strpbrk
strncpy
strcspn
_stricmp
_strdup
strncmp
tolower
isupper

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
_mktime64

api-ms-win-crt-heap-l1-1-0

_recalloc
free
malloc
calloc
realloc

api-ms-win-crt-convert-l1-1-0

strtod
strtol
_strtoui64
atof
strtoul
atoi
_strtoi64

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf_p
freopen
__stdio_common_vfscanf
__stdio_common_vsprintf
_wfopen
__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_p
_close
__stdio_common_vsscanf
putc
fwrite
_wopen
fputc
fclose
__stdio_common_vfprintf_s
_getcwd
fopen
_mktemp
__stdio_common_vfprintf
fputs
__stdio_common_vswscanf
__stdio_common_vswprintf_p
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__stdio_common_vfwscanf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwprintf
__acrt_iob_func
clearerr
fgetc
fgets
fseek
ungetc
getchar
ftell
_open
fread
fflush
_wfreopen

api-ms-win-crt-filesystem-l1-1-0

_waccess
rename
remove
_wunlink
_wrename
_findclose
_findfirst64i32
_mkdir
_findnext64i32
_wstat64i32
_access
_wremove
_stat64i32
_unlink

api-ms-win-crt-environment-l1-1-0

_putenv
getenv

api-ms-win-crt-runtime-l1-1-0

__sys_errlist
__sys_nerr
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_configure_narrow_argv
_seh_filter_dll
_errno
_invalid_parameter_noinfo
terminate
_beginthread
_getpid
_initterm_e
_initterm
_cexit
_endthread
_crt_at_quick_exit
_crt_atexit
_exit
_execute_onexit_table
exit
perror

api-ms-win-crt-utility-l1-1-0

srand
rand_s
bsearch
rand
qsort

Exports

Exports

_flxAct3SvrConfigNode
_flxAct3SvrGetConfigString
_flxAct3SvrGetNodeName
_flxActAppActivationCreate
_flxActAppActivationDelete
_flxActAppActivationDurationGet
_flxActAppActivationDurationSet
_flxActAppActivationEntitlementIdGet
_flxActAppActivationEntitlementIdSet
_flxActAppActivationExpDateGet
_flxActAppActivationExpDateSet
_flxActAppActivationProductIdGet
_flxActAppActivationProductIdSet
_flxActAppActivationReasonGet
_flxActAppActivationReasonSet
_flxActAppActivationReqCreate
_flxActAppActivationReqSet
_flxActAppActivationRespProcess
_flxActAppActivationRespProdLicSpcGet
_flxActAppActivationSend
_flxActAppActivationShortCodeCancel
_flxActAppActivationShortCodeCancelFromBuffer
_flxActAppActivationShortCodeGenerate
_flxActAppActivationShortCodeGenerateFromBuffer
_flxActAppActivationShortCodePending
_flxActAppActivationShortCodePendingFromBuffer
_flxActAppActivationVendorDataGet
_flxActAppActivationVendorDataSet
_flxActAppGetPendingShortCode
_flxActAppGetPendingShortCodeFromBuffer
_flxActAppRepairCreate
_flxActAppRepairDelete
_flxActAppRepairEntitlementIdGet
_flxActAppRepairFRIdGet
_flxActAppRepairFRIdSet
_flxActAppRepairProdLicSpcSet
_flxActAppRepairProductIdGet
_flxActAppRepairReqCreate
_flxActAppRepairReqSet
_flxActAppRepairRespProcess
_flxActAppRepairSend
_flxActAppRepairShortCodeCancel
_flxActAppRepairShortCodeCancelFromBuffer
_flxActAppRepairShortCodeGenerate
_flxActAppRepairShortCodeGenerateFromBuffer
_flxActAppRepairShortCodePending
_flxActAppRepairShortCodePendingFromBuffer
_flxActAppRepairSuiteIdGet
_flxActAppRepairVendorDataGet
_flxActAppRepairVendorDataSet
_flxActAppReturnCancel
_flxActAppReturnCreate
_flxActAppReturnDelete
_flxActAppReturnEntitlementIdGet
_flxActAppReturnFRIdGet
_flxActAppReturnFRIdSet
_flxActAppReturnProdLicSpcSet
_flxActAppReturnProductIdGet
_flxActAppReturnReasonGet
_flxActAppReturnReasonSet
_flxActAppReturnReqCreate
_flxActAppReturnReqSet
_flxActAppReturnRespProcess
_flxActAppReturnSend
_flxActAppReturnShortCodeCancel
_flxActAppReturnShortCodeCancelFromBuffer
_flxActAppReturnShortCodeGenerate
_flxActAppReturnShortCodeGenerateFromBuffer
_flxActAppReturnShortCodePending
_flxActAppReturnShortCodePendingFromBuffer
_flxActAppReturnSuiteIdGet
_flxActAppReturnVendorDataGet
_flxActAppReturnVendorDataSet
_flxActBorrowActivate
_flxActBorrowReturn
_flxActBorrowTSViewCreate
_flxActBorrowTSViewDelete
_flxActBorrowTSViewFRAttributeGet
_flxActCommonDedSpcCountGet
_flxActCommonDedSpcDestinationFulfillmentIdGet
_flxActCommonDedSpcDestinationSystemNameGet
_flxActCommonDedSpcExpDateGet
_flxActCommonDedSpcTypeGet
_flxActCommonGetFRCountFromServerTS
_flxActCommonGetProtectionMode
_flxActCommonHandleClose
_flxActCommonHandleDeleteProduct
_flxActCommonHandleGetCommType
_flxActCommonHandleGetError
_flxActCommonHandleGetLastOpsError
_flxActCommonHandleGetLastOpsErrorString
_flxActCommonHandleGetLastResponseError
_flxActCommonHandleGetLastResponseErrorReason
_flxActCommonHandleGetLastResponseErrorString
_flxActCommonHandleGetRemoteServer
_flxActCommonHandleGetUniqueMachineNumber
_flxActCommonHandleOpen
_flxActCommonHandleSetCommType
_flxActCommonHandleSetPollInterval
_flxActCommonHandleSetProxyDetails
_flxActCommonHandleSetRemoteServer
_flxActCommonHandleSetSSLDetails
_flxActCommonHandleSetStatusCallback
_flxActCommonHandleSetTimeout
_flxActCommonLibraryCleanup
_flxActCommonLibraryInit
_flxActCommonLicSpcAddASRFromBuffer
_flxActCommonLicSpcAddASRs
_flxActCommonLicSpcCheckASR
_flxActCommonLicSpcCheckASRFromBuffer
_flxActCommonLicSpcCreate
_flxActCommonLicSpcDelete
_flxActCommonLicSpcGet
_flxActCommonLicSpcGetNumProdEntries
_flxActCommonLicSpcGetNumberProducts
_flxActCommonLicSpcGetProd
_flxActCommonLicSpcPopulateAllFromServerTS
_flxActCommonLicSpcPopulateAllFromTS
_flxActCommonLicSpcPopulateFromServerTS
_flxActCommonLicSpcPopulateFromTS
_flxActCommonLicSpcProductDelete
_flxActCommonProdLicSpcActServerChainGet
_flxActCommonProdLicSpcCountGet
_flxActCommonProdLicSpcDedSpcGet
_flxActCommonProdLicSpcEntitlementIdGet
_flxActCommonProdLicSpcExpDateGet
_flxActCommonProdLicSpcFeatureLineGet
_flxActCommonProdLicSpcFulfillmentIdGet
_flxActCommonProdLicSpcFulfillmentTypeGet
_flxActCommonProdLicSpcIsDisabled
_flxActCommonProdLicSpcNumberDedSpcGet
_flxActCommonProdLicSpcNumberValidDedSpcGet
_flxActCommonProdLicSpcPopulateFRFromServerTS
_flxActCommonProdLicSpcProductIdGet
_flxActCommonProdLicSpcSuiteIdGet
_flxActCommonProdLicSpcTrustFlagsGet
_flxActCommonProdLicSpcUniqueIdGet
_flxActCommonProdLicSpcVendorDataGetByIndex
_flxActCommonProdLicSpcVendorDataGetByKey
_flxActCommonProdLicSpcVendorDataGetCount
_flxActCommonRepairLocalTrustedStorage
_flxActCommonResetTrialASRFromBuffer
_flxActCommonResetTrialASRs
_flxActCommonRespProdLicSpcGet
_flxActCommonValidateDateString
_flxActCommonVirtualFamilyGet
_flxActCommonVirtualGenidGet
_flxActCommonVirtualNameGet
_flxActCommonVirtualStatusGet
_flxActCommonVirtualUuidGet
_flxActShortCodeCancelRequest
_flxActShortCodeCreate
_flxActShortCodeCreateFromBuffer
_flxActShortCodeDestroy
_flxActShortCodeGetActivationRequest
_flxActShortCodeGetDenyReason
_flxActShortCodeGetErrorDetail
_flxActShortCodeGetPendingRequest
_flxActShortCodeGetPendingRequestProdSpc
_flxActShortCodeGetRepairRequest
_flxActShortCodeGetReturnRequest
_flxActShortCodeGetWarning
_flxActShortCodeProcessResponse
_flxActShortCodeSetVendorData
_flxActSvrActivationCountGet
_flxActSvrActivationCountSet
_flxActSvrActivationCreate
_flxActSvrActivationDelete
_flxActSvrActivationEntitlementIdGet
_flxActSvrActivationEntitlementIdSet
_flxActSvrActivationExpDateGet
_flxActSvrActivationExpDateSet
_flxActSvrActivationHostnameGet
_flxActSvrActivationHostnameSet
_flxActSvrActivationIncludeEnterpriseData
_flxActSvrActivationProductIdGet
_flxActSvrActivationProductIdSet
_flxActSvrActivationReasonGet
_flxActSvrActivationReasonSet
_flxActSvrActivationReqCreate
_flxActSvrActivationReqSet
_flxActSvrActivationRespProcess
_flxActSvrActivationSend
_flxActSvrActivationUsernameGet
_flxActSvrActivationUsernameSet
_flxActSvrActivationVendorDataGet
_flxActSvrActivationVendorDataSet
_flxActSvrGetType
_flxActSvrRepairCreate
_flxActSvrRepairDelete
_flxActSvrRepairEntitlementIdGet
_flxActSvrRepairFRIdGet
_flxActSvrRepairProdLicSpcSet
_flxActSvrRepairProductIdGet
_flxActSvrRepairReqCreate
_flxActSvrRepairReqSet
_flxActSvrRepairRespProcess
_flxActSvrRepairSend
_flxActSvrRepairSuiteIdGet
_flxActSvrRepairVendorDataGet
_flxActSvrRepairVendorDataSet
_flxActSvrReturnCancel
_flxActSvrReturnCreate
_flxActSvrReturnDelete
_flxActSvrReturnEntitlementIdGet
_flxActSvrReturnFRIdGet
_flxActSvrReturnForceIncompleteGet
_flxActSvrReturnForceIncompleteSet
_flxActSvrReturnNumberValidDedSpcGet
_flxActSvrReturnProdLicSpcSet
_flxActSvrReturnProductIdGet
_flxActSvrReturnReasonGet
_flxActSvrReturnReasonSet
_flxActSvrReturnReqCreate
_flxActSvrReturnReqSet
_flxActSvrReturnRespProcess
_flxActSvrReturnSend
_flxActSvrReturnSuiteIdGet
_flxActSvrReturnVendorDataGet
_flxActSvrReturnVendorDataSet
_flxActTranDictionaryGetByIndex
_flxActTranDictionaryGetByKey
_flxActTranDictionaryGetCount
_flxActTranDictionarySetByKey
_flxActTranReqActionGetAttribute
_flxActTranReqActionGetFLEXnetDictionary
_flxActTranReqActionGetType
_flxActTranReqActionGetVendorDictionary
_flxActTranReqActionSetAttribute
_flxActTranRequestAddAction
_flxActTranRequestAddExistingFulfillment
_flxActTranRequestClearExistingFulfillments
_flxActTranRequestGetAction
_flxActTranRequestGetActionCount
_flxActTranRequestGetAttribute
_flxActTranRequestGetFLEXnetDictionary
_flxActTranRequestGetStatus
_flxActTranRequestGetVendorDictionary
_flxActTranRequestGetXML
_flxActTranRequestMatchStored
_flxActTranRequestSave
_flxActTranRequestSetAttribute
_flxActTranRequestSetExistingFulfillmentDetails
_flxActTranResponseGetAction
_flxActTranResponseGetActionCount
_flxActTranResponseGetFLEXnetDictionary
_flxActTranResponseGetVendorDictionary
_flxActTranRspActionGetAttribute
_flxActTranRspActionGetFLEXnetDictionary
_flxActTranRspActionGetResult
_flxActTranRspActionGetType
_flxActTranRspActionGetVendorDictionary
_flxActTransactionCreate
_flxActTransactionCreateRecoveryRequest
_flxActTransactionCreateRequest
_flxActTransactionDeleteStoredRequest
_flxActTransactionDeleteStoredRequestBySeqNo
_flxActTransactionDestroy
_flxActTransactionGetCommsAttribute
_flxActTransactionGetError
_flxActTransactionGetFunctionId
_flxActTransactionGetLogString
_flxActTransactionGetRequest
_flxActTransactionGetResponse
_flxActTransactionGetResponseXML
_flxActTransactionGetResult
_flxActTransactionGetStoredRequestCount
_flxActTransactionLoadStoredRequest
_flxActTransactionLogError
_flxActTransactionProcessResponse
_flxActTransactionSend
_flxActTransactionSetCommsAttribute
_fnpActSvcForceUninstallWin
_fnpActSvcGetLastErrorWin
_fnpActSvcInstallWin
_fnpActSvcStatusCodeToText
_fnpActSvcUninstallWin
_l_borrow_decrypt
_l_borrow_dptr
_l_n36_buf
_l_new_hostid
_l_pubkey_verify
_l_x77_buf
_la_createStatusSpecifier
_la_freeFulfillmentStatus
_la_freeStatusSpecifier
_la_getFulfillmentStatus
_la_init
_la_statGetAvailableCounts
_la_statGetDeductionCounts
_la_statGetDeductionDestinationFulfillId
_la_statGetDeductionExpirationDate
_la_statGetDeductionSystemName
_la_statGetEntitlementId
_la_statGetExpirationDate
_la_statGetFeatureLines
_la_statGetFulfillmentChain
_la_statGetFulfillmentId
_la_statGetFulfillmentVersion
_la_statGetHops
_la_statGetMaximumCounts
_la_statGetMaximumOverdraftDuration
_la_statGetNumDeductions
_la_statGetNumFulfillments
_la_statGetOriginalExpirationDate
_la_statGetProductId
_la_statGetSuiteId
_la_statSelectFirstDeduction
_la_statSelectFirstFulfillment
_la_statSelectLastDeduction
_la_statSelectLastFulfillment
_la_statSelectNextDeduction
_la_statSelectNextFulfillment
_la_statSelectNthDeduction
_la_statSelectNthFulfillment
_la_statSelectPrevDeduction
_la_statSelectPrevFulfillment
_la_statSpecSetDetail
_la_statSpecSetEntitlementId
_la_statSpecSetFeatureName
_la_statSpecSetFulfillmentId
_la_statSpecSetProductId
_lc_ascii_date
_lc_auth_data
_lc_baddate
_lc_bin_date
_lc_borrow_return
_lc_check_key
_lc_checkin
_lc_checkout
_lc_chk_conf
_lc_ck_feats
_lc_cleanup
_lc_convert
_lc_copy_hostid
_lc_crypt
_lc_cryptstr
_lc_daemon
_lc_disconn
_lc_display
_lc_err_info
_lc_errstring
_lc_errtext
_lc_expire_days
_lc_extract_date
_lc_feat_list
_lc_feat_set
_lc_first_job
_lc_flexinit
_lc_flexinit_cleanup
_lc_flexinit_property_handle_create
_lc_flexinit_property_handle_free
_lc_flexinit_property_handle_get
_lc_flexinit_property_handle_set
_lc_fnpservice_present
_lc_free_config
_lc_free_hostid
_lc_free_job
_lc_free_lmgrd_stat
_lc_free_mem
_lc_get_attr
_lc_get_config
_lc_get_errno
_lc_get_feats
_lc_get_registry
_lc_get_server_version
_lc_get_version
_lc_gethostid
_lc_getid_type
_lc_heartbeat
_lc_hostid
_lc_hostname
_lc_hosttype
_lc_idle
_lc_init
_lc_init_simple_composite
_lc_install_license
_lc_install_license_path
_lc_isadmin
_lc_lic_where
_lc_log
_lc_lookup
_lc_master_list
_lc_new_job
_lc_next_conf
_lc_next_job
_lc_perror
_lc_remove
_lc_removeh
_lc_set_alt_vendor
_lc_set_attr
_lc_set_attr_vendor
_lc_set_errno
_lc_set_registry
_lc_set_vendor
_lc_set_vendor_alias
_lc_shutdown
_lc_status
_lc_test_conf
_lc_timer
_lc_userlist
_lc_username
_lc_virtualstatusget
_lc_vsend
_lp_checkin
_lp_checkout
_lp_errstring
_lp_heartbeat
_lp_perror
_lp_pwarn
_lp_warning

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 750KB - Virtual size: 750KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_dir
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bd2360afdbfeac7a8d37977552b3be8

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:a3:69:27:05:89:1d:c4:d7:0d:db:4e:c4:8c:ce:beCertificate

Extended Key Usages

Key Usages

7c:b8:28:ef:1c:bf:9a:fd:f1:e9:f8:40:27:4d:92:d3:63:01:3f:a6:d3:ff:07:30:45:da:4b:2d:10:3a:eb:d1Signer

Headers

DLL Characteristics

File Characteristics

Imports

dhcpcsvc

userenv

netapi32

fnp_act_installer

mfc140

kernel32

user32

comdlg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 235KB - Virtual size: 234KB

.textidx Size: 750KB - Virtual size: 750KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 28KB - Virtual size: 51KB

.fnp_dir Size: 512B - Virtual size: 100B

.fnp_mar Size: 512B - Virtual size: 1B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 38KB - Virtual size: 37KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:a3:69:27:05:89:1d:c4:d7:0d:db:4e:c4:8c:ce:be
Certificate

7c:b8:28:ef:1c:bf:9a:fd:f1:e9:f8:40:27:4d:92:d3:63:01:3f:a6:d3:ff:07:30:45:da:4b:2d:10:3a:eb:d1
Signer

.text
Size: 235KB - Virtual size: 234KB

.textidx
Size: 750KB - Virtual size: 750KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 28KB - Virtual size: 51KB

.fnp_dir
Size: 512B - Virtual size: 100B

.fnp_mar
Size: 512B - Virtual size: 1B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 38KB - Virtual size: 37KB