ebb74d3f72b43983b986659deda5870c158109f494406d422d753558fdc4dcb3

Sharing

Copy URL

Twitter E-mail

General

Target

ebb74d3f72b43983b986659deda5870c158109f494406d422d753558fdc4dcb3
Size

3.7MB
MD5

edf35a2ce72259a01113b73a18f30e15
SHA1

e07f5af80a358bb83fb21e96c813c298349432a8
SHA256

ebb74d3f72b43983b986659deda5870c158109f494406d422d753558fdc4dcb3
SHA512

ba7b3df157c84f86bd13827d9b97c327ae1869d466e687c9d558915877190d4166dc0251e14885d88dac4e87ff8d0686b458de18cdd9599f69a6465749149b7b
SSDEEP

49152:LvzOr13aaFxV/6Et0tlNC6Uy4VaFsOgKU0RjdICH65NN9PKkTdfHoEb4XyR15oyh:noVLt7VcvlkEIfZ4Xy5H

Score

1^/10

Malware Config

Signatures

Files

ebb74d3f72b43983b986659deda5870c158109f494406d422d753558fdc4dcb3
.dll windows:5 windows x64 arch:x64

2bae78ce59da0272347f27441e83a1fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:48:7b:f0:a5:e4:7a:9e:e0:2f:d2:8d:53:57:6e:80
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05-12-2018 00:00

Not After

04-01-2020 23:59

Subject

CN=Shanghai Youme Information Technology Co.\, Ltd.,OU=R&D,O=Shanghai Youme Information Technology Co.\, Ltd.,L=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:55:b6:a5:a2:ad:b0:4a:05:88:fc:4d:9c:8a:e6:75:58:0c:5c:4b
Signer

Actual PE Digest

25:55:b6:a5:a2:ad:b0:4a:05:88:fc:4d:9c:8a:e6:75:58:0c:5c:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VerSetConditionMask
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoA
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
UnregisterWaitEx
InitializeSListHead
VirtualProtect
VirtualFree
VirtualAlloc
FreeLibraryAndExitThread
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
CreateEventA
CreateTimerQueue
WaitForMultipleObjects
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentThread
GetVersionExA
GetModuleFileNameA
FormatMessageA
GetProcessHeap
HeapFree
HeapAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemInfo
GetSystemTimeAsFileTime
SetThreadPriority
CreateThread
CreateSemaphoreA
ReleaseSemaphore
FreeLibrary
Sleep
CreateMutexA
CloseHandle
WaitForSingleObject
lstrlenA
GetExitCodeThread
DuplicateHandle
SetEnvironmentVariableA
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WriteConsoleW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetDriveTypeW
FindFirstFileExW
GetCPInfo
GetACP
IsValidCodePage
MoveFileExW
ReleaseMutex
GetLastError
OutputDebugStringA
SignalObjectAndWait
GetCurrentThreadId
CreateSemaphoreW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
GetOEMCP
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
GetProcAddress
GetModuleHandleA
DeleteFileW
FindClose
CreateDirectoryW
GetFileAttributesW
MoveFileW
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetCurrentProcessId
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
CreateFileW
ReadFile
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
GetVersionExW
FormatMessageW
LoadLibraryW
WriteFile
UnlockFileEx
GetTickCount
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
SystemTimeToFileTime
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
TryEnterCriticalSection
SetLastError
SleepEx
ExpandEnvironmentStringsA
GlobalMemoryStatus
GetThreadTimes
IsDebuggerPresent
IsProcessorFeaturePresent
GetTimeZoneInformation
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
ExitProcess
GetModuleHandleExW
GetCommandLineA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
LoadLibraryExW
GetStdHandle
GetFileType
GetStartupInfoW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetModuleFileNameW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
GetCurrentProcess
TerminateProcess
TlsAlloc

shell32

SHGetFolderPathA
SHGetSpecialFolderPathW

ole32

PropVariantClear
CoInitialize
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity

ws2_32

__WSAFDIsSet
connect
htonl
htons
ntohl
gethostbyname
sendto
WSASetLastError
getsockopt
WSAIoctl
ntohs
WSACleanup
WSAStartup
WSASocketA
WSAWaitForMultipleEvents
WSASetEvent
WSARecvFrom
WSARecv
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAAccept
getnameinfo
freeaddrinfo
getaddrinfo
WSAAddressToStringA
WSASendTo
WSAGetLastError
gethostname
socket
shutdown
setsockopt
send
select
recvfrom
recv
listen
getsockname
getpeername
ioctlsocket
closesocket
bind

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetErrorTextA
waveOutReset
timeGetTime
waveInStart
waveInGetErrorTextA
waveInOpen
waveInReset
mmioClose
waveInClose
waveInPrepareHeader
waveInAddBuffer
waveInUnprepareHeader

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses
GetBestInterfaceEx
GetNetworkParams

msdmo

MoFreeMediaType
MoInitMediaType

oleaut32

VariantClear
SysFreeString
SysAllocString

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom

Exports

Exports

??0IYouMeVoiceEngine@@AEAA@XZ
??1IYouMeVoiceEngine@@AEAA@XZ
??4IYouMeVoiceEngine@@QEAAAEAV0@AEBV0@@Z
?checkIsDeviceMute@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
?cleanSpeakerRecordCache@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
?destroy@IYouMeVoiceEngine@@SAXXZ
?getBackgroundMusicVolume@IYouMeVoiceEngine@@QEAAHXZ
?getChannelUserList@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBDH_N@Z
?getEffectVolume@IYouMeVoiceEngine@@QEAAHXZ
?getInstance@IYouMeVoiceEngine@@SAPEAV1@XZ
?getMicVolume@IYouMeVoiceEngine@@QEAAIXZ
?getMicrophoneMute@IYouMeVoiceEngine@@QEAA_NXZ
?getSDKVersion@IYouMeVoiceEngine@@QEAAHXZ
?getSoundtouchPitchSemiTones@IYouMeVoiceEngine@@QEAAMXZ
?getSpeakerMute@IYouMeVoiceEngine@@QEAA_NXZ
?getUseMobileNetworkEnabled@IYouMeVoiceEngine@@QEAA_NXZ
?getUserRole@IYouMeVoiceEngine@@QEAA?AW4YouMeUserRole@@XZ
?getVolume@IYouMeVoiceEngine@@QEAAIXZ
?init@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEAVIYouMeEventCallback@@PEBD1W4YOUME_RTC_SERVER_REGION@@1@Z
?isBackgroundMusicPlaying@IYouMeVoiceEngine@@QEAA_NXZ
?isInChannel@IYouMeVoiceEngine@@QEAA_NPEBD@Z
?isInChannel@IYouMeVoiceEngine@@QEAA_NXZ
?isInited@IYouMeVoiceEngine@@QEAA_NXZ
?isSpeakerRecording@IYouMeVoiceEngine@@QEAA_NXZ
?joinChannelMultiMode@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD0W4YouMeUserRole@@_N@Z
?joinChannelSingleMode@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD0W4YouMeUserRole@@_N@Z
?kickOtherFromChannel@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD0H@Z
?leaveChannelAll@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
?leaveChannelMultiMode@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD@Z
?pauseAllEffects@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
?pauseBackgroundMusic@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
?pauseChannel@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
?pauseEffect@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@H@Z
?playBackgroundMusic@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD_N@Z
?playEffect@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBDHPEAH@Z
?releaseGrabMic@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD@Z
?releaseMicSync@IYouMeVoiceEngine@@QEAA_NXZ
?requestGrabMic@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBDH_N0@Z
?requestInviteMic@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD00@Z
?requestRestApi@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD0PEAH@Z
?responseInviteMic@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD_N0@Z
?resumeAllEffects@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
?resumeBackgroundMusic@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
?resumeChannel@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
?resumeEffect@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@H@Z
?resumeMicSync@IYouMeVoiceEngine@@QEAA_NXZ
?sendMessage@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD0PEAH@Z
?setAudioEffectType@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@I@Z
?setAutoSendStatus@IYouMeVoiceEngine@@QEAAX_N@Z
?setBackgroundMusicVolume@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@H@Z
?setChannelAudioMode@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@W4ChannelAudioMode@@@Z
?setEffectVolume@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@H@Z
?setExitCommModeWhenHeadsetPlugin@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@_N@Z
?setExternalSoundCardMode@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@_N@Z
?setFarendVoiceLevelCallback@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@H@Z
?setForceDisableAEC@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@_N@Z
?setForceDisableAGC@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@_N@Z
?setGrabMicOption@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBDHHHI@Z
?setHeadsetMonitorOn@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@_N0@Z
?setInviteMicOption@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBDHH@Z
?setListenOtherVoice@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD_N@Z
?setMagicVoiceEnable@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@_N@Z
?setMemberChangeCallback@IYouMeVoiceEngine@@QEAAXPEAVIYouMeMemberChangeCallback@@@Z
?setMicLevelCallback@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@H@Z
?setMicVolume@IYouMeVoiceEngine@@QEAAXAEBI@Z
?setMicrophoneMute@IYouMeVoiceEngine@@QEAAX_N@Z
?setNotifyCallback@IYouMeVoiceEngine@@QEAAXPEAVIYouMeChannelMsgCallback@@@Z
?setOtherMicMute@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD_N@Z
?setOtherSpeakerMute@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD_N@Z
?setOutputToSpeaker@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@_N@Z
?setPcmCallbackEnable@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEAVIYouMePcmCallback@@H@Z
?setPlayingTimeMs@IYouMeVoiceEngine@@QEAAXI@Z
?setRecordingTimeMs@IYouMeVoiceEngine@@QEAAXI@Z
?setReleaseMicWhenMute@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@_N@Z
?setRestApiCallback@IYouMeVoiceEngine@@QEAAXPEAVIRestApiCallback@@@Z
?setReverbEnabled@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@_N@Z
?setServerRegion@IYouMeVoiceEngine@@QEAAXW4YOUME_RTC_SERVER_REGION@@PEBD_N@Z
?setSoundtouchPitchSemiTones@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@M@Z
?setSpeakerMute@IYouMeVoiceEngine@@QEAAX_N@Z
?setSpeakerRecordOn@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@_N@Z
?setToken@IYouMeVoiceEngine@@QEAAXPEBD@Z
?setUseMobileNetworkEnabled@IYouMeVoiceEngine@@QEAAX_N@Z
?setUserRole@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@W4YouMeUserRole@@@Z
?setVadCallbackEnabled@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@_N@Z
?setVolume@IYouMeVoiceEngine@@QEAAXAEBI@Z
?setWhiteUserList@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBDAEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?speakToChannel@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD@Z
?startGrabMicAction@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD0@Z
?stopAllEffects@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
?stopBackgroundMusic@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
?stopEffect@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@H@Z
?stopGrabMicAction@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@PEBD0@Z
?stopInviteMic@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
?unInit@IYouMeVoiceEngine@@QEAA?AW4YouMeErrorCode@@XZ
youme_cleanSpeakerRecordCache
youme_freeCbMessage
youme_getBackgroundMusicVolume
youme_getCbMessage
youme_getChannelUserList
youme_getMicVolume
youme_getMicrophoneMute
youme_getSDKVersion
youme_getSoundtouchPitchSemiTones
youme_getSpeakerMute
youme_getUseMobileNetworkEnabled
youme_getUserRole
youme_getVolume
youme_init
youme_isBackgroundMusicPlaying
youme_isInChannel
youme_isInited
youme_isSpeakerRecording
youme_joinChannelMultiMode
youme_joinChannelSingleMode
youme_kickOtherFromChannel
youme_leaveChannelAll
youme_leaveChannelMultiMode
youme_pauseBackgroundMusic
youme_pauseChannel
youme_playBackgroundMusic
youme_releaseGrabMic
youme_releaseMicSync
youme_requestGrabMic
youme_requestInviteMic
youme_requestRestApi
youme_responseInviteMic
youme_resumeBackgroundMusic
youme_resumeChannel
youme_resumeMicSync
youme_sendMessage
youme_setAutoSendStatus
youme_setBackgroundMusicVolume
youme_setExitCommModeWhenHeadsetPlugin
youme_setFarendVoiceLevelCallback
youme_setForceDisableAEC
youme_setForceDisableAGC
youme_setGrabMicOption
youme_setHeadsetMonitorOn
youme_setInviteMicOption
youme_setListenOtherVoice
youme_setMagicVoiceEnable
youme_setMicLevelCallback
youme_setMicVolume
youme_setMicrophoneMute
youme_setOtherMicMute
youme_setOtherSpeakerMute
youme_setOutputToSpeaker
youme_setPcmCallbackEnable
youme_setPlayingTimeMs
youme_setRecordingTimeMs
youme_setReleaseMicWhenMute
youme_setReverbEnabled
youme_setServerMode
youme_setServerRegion
youme_setSoundtouchPitchSemiTones
youme_setSpeakerMute
youme_setSpeakerRecordOn
youme_setTestConfig
youme_setToken
youme_setUseMobileNetworkEnabled
youme_setUserRole
youme_setVadCallbackEnabled
youme_setVolume
youme_setWhiteUserList
youme_speakToChannel
youme_startGrabMicAction
youme_stopBackgroundMusic
youme_stopGrabMicAction
youme_stopInviteMic
youme_unInit

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 922KB - Virtual size: 922KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bae78ce59da0272347f27441e83a1fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

01:48:7b:f0:a5:e4:7a:9e:e0:2f:d2:8d:53:57:6e:80Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

25:55:b6:a5:a2:ad:b0:4a:05:88:fc:4d:9c:8a:e6:75:58:0c:5c:4bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

ws2_32

winmm

iphlpapi

msdmo

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 922KB - Virtual size: 922KB

.data Size: 54KB - Virtual size: 110KB

.pdata Size: 140KB - Virtual size: 139KB

.tls Size: 512B - Virtual size: 25B

_RDATA Size: 10KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

01:48:7b:f0:a5:e4:7a:9e:e0:2f:d2:8d:53:57:6e:80
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

25:55:b6:a5:a2:ad:b0:4a:05:88:fc:4d:9c:8a:e6:75:58:0c:5c:4b
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 922KB - Virtual size: 922KB

.data
Size: 54KB - Virtual size: 110KB

.pdata
Size: 140KB - Virtual size: 139KB

.tls
Size: 512B - Virtual size: 25B

_RDATA
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 12KB