aaf5397088bf319d2a8f6e012dfef244

Sharing

Copy URL Twitter E-mail

General

Target

aaf5397088bf319d2a8f6e012dfef244
Size

801KB
MD5

aaf5397088bf319d2a8f6e012dfef244
SHA1

fe3edf8848f83f2d89368ed7bd6f61f44c997604
SHA256

27b1a271e8efa2bb67582e5513c5d8438b3587874c6523e45576da280ff62c09
SHA512

2c0c760ddee407a03c77d197b524cbf65de6153ae8ec4e537b414fbbf61ab5283742c6f8642388a8f77e692a39879bc585db08daaf4ec26526812c49f1f92725
SSDEEP

12288:c9cZIoIC643rNeajMj4yOfSNTGVcKgjj8jIG:c9oIFCeajPy8iTycKgfZG

Score

1^/10

Malware Config

Signatures

Files

aaf5397088bf319d2a8f6e012dfef244
.exe windows:4 windows x86 arch:x86

b6394c0f91c246ff110c64d634b3b2c2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

86:af:3c:e1:8f:c9:8e:09:2e:69:8a:9b:d3:01:6b:d7:b4:3e:05:50
Signer

Actual PE Digest

86:af:3c:e1:8f:c9:8e:09:2e:69:8a:9b:d3:01:6b:d7:b4:3e:05:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

R:\TempView\QQ1.81\Misc\AUClient\Release\QQUpdateCenter.pdb

Imports

aucommon

?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?InitNetwork@Network@Util@@YAHXZ
??0CTXBSTR@@QAE@PB_W@Z
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
?CreateTXArray@Data@Util@@YAHPAPAUITXArray@@@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
??8CTXBSTR@@QBE_NPB_W@Z
??ICTXBSTR@@QAEPAPA_WXZ
??BCTXBSTR@@QBEPA_WXZ
??1CTXBSTR@@QAE@XZ
??0CTXBSTR@@QAE@XZ
?IsEmpty@CTXBSTR@@QAEHXZ
??1CTXHttpDownloadSink@@UAE@XZ
?CancelDownload@CTXHttpDownload@@QAEXXZ
??0CTXHttpDownloadSink@@IAE@XZ
?Download@CTXHttpDownload@@QAEHPB_WPAU_SYSTEMTIME@@0H@Z
?SetUIInterface@CTXHttpDownload@@QAEXPAVCTXHttpDownloadSink@@@Z
??0CTXHttpDownload@@QAE@XZ
?SetProxyInfo@NetworkEnv@Util@@YAJPAUITXDataRead@@@Z
?GetIEProxySetting@Network@Util@@YAHPAUITXData@@AAE@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
??1CTXHttpDownload@@UAE@XZ
??YCTXStringW@@QAEAAV0@PB_W@Z
?GetFileSystemDirectory@FS@@YAHPB_WAAVCTXStringW@@@Z
??0CTXStringW@@QAE@XZ
?SetEventMask@CTXHttpDownload@@QAEXE@Z
?GetTimeOffsetUTC@NLS@@YAJXZ
?AddInfo@CTXHttpDownload@@QAEHABVCTXStringW@@K@Z
?AddInfo@CTXHttpDownload@@QAEHABVCTXStringW@@0@Z
??0CTXStringW@@QAE@PB_W@Z
?QueryInfo@CTXHttpDownload@@QAEHABVCTXStringW@@PAEK@Z
?QueryInfo@CTXHttpDownload@@QAEHABVCTXStringW@@AAV2@H@Z
?QueryInfo@CTXHttpDownload@@QAEHABVCTXStringW@@AAK@Z
?QueryInfo@CTXHttpDownload@@QAEHABVCTXStringW@@AAH@Z
?MoveDownloadFile@CTXHttpDownload@@QAEHPB_WH@Z
?CreateDirectoryW@FS@@YAHPB_W@Z
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??1CFmtString@@QAE@XZ
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?PropertyLong@CFmtString@@QAEHPB_WJ0@Z
??0CFmtString@@QAE@XZ
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
?PropertyStr@CFmtString@@QAEHPB_W0@Z
?AddBufLenWord@CTXCommPack@@QAEHABVCTXBuffer@@H@Z
?AddDWord@CTXCommPack@@QAEHKH@Z
?Reset@CTXCommPack@@QAEXXZ
?GetBufferOut@CTXCommPack@@QAEHAAVCTXBuffer@@@Z
?AddWord@CTXCommPack@@QAEHGH@Z
?InitDownloadTempDirectory@CTXHttpDownload@@SAXPB_W@Z
?DeleteFileW@FS@@YAHPB_W@Z
?IsFileExist@FS@@YAHPB_W@Z
?CreateFileW@FS@@YAHPB_WKPAPAUITXFile@@@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
?Record@Perf@Util@@YAJPB_WHH00@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
??0CTXStringW@@QAE@UtagGBK@@PBDH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?GetBuffer@CTXStringW@@QAEPA_WH@Z
??1CTXStringA@@QAE@XZ
?GetString@CTXStringA@@QBEPBDXZ
??0CTXStringA@@QAE@UtagGBK@@PB_WH@Z
??0CTXStringW@@QAE@UtagEN@@PBDH@Z
?Utf8ToWS@Convert@Util@@YA?AVCTXStringW@@PBDH@Z
?SetUserPrefer@CP2PDownloadParam@@QAEXW4USER_PREFER_TYPE@@@Z
?ClearRequestHeader@CTXHttpDownload@@QAEXXZ
?DWordToStringW@Convert@Util@@YA?AVCTXStringW@@K@Z
?GetBSTR@CTXStringW@@QBEPA_WXZ
?GetLCIDAsString@NLS@@YA?AVCTXStringW@@XZ
?AbortDownload@CP2PDownload@@QAEXXZ
?SetTargetShareRate@CP2PDownload@@QAEXN@Z
?Download@CP2PDownload@@QAEHPAVCP2PDownloadParam@@@Z
?EnableShareTimeout@CP2PDownload@@QAEXHK@Z
?EnableShareRatePolicy@CP2PDownload@@QAEXH@Z
?SetPartInfo@CP2PDownloadParam@@QAEXEE@Z
?SetApplicationType@CP2PDownloadParam@@QAEXE@Z
?SetP2PStatReport@CP2PDownloadParam@@QAEXAAUP2PStatSvrAddrPara@@I@Z
?SetHttpSpeedLimit@CP2PDownloadParam@@QAEXK@Z
?SetHttpConnectionLimit@CP2PDownloadParam@@QAEXK@Z
?SetDownloadMechanism@CP2PDownloadParam@@QAEXK@Z
?SetLocalFileName@CP2PDownloadParam@@QAEXPBD@Z
?SetTorrentURL@CP2PDownloadParam@@QAEXPBD@Z
?SetFileURL@CP2PDownloadParam@@QAEXPBD@Z
?SetStunServer@CP2PDownloadParam@@QAEHPBDG@Z
?SetPeerServer@CP2PDownloadParam@@QAEHPBDG0G@Z
??BCTXStringA@@QBEPBDXZ
?Init@CP2PDownloadParam@@QAEHXZ
?GetProxyInfo@NetworkEnv@Util@@YAJPAPAUITXDataRead@@@Z
?GetTargetShareRate@CP2PDownload@@QAENXZ
??1CP2PDownloadUIInterface@@UAE@XZ
??1CP2PDownload@@UAE@XZ
??1CP2PDownloadParam@@UAE@XZ
?SetUIInterface@CP2PDownload@@QAEXPAVCP2PDownloadUIInterface@@@Z
?SetP2PFile@CP2PDownload@@QAEXABVCTXStringW@@@Z
??0CP2PDownloadParam@@QAE@XZ
??0CP2PDownload@@QAE@XZ
??0CP2PDownloadUIInterface@@QAE@XZ
?StringToDWordW@Convert@Util@@YA_NPB_WAAK@Z
?SetUserLCID@TXI18N@@YAXK@Z
?SetConfigFile@TXI18N@@YAHPB_W0@Z
?RemoveFileSystem@FS@@YAHPB_W@Z
??0CTXStringW@@QAE@PB_WH@Z
??BCTXStringW@@QBEPB_WXZ
??1CTXStringW@@QAE@XZ
ord37
??0CTXCommPack@@QAE@XZ
?SetBufferIn@CTXCommPack@@QAEXPBEIH@Z
?GetWord@CTXCommPack@@QAEHAAGHH@Z
?GetByte@CTXCommPack@@QAEHAAEH@Z
??1CTXCommPack@@UAE@XZ
?GetBuf@CTXCommPack@@QAEHPAEHH@Z
?AddByte@CTXCommPack@@QAEHE@Z
?GetBuf@CTXCommPack@@QAEHPAPBEHH@Z

kernel32

GetComputerNameW
GetModuleFileNameW
lstrlenW
GetWindowsDirectoryW
GetSystemDirectoryW
GetVersion
OpenMutexW
GetTempPathW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
lstrcmpiW
OpenProcess
lstrcpynW
TerminateProcess
CreateProcessW
DuplicateHandle
GetCurrentProcess
CreatePipe
GetStdHandle
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
MoveFileW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcessId
lstrcmpW
SetEvent
SetThreadPriority
ResetEvent
TerminateThread
WaitForMultipleObjects
CreateEventW
GetProcessHeap
HeapFree
HeapAlloc
CreateMutexW
IsBadWritePtr
IsBadReadPtr
SetFileAttributesW
CopyFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcatW
GetShortPathNameW
MoveFileExW
InterlockedIncrement
InterlockedDecrement
FormatMessageW
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
RaiseException
WaitForSingleObject
ReleaseMutex
SetLastError
Sleep
FreeLibrary
LoadLibraryW
CloseHandle
ReadFile
CreateFileW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetFileSize
GetVersionExW
GetDiskFreeSpaceExW
GetProcAddress
SetFilePointer
GetPrivateProfileIntW
WritePrivateProfileStringW
GetLastError
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
SetEndOfFile
CreateDirectoryW
DeleteFileW
GetModuleHandleW

user32

ScreenToClient
LoadCursorW
GetMessagePos
ShowCursor
SetCursor
GetSysColor
DrawStateW
CopyRect
FillRect
DrawFocusRect
GetDC
LoadIconW
OffsetRect
GetParent
PtInRect
KillTimer
GetClientRect
SetForegroundWindow
ReleaseDC
InvalidateRect
DestroyIcon
LoadBitmapW
GetKeyState
GetCursorPos
DispatchMessageW
TranslateMessage
WaitMessage
PeekMessageW
wsprintfW
SetTimer
InsertMenuW
EnableMenuItem
AdjustWindowRectEx
SendMessageTimeoutW
IsWindow
GetWindow
IsWindowVisible
GetSystemMenu
SetRect
GetWindowLongW
SetWindowLongW
RedrawWindow
SendMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
LoadImageW
GetWindowRect
EnableWindow
PostMessageW
UnregisterClassW
RegisterWindowMessageW
SetWindowPos

gdi32

CreateCompatibleDC
GetTextMetricsW
GetCurrentObject
GetStockObject
BitBlt
CreateRoundRectRgn
GetTextExtentPoint32W
CreateSolidBrush
DeleteObject
CreateFontIndirectW
GetObjectW

advapi32

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegFlushKey
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

oleaut32

SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear
SysFreeString

mfc80u

ord370
ord618
ord1908
ord2827
ord5630
ord1920
ord3296
ord501
ord709
ord5633
ord3155
ord1717
ord497
ord2277
ord3867
ord4100
ord1135
ord5117
ord334
ord5119
ord593
ord5121
ord6201
ord747
ord559
ord3168
ord5462
ord4038
ord548
ord2321
ord1430
ord629
ord5083
ord384
ord5319
ord6166
ord5999
ord3644
ord1161
ord5202
ord648
ord4371
ord410
ord3471
ord4347
ord5829
ord2648
ord290
ord3395
ord330
ord5638
ord764
ord293
ord577
ord774
ord2311
ord870
ord899
ord280
ord1476
ord5558
ord3927
ord5398
ord2460
ord2895
ord283
ord3990
ord5524
ord266
ord265
ord1479
ord282
ord6700
ord6111
ord776
ord566
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2984
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord3824
ord5562
ord5209
ord5226
ord4562
ord3942
ord2239
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord757
ord3677
ord4535
ord1472
ord762
ord1049
ord2260
ord1002
ord4101
ord6171
ord6165
ord1176
ord896
ord746
ord558
ord5434
ord1003
ord284
ord3249
ord1172
ord5316
ord6282
ord287
ord2340
ord258
ord1571
ord5327
ord261
ord6293
ord3508
ord1105
ord3678
ord4057
ord6271
ord862
ord865
ord1646
ord1156
ord5426
ord3016
ord5423
ord1707
ord4060
ord660
ord663
ord760
ord423
ord426
ord572
ord3331
ord4480
ord2856
ord5196
ord1590
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord3546
ord3204
ord1118
ord1925
ord3157
ord1271
ord2366
ord1894
ord519
ord4256
ord4714
ord5207
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4730
ord4207
ord5178
ord4184
ord4838
ord4611
ord4791
ord5064
ord5066
ord5065
ord6744
ord718
ord3126
ord516
ord6061
ord4574
ord4861
ord2255
ord5727
ord4312
ord3661
ord3635
ord3158
ord2985
ord4226
ord1536
ord2077
ord587
ord605
ord354
ord3176
ord5199
ord4206
ord1785
ord6063
ord4729
ord5711
ord1079
ord3311
ord4234
ord1582
ord2086
ord741
ord1058
ord745
ord557
ord578
ord5399
ord2462
ord310
ord4314
ord2159
ord6086
ord5609
ord3390
ord6751
ord6749
ord2362
ord3198
ord3224
ord2952
ord4232
ord2083
ord658
ord3286
ord1572
ord1634
ord715
ord651
ord416
ord2364
ord2422
ord3869
ord1555
ord3189
ord620
ord2155
ord3877
ord5864
ord6115
ord2651
ord2861
ord777
ord2652
ord3756
ord4098
ord1403
ord5485
ord1713
ord1178
ord3547
ord721
ord4266
ord1512
ord4274
ord5208
ord1573
ord2027
ord1318
ord5699
ord2161
ord2365
ord977
ord524
ord1386
ord4112
ord4948
ord3662
ord6040
ord4577
ord4109
ord900
ord6173
ord6167
ord2261
ord4074
ord860
ord2121
ord4078
ord5484
ord2444
ord783
ord281
ord277
ord304
ord300
ord754
ord3322
ord2981
ord2872
ord3793
ord1556
ord1921
ord3674
ord4267
ord2711
ord5162
ord1351
ord3338
ord1610
ord5910
ord6763
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4770
ord4581
ord4172
ord4165
ord4974
ord4383
ord4775
ord4198
ord4784
ord4437
ord4438
ord3734
ord4908
ord4513
ord4514
ord4914
ord4553
ord5043
ord4433
ord4362
ord4495
ord4840
ord4964
ord4523
ord4474
ord4965
ord4510
ord4667
ord4942
ord4788
ord4281
ord4370
ord4957
ord4790
ord4704
ord4358
ord4799
ord5047
ord4958
ord4643
ord4940
ord4501
ord4955
ord4668
ord4125
ord1293
ord1999
ord4126
ord1553
ord2797
ord2413
ord2414
ord2415
ord2412
ord2411
ord807
ord4123
ord496
ord1220
ord778
ord2151
ord1270
ord2361
ord3223
ord4231
ord1561
ord2082
ord4093
ord1475
ord1924
ord6262
ord1388
ord657
ord3400
ord2254
ord3984
ord602
ord2074
ord326
ord347
ord3983
ord589
ord1198

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__CxxFrameHandler3
memcmp
_time64
memcpy
memset
_purecall
__wargv
__argc
wcsncpy
free
_wtoi
_wtol
wcslen
malloc
wcscmp
_CxxThrowException
_invalid_parameter_noinfo
memmove_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
fclose
fread
ftell
fseek
_wfopen
__RTDynamicCast
memcpy_s
fputws
feof
fgetws
fwrite
_rmtmp
tmpfile
strlen
wcschr
wcsncmp
_wcsnicmp
strerror
_errno
wcscpy
wcstol
wcsstr
memmove
_swprintf
rand
srand
wcstoul
wcscpy_s
strtoul
labs
wcsncpy_s
strncpy
_beginthreadex
_snwprintf
_amsg_exit
__wgetmainargs

comctl32

ImageList_GetIconSize
_TrackMouseEvent

shlwapi

PathFileExistsW

atl80

ord30

msvcp80

?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI_W@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios

Sections

.text
Size: 448KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6394c0f91c246ff110c64d634b3b2c2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

86:af:3c:e1:8f:c9:8e:09:2e:69:8a:9b:d3:01:6b:d7:b4:3e:05:50Signer

Headers

File Characteristics

PDB Paths

Imports

aucommon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

mfc80u

msvcr80

comctl32

shlwapi

atl80

msvcp80

version

netapi32

Sections

.text Size: 448KB - Virtual size: 444KB

.rdata Size: 220KB - Virtual size: 216KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 108KB - Virtual size: 105KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

86:af:3c:e1:8f:c9:8e:09:2e:69:8a:9b:d3:01:6b:d7:b4:3e:05:50
Signer

.text
Size: 448KB - Virtual size: 444KB

.rdata
Size: 220KB - Virtual size: 216KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 108KB - Virtual size: 105KB