b5fa59854c25f3622b3311f0813ebf36

Sharing

Copy URL Twitter E-mail

General

Target

b5fa59854c25f3622b3311f0813ebf36
Size

282KB
MD5

b5fa59854c25f3622b3311f0813ebf36
SHA1

713c809babcf27fc89d53da1c77f4a280c59cad7
SHA256

647e1588e3437397483837cd588ab8659600b6d80659093ccfba1e3d3222dd00
SHA512

87a4bf5bf4a9481d77876f15b5c5e733f46666119fa9e39d03ef2d65136a2ce169bf6b761bbf35129efeb9c9689c2b0da041366df2ea06831151098b508e4094
SSDEEP

6144:iMEHkxvIWIrpm4g7mqW0/0frlUg6IPt6kbLadz7m7Kvx/s5T:iMBo00Idu+u5T

Score

1^/10

Malware Config

Signatures

Files

b5fa59854c25f3622b3311f0813ebf36
.dll windows:5 windows x86 arch:x86

9820a9f69ba8ae090e10d0ebef04fa46

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

63:e1:77:19:b0:92:16:4c:d3:ea:fd:fa:44:e8:5b:a1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/12/2016, 00:00

Not After

24/01/2019, 23:59

Subject

CN=PPLive Corporation,OU=R&D Center,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:4d:a4:e4:52:44:46:f7:c6:e3:d3:6e:0f:7b:28:86
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/11/2016, 00:00

Not After

24/01/2019, 23:59

Subject

CN=PPLive Corporation,OU=R&D Center,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ee:ce:86:aa:51:4a:88:fa:ca:94:63:d5:83:63:1b:c5:39:bb:0d:95:c4:1a:32:e0:f8:3b:e1:c1:a3:ce:5f:5d
Signer

Actual PE Digest

ee:ce:86:aa:51:4a:88:fa:ca:94:63:d5:83:63:1b:c5:39:bb:0d:95:c4:1a:32:e0:f8:3b:e1:c1:a3:ce:5f:5d

Digest Algorithm

sha256

PE Digest Matches

true

ee:b9:ed:a5:5c:13:79:e8:04:7f:5b:82:59:de:6e:55:d6:fa:27:ad
Signer

Actual PE Digest

ee:b9:ed:a5:5c:13:79:e8:04:7f:5b:82:59:de:6e:55:d6:fa:27:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\jenkins\workspace\PPTVClient_Jenkins_Release\output\Win32_Release\pdb\TipsBubble.pdb

Imports

kernel32

SizeofResource
lstrcmpiW
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
OutputDebugStringA
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
LockResource
SetEvent
WaitForSingleObject
CreateEventW
FindResourceExW
GetCurrentProcess
GetCurrentProcessId
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyW
GetEnvironmentVariableW
FindFirstFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LoadResource
GetVersionExW
DecodePointer
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
ReleaseMutex
GetSystemTime
SystemTimeToFileTime
OpenMutexW
DeleteFileW
FlushInstructionCache
SetLastError
MulDiv
lstrcmpW
OutputDebugStringW
CreateFileA
QueryPerformanceCounter
EncodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CreateFileW
GetModuleFileNameW
GetTickCount
GetLocalTime
CloseHandle
SetFilePointer
WriteFile
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
DeviceIoControl
lstrlenW

user32

SetWindowPos
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
GetWindowRect
CreateDialogParamW
PostQuitMessage
DestroyWindow
UnregisterClassW
GetWindowThreadProcessId
FindWindowExW
GetDlgItem
SetFocus
GetFocus
SetCapture
GetDesktopWindow
WindowFromPoint
GetSystemMetrics
IsWindowVisible
ShowWindow
SendMessageTimeoutW
SendMessageW
SystemParametersInfoW
LoadCursorW
GetWindow
GetClassNameW
GetParent
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
FindWindowW
BeginPaint
ReleaseDC
GetDC
CreateAcceleratorTableW
SetTimer
MoveWindow
KillTimer
CharNextW
wsprintfW
GetShellWindow
DestroyAcceleratorTable
ReleaseCapture

gdi32

GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap

advapi32

RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

ord165
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CLSIDFromString
CLSIDFromProgID
StringFromGUID2
OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoGetClassObject
CoTaskMemAlloc

oleaut32

VariantInit
LoadTypeLi
LoadRegTypeLi
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
SysStringLen
VarBstrCmp
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
VariantClear
SysAllocStringLen
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
StrCpyW
PathCombineW
PathFindFileNameW
PathAppendW
PathFileExistsW

urlmon

URLDownloadToFileW

comctl32

InitCommonControlsEx

msvcp120

?fail@ios_base@std@@QBE_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?_Winerror_map@std@@YAPBDH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_JD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Bios_base@std@@QBE_NXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_J@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Syserror_map@std@@YAPBDH@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ

msvcr120

memmove_s
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
strstr
strcpy_s
tolower
isprint
isalnum
isspace
_wcsnicmp
_localtime64_s
vsprintf_s
strtoul
_itoa
ceil
_gmtime64
_atoi64
??1bad_cast@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
_mktime64
??0bad_cast@std@@QAE@PBD@Z
_unlock_file
_lock_file
__clean_type_info_names_internal
_initterm_e
_initterm
_malloc_crt
_amsg_exit
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fputc
fgetpos
fgetc
fflush
fclose
strncmp
_strlwr_s
memchr
_ultoa_s
srand
rand
_beginthreadex
wmemcpy_s
_vscwprintf
vswprintf_s
_wcslwr_s
calloc
atoi
memcmp
_time64
swprintf_s
wcsstr
wcsncpy_s
wcscpy_s
_wtoi
_recalloc
_itoa_s
_purecall
memcpy_s
sprintf
_swprintf
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
_wcsdup
memmove
??_V@YAXPAX@Z
malloc
free
??2@YAPAXI@Z
__CppXcptFilter
??3@YAXPAX@Z

uilib

??1TiXmlDocument@@UAE@XZ
?LoadFile@TiXmlDocument@@QAE_NPBDW4TiXmlEncoding@@@Z
??0TiXmlDocument@@QAE@XZ
?GetHash@MD5Sum@@QBE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
??1MD5Sum@@QAE@XZ
?NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@@PBD@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?GetText@TiXmlElement@@QBEPBDXZ
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@PBD@Z
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ
sqlite3_reset
sqlite3_column_text
sqlite3_column_int64
sqlite3_step
sqlite3_column_count
sqlite3_next_stmt
sqlite3_finalize
sqlite3_prepare_v2
sqlite3_open
sqlite3_free
sqlite3_vmprintf
sqlite3_exec
sqlite3_close
??0MD5Sum@@QAE@PBEI@Z

wininet

HttpSendRequestA
HttpOpenRequestW
DeleteUrlCacheEntryW
InternetReadFile
InternetConnectW
InternetCloseHandle
HttpQueryInfoW
InternetOpenW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

BubbleStart
BubbleStop

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9820a9f69ba8ae090e10d0ebef04fa46

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

63:e1:77:19:b0:92:16:4c:d3:ea:fd:fa:44:e8:5b:a1Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

19:4d:a4:e4:52:44:46:f7:c6:e3:d3:6e:0f:7b:28:86Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

ee:ce:86:aa:51:4a:88:fa:ca:94:63:d5:83:63:1b:c5:39:bb:0d:95:c4:1a:32:e0:f8:3b:e1:c1:a3:ce:5f:5dSigner

ee:b9:ed:a5:5c:13:79:e8:04:7f:5b:82:59:de:6e:55:d6:fa:27:adSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

comctl32

msvcp120

msvcr120

uilib

wininet

version

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 176KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 16KB - Virtual size: 15KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

63:e1:77:19:b0:92:16:4c:d3:ea:fd:fa:44:e8:5b:a1
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

19:4d:a4:e4:52:44:46:f7:c6:e3:d3:6e:0f:7b:28:86
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

ee:ce:86:aa:51:4a:88:fa:ca:94:63:d5:83:63:1b:c5:39:bb:0d:95:c4:1a:32:e0:f8:3b:e1:c1:a3:ce:5f:5d
Signer

ee:b9:ed:a5:5c:13:79:e8:04:7f:5b:82:59:de:6e:55:d6:fa:27:ad
Signer

.text
Size: 176KB - Virtual size: 176KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 16KB - Virtual size: 15KB