be1d22d44e18eb8a9a498e6a77aaf163

Sharing

Copy URL Twitter E-mail

General

Target

be1d22d44e18eb8a9a498e6a77aaf163
Size

2.5MB
MD5

be1d22d44e18eb8a9a498e6a77aaf163
SHA1

0cce786f542991fb0affc871b9a5fab4847e7106
SHA256

d47f4f6ee3ce2d9c3483ad230f65a720f3367eae3f201c4a579fa51541958230
SHA512

9a3e97def6d0df372e68b82b8d5fcc7601ca6523f27872119b22a0bacc93996395bd896496474ef2993cefee85dafce518b4dc33636b2570da2753c70889936e
SSDEEP

49152:8uw6uSxPoFoqEzxbkGbbhtvxeTK3aM3xcKy7LxF/K9CEThY0uM:8uw6uVFoqEzxbNbh7eKmKypF2+M

Score

1^/10

Malware Config

Signatures

Files

be1d22d44e18eb8a9a498e6a77aaf163
.exe windows:4 windows x86 arch:x86

c87b545d6c84d0311295d384987f7c4d

Code Sign

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

03/12/2001, 00:00

Not After

02/12/2011, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2b:7b:1d:7e:42:af:bf:6f:e5:a8:32:ea:cb:dc:9d:fa
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

02/07/2004, 00:00

Not After

10/07/2005, 23:59

Subject

CN=Sygate Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Security Product Division,O=Sygate Technologies\, Inc.,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

trident

?TridentDeleteTridentLocationSensor@@YAXPAVILocationSensor@@@Z
?TridentDeleteTridentEmailNotification@@YAXPAVIEmailNotification@@@Z
?TridentCreateTridentEmailNotification@@YAPAVIEmailNotification@@XZ
?TridentDeleteSmcServiceProtection@@YAXPAVISmcServiceProtection@@@Z
?TridentCreateSmcServiceProtection@@YAPAVISmcServiceProtection@@XZ
?TridentDeleteClassLoader@@YAXPAVITridentClassLoader@@@Z
?TridentCreateClassLoader@@YAPAVITridentClassLoader@@XZ
?TridentDeleteTridentArbitrator@@YAXPAVITridentArbitrator@@@Z
?TridentCreateTridentArbitrator@@YAPAVITridentArbitrator@@XZ
?TridentDeletePrestartingProtection@@YAXPAVIPrestartingProtection@@@Z
?TridentCreatePrestartingProtection@@YAPAVIPrestartingProtection@@XZ
?TridentDeleteTridentInstaller@@YAXPAVITridentInstaller@@@Z
?TridentCreateTridentInstaller@@YAPAVITridentInstaller@@PAD0@Z
?TridentDeleteTridentEngine@@YAXPAVITridentEngine@@@Z
?TridentCreateTridentEngine@@YAPAVITridentEngine@@KPADPAVIWsProcessSensor@@PAVINetPortManager@@PAVISyLog@@PAVITridentState@@PAVITsePromptDialog@@PAVITridentData@@PAK@Z
?TridentSetEventOutput@@YAXP6AXUSEL_EVENT_LOG@@PAX@Z1@Z
?TridentSetDebugOutput@@YAXP6AXPBDPAX@Z1@Z
?TridentCreateTridentState@@YAPAVITridentState@@XZ
?TridentDeleteTridentState@@YAXPAVITridentState@@@Z
?TridentDeleteTridentConfig@@YAXPAVITridentConfig@@@Z
?TridentCreateTridentConfig@@YAPAVITridentConfig@@XZ
?TridentCreateTridentLocationSensor@@YAPAVILocationSensor@@PAVINetPortManager@@W4hi_status@1@@Z

dataman

?DmCreateDataManager@@YAPAVIDataManager@@PAK@Z
?DmSetDebugOutput@@YAXP6AXPBD@Z@Z
?DmDeleteDataManager@@YAXPAVIDataManager@@@Z

sylog

?SlCreateSyLog@@YAPAVISyLog@@PAKPBD111J@Z
?SlDeleteSyLog@@YAXPAVISyLog@@@Z
?SlSetDebugOutput@@YAXP6AXPBD@Z@Z

netport

?NpCreateNetPortManagerInstaller@@YAPAVINetPortManagerInstaller@@PAD0@Z
?NpCreateNetPortManager@@YAPAVINetPortManager@@PADJJPAK@Z
?NpSetEventOutput@@YAXP6AXUSEL_EVENT_LOG@@PAX@Z@Z
?NpSetDebugOutput@@YAXP6AXPBD@Z@Z
?NpDeleteNetPortManagerInstaller@@YAXPAVINetPortManagerInstaller@@@Z
?NpDeleteNetPortManager@@YAXPAVINetPortManager@@@Z

wpsman

?WpsSetDebugOutput@@YAXP6AXPBDPAX@Z1@Z
?WpsDeleteProcessSensor@@YAXPAVIWsProcessSensor@@@Z
?WpsCreateWpsInstaller@@YAPAVIWpsInstaller@@PAD0@Z
?WpsDeleteWpsInstaller@@YAXPAVIWpsInstaller@@@Z
?WpsCreateProcessSensor@@YAPAVIWsProcessSensor@@HPADPAK@Z

sylink

SyLinkCreateInstance
?SyLinkCreateInstaller@@YAPAVISyLinkInstaller@@PADPAK@Z
?SyLinkDeleteInstaller@@YAXPAVISyLinkInstaller@@@Z
?SyLinkCreateConfig@@YAPAVISyLinkConfig@@XZ
?SyLinkSetDebugOutput@@YAXP6AXPADPAX@Z1@Z
?SyLinkDeleteConfig@@YAXPAVISyLinkConfig@@@Z
SyLinkDeleteInstance

tse

??0STseProcessInfo@@QAE@XZ
??1STseProcessInfo@@UAE@XZ
?TseDeleteClassLoader@@YAXPAVITseClassLoader@@@Z
?TseCreateClassLoader@@YAPAVITseClassLoader@@XZ
??0STseProcessInfo@@QAE@ABV0@@Z

spnet

UnzipSignatureFile
?SpNetGetProtocolNameAndDescription@@YAHEHHPADI0I@Z
?SpNetCreatePacketDecode@@YAPAVIPacketDecode@@PAK@Z
?SpNetDeletePacketDecode@@YAXPAVIPacketDecode@@@Z
?SpCreateSeal@@YAPAVISeal@@XZ
?SpNetDeleteDesCrypto@@YAXPAVIDesCrypto@@@Z
?SpCreateTsePlugin@@YAPAVITSEPlugIn@@XZ
?SpDeleteTsePlugin@@YAXPAVITSEPlugIn@@@Z
?SpDeleteSeal@@YAXPAVISeal@@@Z
?SpDeleteAttackerSeal@@YAXPAVIAttackerSeal@@@Z
?SpNetCreateDesCrypto@@YAPAVIDesCrypto@@PAE@Z
?SpCreateAttackerSeal@@YAPAVIAttackerSeal@@XZ
?SpNetDeleteEmailNotify@@YAXPAVIEmailNotify@@@Z
?SpNetCreateName2Ip@@YAPAVIName2Ip@@PAVINetPortManager@@PAK@Z
?SpNetCreateEmailNotify@@YAPAVIEmailNotify@@PAVISyLog@@PAK@Z
?SpNetDeleteName2Ip@@YAXPAVIName2Ip@@@Z

sssensor

?SsSetPowerBroadcast@@YAXH@Z
?SsGetPowerBroadcastData@@YAXPAIPAJ@Z

ws2_32

WSAGetLastError
closesocket
inet_addr
sendto
htons
ntohs
recvfrom
__WSAFDIsSet
select
ntohl
htonl
socket
recv
send
connect
WSACleanup
WSAStartup
setsockopt
WSASocketA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

netapi32

Netbios

idstrafficpipe

?SpDeleteIdsSignatureLib@@YAXPAVIIdsSignatureLib@@@Z
?SpCreateIdsSignatureLib@@YAPAVIIdsSignatureLib@@XZ

kernel32

FatalAppExitA
CreateProcessA
GetStartupInfoA
RemoveDirectoryA
QueryPerformanceCounter
ResumeThread
SetThreadPriority
GetComputerNameA
GetCurrentThread
GetFileTime
LoadResource
FindResourceA
LockResource
MulDiv
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
lstrcatA
GetVersion
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
CreateSemaphoreA
ReleaseSemaphore
ReleaseMutex
WaitForMultipleObjects
VirtualProtect
SuspendThread
lstrcmpA
GlobalFlags
SizeofResource
TlsAlloc
SetEndOfFile
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
FindResourceExA
lstrlenW
LocalUnlock
LocalLock
GetPrivateProfileIntA
WritePrivateProfileStringA
GetCurrentDirectoryA
GetThreadLocale
GlobalSize
SetErrorMode
DuplicateHandle
ReadFile
WriteFile
FlushFileBuffers
LockFile
UnlockFile
MoveFileA
GetVolumeInformationA
GetFullPathNameA
TerminateThread
CreateThread
SystemTimeToFileTime
SetFileTime
GetTempFileNameA
GetDiskFreeSpaceA
lstrcpynA
RaiseException
ExitThread
GetTimeZoneInformation
GetFileType
GetCommandLineA
ExitProcess
GetACP
HeapReAlloc
GetFileSize
CreateFileA
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
SetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
SetFilePointer
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetExitCodeThread
SleepEx
GetLastError
GetCurrentThreadId
GetTickCount
WaitForMultipleObjectsEx
CloseHandle
CreateEventA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadCodePtr
SetProcessWorkingSetSize
MultiByteToWideChar
WinExec
DefineDosDeviceA
LocalAlloc
OpenMutexA
CreateMutexA
GetShortPathNameA
SetFileAttributesA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
CompareFileTime
DebugBreak
FormatMessageA
LocalFree
SetConsoleCtrlHandler
GetModuleFileNameA
GetCurrentProcessId
IsBadReadPtr
GetLocalTime
UnmapViewOfFile
GetProfileStringA
InterlockedExchange
CreateFileMappingA
MapViewOfFile
GetLocaleInfoA
GetDateFormatA
GetTimeFormatA
GlobalLock
lstrcpyA
GlobalUnlock
FindClose
GetPrivateProfileStringA
GlobalAlloc
GetSystemDefaultLangID
GlobalFree
HeapSize
GetEnvironmentStrings
IsBadWritePtr
GetExitCodeProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExA
GetModuleHandleA
lstrlenA
OutputDebugStringA
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentProcess
ExpandEnvironmentStringsA
GetFileAttributesA
SetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
OpenProcess
CopyFileA
GetSystemTime
WaitForSingleObjectEx
Sleep
TerminateProcess
SetCurrentDirectoryA
DeleteFileA
WaitForSingleObject
OpenEventA
GetSystemTimeAsFileTime
ResetEvent
GetStringTypeExA
SetEvent
LocalFileTimeToFileTime
GlobalHandle
RtlUnwind

user32

MapWindowPoints
PeekMessageA
AdjustWindowRectEx
SendDlgItemMessageA
RegisterClipboardFormatA
CheckDlgButton
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
DeferWindowPos
BeginDeferWindowPos
SetScrollPos
ShowScrollBar
WinHelpA
GetClassInfoA
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetDlgCtrlID
CreateWindowExA
SetWindowsHookExA
SetScrollRange
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
GetScrollPos
IsChild
GetMessagePos
SetWindowPos
OffsetRect
IntersectRect
CallNextHookEx
EndPaint
BeginPaint
GetWindowDC
GetNextDlgTabItem
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindowEnabled
GetClassNameA
ExitWindowsEx
GetCapture
ClipCursor
SetCapture
GetMessageA
DispatchMessageA
SendMessageTimeoutA
RemovePropA
AppendMenuA
GetMenuState
ClientToScreen
SetFocus
SetMenu
GetMenuItemInfoA
SetMenuDefaultItem
DrawIcon
EnumDisplaySettingsA
GetMessageTime
GetWindowPlacement
SetActiveWindow
SetCursorPos
RegisterWindowMessageA
MessageBoxA
SetForegroundWindow
GrayStringA
DrawTextA
TabbedTextOutA
EqualRect
InvertRect
CharUpperA
SystemParametersInfoA
FindWindowA
PtInRect
ReleaseCapture
InflateRect
GetDesktopWindow
GetLastActivePopup
CallWindowProcA
GetMenuItemID
CheckMenuRadioItem
DrawMenuBar
GetFocus
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CopyRect
TranslateAcceleratorA
GetMenuStringA
GetMenuItemCount
DeleteMenu
InsertMenuA
GetMenu
DestroyAcceleratorTable
LoadAcceleratorsA
DefWindowProcA
RegisterClassA
UnregisterClassA
PostThreadMessageA
ShowWindow
BringWindowToTop
TranslateMessage
ValidateRect
DrawFocusRect
MapDialogRect
GetAsyncKeyState
MsgWaitForMultipleObjects
DestroyMenu
WindowFromPoint
LoadStringA
wvsprintfA
OemToCharA
EnumWindows
GetWindowThreadProcessId
ScreenToClient
RemoveMenu
GetParent
EnableMenuItem
CharToOemA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetRectEmpty
IsIconic
IsZoomed
AdjustWindowRect
IsWindowVisible
IsRectEmpty
GetWindowLongA
SetWindowLongA
SetRect
UpdateWindow
GetWindowRect
PostMessageA
LoadMenuA
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
GetSubMenu
ModifyMenuA
CheckMenuItem
GetKeyState
GetSystemMenu
SetParent
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
WaitMessage
UnpackDDElParam
ReuseDDElParam
LockWindowUpdate
GetDCEx
IsClipboardFormatAvailable
GetTabbedTextExtentA
GetDialogBaseUnits
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
UnionRect
SetCursor
CheckRadioButton
LoadBitmapA
GetDlgItem
MessageBeep
SetTimer
KillTimer
GetDC
ReleaseDC
GetCursorPos
DestroyIcon
GetSystemMetrics
wsprintfA
FillRect
DrawIconEx
InvalidateRect
FindWindowExA
GetTopWindow
GetWindowTextA
GetWindow
EnableWindow
GetSysColor
GetClientRect
LoadIconA
SendMessageA
IsWindow
GetSysColorBrush
GetForegroundWindow
LoadCursorA
RedrawWindow
IsWindowUnicode
DefDlgProcA
ExcludeUpdateRgn
HideCaret
ShowCaret

gdi32

StartDocA
DeleteDC
RestoreDC
CreateRectRgn
CreateRectRgnIndirect
SaveDC
SetBkMode
SetPolyFillMode
GetTextMetricsA
SetTextColor
SetMapMode
CreateFontIndirectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
GdiFlush
SetStretchBltMode
Polyline
CreatePen
SetROP2
GetTextExtentPoint32A
DeleteObject
BitBlt
CreateCompatibleBitmap
GetStockObject
CreateCompatibleDC
PatBlt
CreateSolidBrush
SelectObject
SelectPalette
SetBkColor
PlayMetaFile
PolyBezierTo
ExtCreatePen
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
GetDCOrgEx
CreateBitmap
GetMapMode
SetRectRgn
CombineRgn
DPtoLP
StretchDIBits
GetCharWidthA
EnumFontFamiliesExA
GetTextColor
GetBkColor
LPtoDP
CopyMetaFileA
CreateDCA
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
GetClipRgn
GetDeviceCaps
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
GetTextExtentPointA
CreateDIBitmap
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateFontA
GetViewportExtEx
GetWindowExtEx

comdlg32

CommDlgExtendedError
ReplaceTextA
PageSetupDlgA
FindTextA
PrintDlgA
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

SetFileSecurityA
RegCreateKeyA
RegQueryValueA
GetFileSecurityA
RegSetValueA
GetLengthSid
CryptDestroyKey
CryptGenKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDeriveKey
CryptGetUserKey
CryptGetProvParam
CryptAcquireContextA
CryptReleaseContext
CreateProcessAsUserA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExA
GetUserNameA
LookupAccountSidA
ImpersonateLoggedOnUser
RevertToSelf
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
ChangeServiceConfigA
QueryServiceConfigA
StartServiceA
StartServiceCtrlDispatcherA
QueryServiceStatus
DeleteService
CreateServiceA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
OpenSCManagerA
OpenServiceA
ControlService
CloseServiceHandle
RegisterServiceCtrlHandlerA
RegCreateKeyExA
RegFlushKey
RegOpenKeyA
GetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
DuplicateToken
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

shell32

ExtractIconA
ShellExecuteExA
DragFinish
SHGetFileInfoA
DragQueryFileA
Shell_NotifyIconA
DragAcceptFiles
ShellExecuteA
ExtractIconExA

comctl32

ImageList_Merge
ord14
ord13
ImageList_Destroy
InitCommonControlsEx
ImageList_SetImageCount
ord17
ImageList_GetImageCount
ImageList_Remove
ImageList_Copy
ImageList_AddMasked
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Read
ImageList_Write
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_LoadImageA
ImageList_Create

oledlg

ord8

ole32

OleFlushClipboard
CreateStreamOnHGlobal
CreateBindCtx
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoDisconnectObject
OleRun
ReleaseStgMedium
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
OleIsCurrentClipboard
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CLSIDFromProgID
StringFromGUID2
CoGetClassObject
CoCreateInstance
CLSIDFromString
CoInitializeEx
CoUninitialize
StgOpenStorageOnILockBytes
CoInitialize

olepro32

ord253

oleaut32

SafeArrayDestroyDescriptor
SafeArrayDestroy
SysStringLen
LoadTypeLi
SafeArrayDestroyData
SysFreeString
VariantInit
VariantClear
SysReAllocStringLen
VariantTimeToSystemTime
SysAllocStringLen
SysAllocStringByteLen
VariantChangeType
SafeArrayCreate
SafeArrayUnlock
SafeArrayRedim
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetElement
SafeArrayGetDim
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
VarBstrFromCy
VarBstrFromDate
SafeArrayCopy
VariantCopy
VarDateFromStr
SysStringByteLen
VarCyFromStr

wininet

InternetSetStatusCallback
InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

Exports

Exports

?CheckTpmDevice@@YAHPAH@Z
?GetTpmVendorId@@YAHXZ
?InitTpmDevice@@YAHXZ
?TpmIoControl@@YAHKPAKK00@Z

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c87b545d6c84d0311295d384987f7c4d

Code Sign

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

2b:7b:1d:7e:42:af:bf:6f:e5:a8:32:ea:cb:dc:9d:faCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

trident

dataman

sylog

netport

wpsman

sylink

tse

spnet

sssensor

ws2_32

version

netapi32

idstrafficpipe

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 276KB - Virtual size: 272KB

.data Size: 108KB - Virtual size: 161KB

.rsrc Size: 184KB - Virtual size: 182KB

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

2b:7b:1d:7e:42:af:bf:6f:e5:a8:32:ea:cb:dc:9d:fa
Certificate

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 276KB - Virtual size: 272KB

.data
Size: 108KB - Virtual size: 161KB

.rsrc
Size: 184KB - Virtual size: 182KB