0a791515a60e7d5833e4cdeb05c550c2564acf1193dc76e76a50dacf03e1ef18

Sharing

Copy URL Twitter E-mail

General

Target

0a791515a60e7d5833e4cdeb05c550c2564acf1193dc76e76a50dacf03e1ef18
Size

4.7MB
MD5

b9bb77da2a76f28de6224fe31c6b456f
SHA1

42cf4829de49e53383f5ae104b1b1803916fcf93
SHA256

0a791515a60e7d5833e4cdeb05c550c2564acf1193dc76e76a50dacf03e1ef18
SHA512

a8163f7516b0afe8078a1a68ee27bf535aeed29eaa967ddaa45562537e92ad75dcf45ceb6a9e808b9ee9b7ffac8ce6967bb4d8d1febd8f23f8276df6ef612375
SSDEEP

49152:RzCsqjOksHZ5rgIWOMZKv3HriI1W7qaO3onMFqtAf4CDqvuhCHg7g8ZTntFB/799:RzCsI9s55rgROMZOwjMSbEwW

Score

1^/10

Malware Config

Signatures

Files

0a791515a60e7d5833e4cdeb05c550c2564acf1193dc76e76a50dacf03e1ef18
.exe windows:5 windows x86 arch:x86

ce2e5952b7ba822a2118169976149e59

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7a:68:e9:9b:5c:7d:7f:14:ba:19:f3:d4:a9:b9:2c:27
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/08/2015, 00:00

Not After

03/10/2018, 23:59

Subject

CN=Acronis International GmbH,O=Acronis International GmbH,L=Schaffhausen,ST=Schaffhausen,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:32:4a:2b:2b:64:ad:12:56:ad:b5:03:e5:29:c7:da:9c:00:4f:aa
Signer

Actual PE Digest

58:32:4a:2b:2b:64:ad:12:56:ad:b5:03:e5:29:c7:da:9c:00:4f:aa

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\3036\exe\vs\release\english\mms_mini.pdb

Imports

mms_text_bundle

mms_text_bundle_get_text

advapi32

RegCloseKey
RegQueryInfoKeyA
RegSetKeySecurity
SetSecurityInfo
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetFileSecurityW
GetUserNameA
GetUserNameW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
OpenProcessToken
OpenThreadToken
GetTokenInformation
AdjustTokenPrivileges
IsValidSid
AllocateAndInitializeSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
LookupPrivilegeValueA
EncryptFileW
DecryptFileW
GetSecurityDescriptorOwner
SetFileSecurityW
OpenEncryptedFileRawW
ReadEncryptedFileRaw
WriteEncryptedFileRaw
CloseEncryptedFileRaw
RevertToSelf
SetThreadToken
ImpersonateLoggedOnUser
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
LogonUserW
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
StartServiceCtrlDispatcherA

kernel32

GetStartupInfoW
GetEnvironmentVariableA
GetEnvironmentVariableW
SetEnvironmentVariableA
SetEnvironmentVariableW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
OutputDebugStringW
GetDriveTypeA
GetDriveTypeW
GetSystemDirectoryA
GetSystemDirectoryW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryA
GetWindowsDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
GetFullPathNameA
GetFullPathNameW
CreateFileA
CreateFileW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
DeleteFileA
DeleteFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
CopyFileA
CopyFileW
MoveFileA
MoveFileW
MoveFileExW
GetComputerNameA
GetComputerNameW
SetComputerNameA
SetComputerNameW
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoA
GetLocaleInfoW
GetTimeFormatA
GetTimeFormatW
GetDateFormatA
GetDateFormatW
GetNumberFormatA
GetNumberFormatW
WriteConsoleA
WriteConsoleW
GetConsoleOutputCP
DecodePointer
GetCurrentProcess
GetCurrentThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
DebugBreak
WriteFile
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
TlsAlloc
TlsGetValue
TlsSetValue
FormatMessageW
Sleep
GetSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetStartupInfoA
CompareFileTime
GetLogicalDrives
DeviceIoControl
FindClose
GetProcessWorkingSetSize
SetProcessWorkingSetSize
LockFileEx
UnlockFileEx
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileTime
GetFileInformationByHandle
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetCompressedFileSizeW
CreateHardLinkW
GetVolumeInformationW
FindFirstChangeNotificationW
GetVolumePathNameW
CompareStringW
FindNextChangeNotification
FindCloseChangeNotification
GetFileTime
BackupRead
BackupSeek
BackupWrite
GetFileAttributesExW
LockResource
ExitThread
LoadResource
FindResourceExW
EnumResourceNamesW
EnumResourceLanguagesW
QueryDosDeviceA
GetSystemDefaultLangID
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLongPathNameW
GetComputerNameExW
SetPriorityClass
CreateEventW
SetConsoleCtrlHandler
FormatMessageA
GetSystemInfo
GetShortPathNameW
GetShortPathNameA
lstrcmpiW
GetLastError
SetLastError
SetErrorMode
InterlockedExchange
FreeLibrary
GetProcAddress
GetVersion
RaiseException
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
EncodePointer
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
LCMapStringA
LCMapStringW
GlobalMemoryStatusEx
ReleaseSemaphore
CreateSemaphoreA
OutputDebugStringA
GetFileAttributesW
LocalAlloc
LocalFree
SetThreadPriority
GetThreadPriority
TerminateThread
SetUnhandledExceptionFilter
CreateProcessW
CreateProcessA
GetModuleFileNameA
LoadLibraryA
GetLogicalDriveStringsW
FileTimeToSystemTime
GetLogicalDriveStringsA
GetVersionExA
GetOEMCP
TlsFree

user32

PeekMessageW
PeekMessageA
DispatchMessageW
DispatchMessageA
SendNotifyMessageA
SendMessageW
SendMessageA
wvsprintfW
SendNotifyMessageW
PostMessageA
PostMessageW
DefWindowProcA
DefWindowProcW
RegisterClassExA
RegisterClassExW
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateWindowExA
TranslateMessage
GetMessageA
CharUpperBuffW
MessageBoxA
GetUserObjectInformationA
GetProcessWindowStation
wsprintfW
SystemParametersInfoW
SystemParametersInfoA
WinHelpW
WinHelpA
SetWindowLongW
SetWindowLongA
GetWindowLongW
GetWindowLongA
SetWindowTextW
SetWindowTextA
ModifyMenuW
ModifyMenuA
AppendMenuW
AppendMenuA
VkKeyScanExW
VkKeyScanExA
VkKeyScanW
VkKeyScanA
GetClipboardFormatNameW
GetClipboardFormatNameA
RegisterClipboardFormatW
RegisterClipboardFormatA

gdi32

GetTextMetricsA
EnumFontFamiliesExW
EnumFontFamiliesExA
CreateFontIndirectW
CreateFontIndirectA
GetTextMetricsW

ws2_32

WSAStartup
WSACleanup
getnameinfo
inet_addr
ntohl

shell32

SHGetPathFromIDListW
SHGetFolderPathW
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteW
ShellExecuteExA
ShellExecuteExW
Shell_NotifyIconA
SHGetFileInfoA

comdlg32

GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameA
GetOpenFileNameW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
SysAllocStringLen
SysAllocString
VariantChangeType
VarBstrCat
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcr120

__initenv
_fmode
_commode
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
__lconv_init
_except_handler4_common
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
strtoul
_mktime64
_difftime64
_time64
_wcstoui64
wcschr
_beginthreadex
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
_localtime64
_gmtime64
_isatty
_fileno
fflush
_strtoui64
_strtoi64
_vscprintf
_vsnprintf
strrchr
strtok_s
strstr
strncpy
realloc
malloc
strtol
getenv
_snprintf
fprintf
fopen
fclose
__iob_func
strchr
sscanf
swscanf
abort
_get_invalid_parameter_handler
_set_invalid_parameter_handler
sprintf
free
memset
__RTDynamicCast
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
??8type_info@@QBE_NABV0@@Z
memchr
memcpy
__CxxFrameHandler3
_CxxThrowException
??_U@YAPAXI@Z
??_V@YAXPAX@Z
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
floor
ceil
atoi
setlocale
__RTtypeid
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
fputs
_set_purecall_handler
_wgetenv
_errno
srand
rand
memcpy_s
_strnicmp
_strdup
isspace

msvcp120

??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?toupper@?$ctype@D@std@@QBEDD@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_2@placeholders@std@@3V?$_Ph@$01@2@A
?_1@placeholders@std@@3V?$_Ph@$00@2@A
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

mpr

WNetCancelConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetUniversalNameW
WNetAddConnection3W

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 932KB - Virtual size: 931KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 229KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce2e5952b7ba822a2118169976149e59

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7a:68:e9:9b:5c:7d:7f:14:ba:19:f3:d4:a9:b9:2c:27Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

58:32:4a:2b:2b:64:ad:12:56:ad:b5:03:e5:29:c7:da:9c:00:4f:aaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mms_text_bundle

advapi32

kernel32

user32

gdi32

ws2_32

shell32

comdlg32

ole32

oleaut32

version

msvcr120

msvcp120

mpr

setupapi

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 932KB - Virtual size: 931KB

.data Size: 229KB - Virtual size: 311KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 273KB - Virtual size: 272KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7a:68:e9:9b:5c:7d:7f:14:ba:19:f3:d4:a9:b9:2c:27
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

58:32:4a:2b:2b:64:ad:12:56:ad:b5:03:e5:29:c7:da:9c:00:4f:aa
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 932KB - Virtual size: 931KB

.data
Size: 229KB - Virtual size: 311KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 273KB - Virtual size: 272KB