98487e81e017a553a8ae7cba256aed624a7b55e585122fdaf04d96a7a662e48c

Sharing

Copy URL Twitter E-mail

General

Target

98487e81e017a553a8ae7cba256aed624a7b55e585122fdaf04d96a7a662e48c
Size

9.3MB
MD5

a0b58cf87875e478bfb92d750d784a9b
SHA1

44f82cf9a0c823e69b36c4ab85ebb95c3d9da245
SHA256

98487e81e017a553a8ae7cba256aed624a7b55e585122fdaf04d96a7a662e48c
SHA512

7d7503e723a17c9559667786c0375ed2d46a4fb7875df715bfdf081dc367de35ddd615cfb5c8d4c0bb343d2ec7069f810e606261dd15925c83b9ae1e52fc1b14
SSDEEP

196608:6OhJVP36jGJCaD8CtjZjqGWC1ao+hrNYig1yhgpZ:h/VbD8sljq+j+7zeZ

Score

1^/10

Malware Config

Signatures

Files

98487e81e017a553a8ae7cba256aed624a7b55e585122fdaf04d96a7a662e48c
.dll windows:5 windows x86 arch:x86

6df3181a7f03b0a877817d5d017907a6

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

40:14:68:35:40:5f:da:b2:1f:fa:02:29:5c:d3:02:b6:78:8a:f8:b3
Signer

Actual PE Digest

40:14:68:35:40:5f:da:b2:1f:fa:02:29:5c:d3:02:b6:78:8a:f8:b3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\ppt\x86\ship\0\ppcore.pdb

Imports

msvcr90

memmove
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_mbsstr
strncpy_s
wcschr
_stricmp
fwprintf
_CIsqrt
ceil
wcsncmp
?set_terminate@@YAP6AXXZP6AXXZ@Z
wcsncpy_s
qsort
wcscspn
floor
_encoded_null
free
_malloc_crt
_encode_pointer
?raw_name@type_info@@QBEPBDXZ
_fpclass
_vscwprintf
vswprintf_s
_CIatan2
iswspace
_CIasin
_CIacos
_CIsinh
_CIcosh
_CItanh
rand
_CIexp
_CIlog
_CIatan
_CItan
_CIfmod
iswcntrl
memcpy_s
wcsnlen
_CIcos
_CIsin
_clearfp
_wcsnicmp
_wcsicmp
_CIlog10
_fpreset
strncmp
_wtoi
wcsncat_s
_snwprintf_s
__CxxFrameHandler3
_wfopen_s
setvbuf
fclose
fprintf
_CIpow
memcpy
??8type_info@@QBE_NABV0@@Z
_CxxThrowException
memset
wcsrchr

kernel32

FindNextFileW
ReadFile
FreeLibrary
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationW
CopyFileW
QueryDosDeviceW
GetLogicalDrives
RemoveDirectoryW
SetFileAttributesW
GetTempFileNameW
GetLocaleInfoW
CreateDirectoryW
GetShortPathNameW
GetACP
GetSystemDefaultLangID
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
GetStartupInfoW
GetFileSize
GetTimeFormatW
SearchPathW
SetThreadExecutionState
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetThreadPriority
GetThreadPriority
GetCurrentThread
TlsFree
TlsGetValue
TlsSetValue
FormatMessageW
TlsAlloc
CompareStringW
FoldStringW
SetFilePointer
SetEndOfFile
GetCurrentDirectoryW
GetFileAttributesExW
GetFullPathNameW
SetFilePointerEx
WaitForSingleObject
VirtualProtect
GetSystemTimeAsFileTime
GetProcessHeap
HeapFree
HeapAlloc
InterlockedExchange
InterlockedCompareExchange
GetFileSizeEx
IsDebuggerPresent
DisableThreadLibraryCalls
IsDBCSLeadByteEx
SizeofResource
QueryPerformanceCounter
MoveFileExW
GetSystemDirectoryW
MultiByteToWideChar
ResetEvent
CreateEventW
LoadLibraryA
WriteFile
GetDriveTypeW
ExitProcess
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
FileTimeToSystemTime
FindResourceW
LoadResource
LockResource
GetCurrentProcessId
CompareFileTime
GetLocalTime
GetSystemDefaultLCID
SetErrorMode
GetDateFormatW
RaiseException
QueryPerformanceFrequency
TryEnterCriticalSection
CreateEventA
CreateThread
CloseHandle
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetTempPathW
FindFirstFileW
FindClose
GlobalSize
GlobalFree
MulDiv
EncodePointer
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemTime
SystemTimeToFileTime
GlobalGetAtomNameW
GlobalDeleteAtom
SetCurrentDirectoryW
GlobalAddAtomW
DeleteFileW
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
Sleep
GetCurrentThreadId
DecodePointer
LocalAlloc
GetUserDefaultLCID
GetStringTypeExW
SetFileTime
GetLongPathNameW
FormatMessageA
LocalFree
LoadLibraryExW
OpenFile
LoadLibraryExA
RtlCaptureStackBackTrace
GetModuleHandleExW
GetVersionExA
GetCommandLineW
SetUnhandledExceptionFilter

gdi32

SelectObject
RectInRegion
CreateCompatibleBitmap
CreateMetaFileA
SetWindowExtEx
CloseMetaFile
GetObjectA
GetWindowOrgEx
GetEnhMetaFileW
GetEnhMetaFileHeader
GetWinMetaFileBits
ResetDCW
SetAbortProc
CreateICW
GetNearestColor
SetRectRgn
GetMetaFileBitsEx
GetEnhMetaFileBits
DeleteMetaFile
EnumEnhMetaFile
SetDIBits
PlayEnhMetaFileRecord
PlayMetaFileRecord
SetEnhMetaFileBits
GetTextCharsetInfo
ExtEscape
GetOutlineTextMetricsW
EnumFontFamiliesExW
GetPaletteEntries
CreatePatternBrush
CreateDIBPatternBrushPt
GetRegionData
CreateBitmap
CreateCompatibleDC
OffsetWindowOrgEx
ExtCreatePen
CreatePen
SetROP2
ExtSelectClipRgn
RestoreDC
GetBitmapBits
EnumMetaFile
SetWinMetaFileBits
PlayEnhMetaFile
Ellipse
RoundRect
LPtoDP
SetPixelV
SetMetaFileBitsEx
BitBlt
DeleteEnhMetaFile
CreateDIBSection
GetViewportOrgEx
GetClipRgn
Escape
IntersectClipRect
GetTextFaceW
CreateDIBitmap
GetClipBox
CreateSolidBrush
GetLayout
CreateFontIndirectW
GdiFlush
SetDIBColorTable
GetObjectW
SetLayout
CreateDCW
SetMapMode
SetWindowOrgEx
DeleteDC
GetRasterizerCaps
ExcludeClipRect
Polygon
Polyline
GetObjectType
DPtoLP
UpdateColors
GetRgnBox
MoveToEx
LineTo
StretchDIBits
SetStretchBltMode
StretchBlt
GetDeviceCaps
GetCurrentObject
CreatePalette
SelectPalette
RealizePalette
GetBkColor
GetTextColor
SelectClipRgn
PatBlt
CreateRectRgn
OffsetRgn
CreateRectRgnIndirect
CombineRgn
DeleteObject
RectVisible
SetViewportOrgEx
SetTextColor
SetBkMode
GetTextMetricsW
SetTextAlign
GetStockObject
Rectangle
SetBkColor
ExtTextOutW
SaveDC
SetBrushOrgEx

user32

IntersectRect
InvalidateRect
InvalidateRgn
ValidateRect
WindowFromPoint
GetCapture
PostMessageW
AllowSetForegroundWindow
GetWindowThreadProcessId
DefWindowProcA
SetCapture
GetMessageTime
SetActiveWindow
FillRect
IsWindowEnabled
GetKeyboardLayout
RedrawWindow
MapWindowPoints
ShowCursor
IsChild
SetRect
RegisterClipboardFormatA
GetWindowLongA
SetWindowPlacement
BringWindowToTop
UpdateWindow
MonitorFromWindow
MessageBoxW
GetSysColor
FrameRect
GetSysColorBrush
GetDoubleClickTime
SystemParametersInfoW
DefWindowProcW
DefFrameProcW
DefMDIChildProcW
CallWindowProcW
SendMessageW
DispatchMessageW
TrackMouseEvent
PeekMessageW
GetAsyncKeyState
RegisterClassA
CreateWindowExA
CreateDialogIndirectParamW
TranslateAcceleratorA
TranslateMDISysAccel
ReleaseDC
GetMessagePos
SetRectEmpty
ScrollWindowEx
ValidateRgn
DispatchMessageA
TranslateMessage
DestroyCursor
LoadCursorW
SetCursor
SendMessageTimeoutA
PtInRect
SetWindowLongA
DrawFocusRect
SetScrollPos
SetScrollInfo
NotifyWinEvent
SetParent
EnableWindow
CheckDlgButton
GetWindowTextLengthA
DrawFrameControl
DrawEdge
EnumChildWindows
CreateIconIndirect
DrawIconEx
GetIconInfo
GetNextDlgTabItem
DrawTextW
EnumWindows
GetScrollPos
GetScrollRange
SetScrollRange
GetWindowInfo
UnionRect
GetDlgItem
IsDlgButtonChecked
GetScrollInfo
GetUpdateRect
ChildWindowFromPoint
ActivateKeyboardLayout
GetDlgCtrlID
SendDlgItemMessageA
MapDialogRect
IsDialogMessageW
FlashWindowEx
ShowCaret
HideCaret
GetAncestor
GetActiveWindow
MonitorFromPoint
CallWindowProcA
SetClassLongA
RegisterClassExA
GetDC
RegisterWindowMessageA
GetClassInfoExW
CopyRect
WindowFromDC
IsWindowUnicode
EnumDisplayMonitors
CreateIcon
GetKeyboardLayoutList
RegisterWindowMessageW
AttachThreadInput
ClipCursor
RemoveMenu
GetMenuItemCount
GetForegroundWindow
DrawIcon
IsRectEmpty
GetClipboardFormatNameW
GetQueueStatus
GetCursor
UpdateLayeredWindow
ChangeDisplaySettingsExW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
BeginPaint
EndPaint
GetUpdateRgn
GetTopWindow
CreateMDIWindowW
EqualRect
GetCursorPos
SetCursorPos
ClientToScreen
GetClientRect
DestroyIcon
DestroyMenu
SetWindowPos
FindWindowW
KillTimer
SetTimer
GetMonitorInfoW
MonitorFromRect
GetWindowRect
GetSystemMetrics
EnumDisplaySettingsW
IsWindowVisible
EnumDisplayDevicesW
IsIconic
SystemParametersInfoA
MessageBoxA
IsZoomed
GetParent
InflateRect
GetKeyState
GetClassNameW
ReleaseCapture
DestroyWindow
InvertRect
GetWindowLongW
SetWindowLongW
OffsetRect
GetWindow
LoadAcceleratorsA
GetFocus
CopyAcceleratorTableA
RegisterClassW
RegisterClassExW
CreateWindowExW
GetDesktopWindow
SetWindowTextW
GetWindowPlacement
SetForegroundWindow
ShowWindow
SendMessageA
DrawMenuBar
GetMenu
PostMessageA
IsWindow
MoveWindow
SetFocus
SetCaretPos
CreateCaret
GetCaretBlinkTime
DestroyCaret
CreateMenu
LoadImageW
MessageBeep
LoadIconW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExA
SetNamedSecurityInfoW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
TraceEvent
RegQueryValueExA
RegOpenKeyExA
RegisterTraceGuidsA
RegOpenKeyA
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegCloseKey

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoInitialize
CoUninitialize
CoCreateInstance
CoGetClassObject
CoUnmarshalInterface
CoMarshalInterface
CoAllowSetForegroundWindow
IsAccelerator
OleLoad
CreateClassMoniker
MkParseDisplayName
FreePropVariantArray
DoDragDrop
CreateStreamOnHGlobal
GetHGlobalFromStream
CoRevokeClassObject
OleCreateMenuDescriptor
CoRegisterClassObject
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleGetIconOfFile
OleGetIconOfClass
OleMetafilePictFromIconAndLabel
OleSaveToStream
WriteClassStm
WriteFmtUserTypeStg
CoIsOle1Class
CLSIDFromProgID
CLSIDFromString
CoTreatAsClass
StringFromCLSID
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoRegisterMessageFilter
OleSetMenuDescriptor
SetConvertStg
GetConvertStg
OleRegGetMiscStatus
CreateOleAdviseHolder
GetRunningObjectTable
CreateDataAdviseHolder
OleRegEnumFormatEtc
OleCreateEmbeddingHelper
StgIsStorageILockBytes
StgIsStorageFile
ReadFmtUserTypeStg
ReadClassStg
OleLockRunning
StgSetTimes
IIDFromString
StringFromGUID2
CreateFileMoniker
CoDisconnectObject
OleCreateLinkFromData
OleCreateFromData
ReleaseStgMedium
OleRun
CreateBindCtx
OleRegEnumVerbs
OleDuplicateData
OleIsRunning
CoFileTimeNow
CoTaskMemAlloc
WriteClassStg
CreateItemMoniker
CreateGenericComposite
OleFlushClipboard
OleQueryCreateFromData
OleQueryLinkFromData
CoGetMalloc
GetClassFile
OleRegGetUserType
OleGetClipboard
OleIsCurrentClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
ProgIDFromCLSID
CoTaskMemFree
CoCreateGuid

oart

ord3970
ord4185
ord8175
ord2084
ord7675
ord834
ord1607
ord1525
ord741
ord7334
ord2492
ord4111
ord3900
ord4879
ord7990
ord7447
ord5459
ord7602
ord4513
ord5775
ord7111
ord2027
ord6977
ord2689
ord638
ord2931
ord4078
ord8332
ord2811
ord3181
ord4136
ord4343
ord2398
ord5521
ord7356
ord3152
ord2856
ord4069
ord8198
ord1036
ord6711
ord6365
ord6376
ord2338
ord1623
ord5431
ord5863
ord3655
ord2802
ord6554
ord5879
ord5149
ord285
ord3273
ord1393
ord2556
ord7484
ord3172
ord5908
ord3468
ord5058
ord2328
ord7991
ord6695
ord5782
ord222
ord6908
ord6003
ord1569
ord1791
ord6883
ord1386
ord2621
ord2717
ord8069
ord3553
ord5101
ord7842
ord6659
ord8361
ord59
ord4260
ord6687
ord3688
ord1297
ord8275
ord5628
ord1189
ord4445
ord7892
ord4452
ord2795
ord6387
ord1682
ord7475
ord4428
ord2585
ord5066
ord116
ord2306
ord4210
ord7512
ord4012
ord270
ord6184
ord86
ord8068
ord8139
ord4899
ord8067
ord3360
ord6499
ord7543
ord535
ord258
ord4629
ord482
ord1354
ord7453
ord7254
ord2201
ord2672
ord973
ord3429
ord1658
ord7209
ord6632
ord4946
ord1867
ord7154
ord4588
ord3452
ord2032
ord5671
ord5166
ord2454
ord3472
ord4818
ord5783
ord6126
ord1411
ord7722
ord3474
ord3372
ord5923
ord5331
ord5262
ord4270
ord5240
ord6149
ord7160
ord2727
ord5260
ord2926
ord225
ord5883
ord1267
ord7137
ord8179
ord2509
ord446
ord1876
ord7697
ord3141
ord3818
ord33
ord6864
ord4687
ord7887
ord3156
ord978
ord3122
ord4207
ord4872
ord4621
ord703
ord5292
ord2335
ord7890
ord1422
ord26
ord394
ord322
ord2134
ord6810
ord233
ord1646
ord4540
ord2450
ord8007
ord5382
ord162
ord3509
ord486
ord7438
ord5750
ord3936
ord5779
ord2102
ord3329
ord5128
ord1980
ord1102
ord4240
ord4223
ord8194
ord5463
ord1520
ord6218
ord3000
ord2418
ord2784
ord2125
ord3109
ord5755
ord6546
ord2808
ord3502
ord5859
ord3909
ord1116
ord1765
ord4900
ord3169
ord8093
ord1186
ord8340
ord6016
ord3972
ord344
ord8417
ord3804
ord6274
ord8421
ord3891
ord1941
ord6062
ord3820
ord8171
ord314
ord4353
ord5726
ord265
ord5568
ord5965
ord3019
ord7385
ord7388
ord81
ord8276
ord2676
ord6531
ord3821
ord7749
ord7764
ord6506
ord938
ord5003
ord137
ord5501
ord5623
ord1707
ord2436
ord554
ord1864
ord8365
ord4740
ord2826
ord5111
ord8049
ord732
ord3584
ord1626
ord7193
ord4159
ord6393
ord4841
ord3945
ord7911
ord713
ord2726
ord8412
ord5047
ord855
ord7804
ord3116
ord5723
ord5412
ord7759
ord7753
ord4226
ord475
ord1349
ord7516
ord8094
ord3009
ord7931
ord2471
ord4964
ord1097
ord372
ord6919
ord3160
ord3748
ord5370
ord98
ord6380
ord1270
ord1545
ord3356
ord1807
ord6809
ord6324
ord7138
ord8348
ord2756
ord3204
ord1584
ord4298
ord4248
ord3974
ord4856
ord5212
ord5481
ord2998
ord1045
ord243
ord2006
ord8285
ord2385
ord5635
ord8059
ord1491
ord4923
ord3773
ord1923
ord8329
ord4500
ord6310
ord5243
ord7451
ord3203
ord1870
ord6633
ord4550
ord7232
ord8296
ord5646
ord7817
ord2960
ord1373
ord5936
ord4599
ord1989
ord4654
ord3304
ord3585
ord1902
ord8289
ord6893
ord5254
ord7880
ord1831
ord3334
ord2628
ord1370
ord4100
ord7472
ord6430
ord253
ord2445
ord7501
ord6690
ord3733
ord69
ord1800
ord6887
ord5529
ord6591
ord7454
ord7190
ord6622
ord5953
ord6378
ord169
ord592
ord5833
ord604
ord2246
ord7713
ord2853
ord6031
ord6418
ord3888
ord7365
ord2874
ord7728
ord4239
ord2014
ord6639
ord1063
ord366
ord4520
ord3985
ord2862
ord6927
ord1587
ord1105
ord2110
ord6231
ord3627
ord2484
ord2107
ord1238
ord4875
ord2599
ord1333
ord7333
ord2490
ord3825
ord5174
ord3333
ord4241
ord5753
ord7774
ord2372
ord188
ord1769
ord8208
ord3269
ord803
ord3580
ord6098
ord2844
ord1706
ord4066
ord3051
ord4580
ord7716
ord7670
ord3559
ord6760
ord2664
ord6855
ord4817
ord5897
ord7863
ord1596
ord497
ord6346
ord80
ord3865
ord7821
ord704
ord3663
ord6848
ord7234
ord1999
ord7612
ord1444
ord4261
ord1419
ord2751
ord6985
ord287
ord7020
ord7129
ord6423
ord1861
ord1794
ord1503
ord4080
ord321
ord2518
ord4219
ord5807
ord7781
ord4917
ord1649
ord4049
ord2943
ord1555
ord4936
ord4748
ord671
ord4406
ord2071
ord7347
ord279
ord5015
ord7358
ord6660
ord2716
ord6142
ord7186
ord7210
ord5996
ord6450
ord371
ord7259

gfx

ord492
ord670
ord408
ord990
ord919
ord30
ord258
ord588
ord461
ord647
ord644
ord371
ord874
ord505
ord935
ord162
ord968
ord922
ord276
ord703
ord472
ord800
ord447
ord460
ord19
ord657
ord274
ord454
ord422
ord340
ord424
ord886
ord138
ord352
ord83
ord925
ord808
ord116
ord574
ord90
ord486
ord923
ord104
ord130
ord320
ord915
ord934
ord537
ord926
ord223
ord184
ord955
ord694
ord161
ord445
ord206
ord146
ord358
ord977
ord570
ord241
ord493
ord455
ord969
ord711
ord32
ord24
ord818
ord669
ord930
ord690
ord867
ord448
ord242
ord671
ord264
ord625
ord366
ord663
ord880
ord212
ord238
ord282
ord15
ord861
ord817
ord876
ord727
ord937
ord549
ord240
ord302
ord343
ord801
ord798
ord192
ord896
ord60
ord971
ord293
ord776
ord420
ord487
ord367
ord11
ord828
ord530
ord423
ord744
ord831
ord885
ord97
ord884
ord821
ord288
ord520
ord738
ord84
ord167
ord932
ord610
ord767
ord389
ord634
ord193
ord61
ord511
ord3
ord760
ord620
ord438
ord273
ord807
ord309
ord859
ord155
ord749
ord560
ord747
ord544
ord160
ord720
ord322
ord952
ord427
ord844
ord531
ord79
ord175
ord624
ord214
ord635
ord353
ord383
ord62
ord526
ord943
ord802
ord862
ord827
ord287
ord307
ord362
ord938
ord204
ord734
ord710
ord75
ord25
ord979
ord133
ord326
ord795
ord787
ord471
ord453
ord796
ord573
ord716
ord498
ord777
ord838
ord430
ord216
ord341
ord782
ord775
ord819
ord502
ord548
ord566
ord843
ord951
ord475
ord409
ord967
ord569
ord906
ord794
ord535
ord190
ord592
ord961
ord446
ord916
ord47
ord106
ord658
ord706
ord779
ord317
ord58
ord641
ord649
ord348

Exports

Exports

DllGetLCID
_PPMain@0
_ShowSplashScreen@0

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 31B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6df3181a7f03b0a877817d5d017907a6

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

40:14:68:35:40:5f:da:b2:1f:fa:02:29:5c:d3:02:b6:78:8a:f8:b3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

gdi32

user32

advapi32

ole32

oart

gfx

Exports

Exports

Sections

.text Size: 8.0MB - Virtual size: 8.0MB

.data Size: 502KB - Virtual size: 501KB

.tls Size: 512B - Virtual size: 31B

.rsrc Size: 285KB - Virtual size: 285KB

.reloc Size: 471KB - Virtual size: 471KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

40:14:68:35:40:5f:da:b2:1f:fa:02:29:5c:d3:02:b6:78:8a:f8:b3
Signer

.text
Size: 8.0MB - Virtual size: 8.0MB

.data
Size: 502KB - Virtual size: 501KB

.tls
Size: 512B - Virtual size: 31B

.rsrc
Size: 285KB - Virtual size: 285KB

.reloc
Size: 471KB - Virtual size: 471KB