3adcce8e122b2270b3c9a5ea66fceda975183566fd806cfca2a2752b1920beae

Sharing

Copy URL Twitter E-mail

General

Target

3adcce8e122b2270b3c9a5ea66fceda975183566fd806cfca2a2752b1920beae
Size

889KB
MD5

6611b6b9fc87f279878162fe8310ea53
SHA1

db53ac195ff755856a0a185c02dae933000ab9d8
SHA256

3adcce8e122b2270b3c9a5ea66fceda975183566fd806cfca2a2752b1920beae
SHA512

1e86c8aecf1f722e45c5b69a7982ae1b6de2f0c70c9865c42400945e52d217c406efdf67761675fe7429d25889c6d1190db4fde71c22daa9219c4674b3c4a015
SSDEEP

24576:PaeSHvR7SFh+5mqVjM/rVVz0+UCF1rEH7QeC:PaPREMVM/pVY+UC+C

Score

1^/10

Malware Config

Signatures

Files

3adcce8e122b2270b3c9a5ea66fceda975183566fd806cfca2a2752b1920beae
.dll windows:5 windows x86 arch:x86

20fbddf52e7615fd0c912febc667797a

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/08/2019, 00:00

Not After

02/10/2022, 12:00

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:09:1e:19:18:55:a7:0a:91:70:ef:18:e4:23:ea:d3
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/08/2019, 00:00

Not After

02/10/2022, 12:00

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dc:54:26:c0:9f:03:70:20:4c:7a:02:9f:65:ff:05:f4:33:8f:7a:27:a0:50:81:49:cf:c9:f9:ed:0c:33:f4:4f
Signer

Actual PE Digest

dc:54:26:c0:9f:03:70:20:4c:7a:02:9f:65:ff:05:f4:33:8f:7a:27:a0:50:81:49:cf:c9:f9:ed:0c:33:f4:4f

Digest Algorithm

sha256

PE Digest Matches

false

d7:2b:66:f6:3e:b2:57:04:6f:82:26:b5:28:e6:32:4d:76:4e:cd:f5
Signer

Actual PE Digest

d7:2b:66:f6:3e:b2:57:04:6f:82:26:b5:28:e6:32:4d:76:4e:cd:f5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\TBNet\SecurePt\Output\Release\CmdManager.pdb

Imports

xmlwrapper

?CreateNode@CXmlNode@@QAEIAAV1@QADQAXH@Z
?GetNodeProperty@CXmlNode@@QAEIQADPADAAH@Z
?SetNodeProperty@CXmlNode@@QAEIQAD0@Z
?GetFirstElement@CXmlNode@@QAE?AV1@QAD@Z
?GetNodeContent@CXmlNode@@QAEIPADAAH@Z
?DeleteFirstElement@CXmlNode@@QAEIQAD@Z
??0CXmlNode@@QAE@ABV0@QAD@Z
?GetChildrenNode@CXmlNode@@QAE?AV1@XZ
?GetSiblingNode@CXmlNode@@QAE?AV1@XZ
?SetNodeContent@CXmlNode@@QAEIQAXH@Z
?CreateNode@CXmlNode@@QAEIAAV1@QAD111@Z
?NodeExists@CXmlNode@@QAEHQAD@Z
??0CXmlNode@@QAE@ABV0@@Z
??4CXmlNode@@QAEAAV0@ABV0@@Z
??0CXmlDocument@@QAE@XZ
??1CXmlDocument@@QAE@XZ
?OpenXmlFile@CXmlDocument@@QAEIQAD0@Z
?SaveXmlFile@CXmlDocument@@QAEIQAD0@Z
?GetRootElement@CXmlDocument@@QAE?AVCXmlNode@@XZ
??0CXmlNode@@QAE@XZ
??1CXmlNode@@QAE@XZ
?NodeValid@CXmlNode@@QBEHXZ

compressfile

DecompressFL
CompressFL
IsCompressBufFL

kernel32

SystemTimeToTzSpecificLocalTime
GetCurrentProcess
SetEvent
GetTickCount
GetPrivateProfileStringW
InitializeCriticalSection
OpenProcess
LoadLibraryW
Sleep
LeaveCriticalSection
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileIntW
GetLastError
EnterCriticalSection
GetPrivateProfileStringA
Process32FirstW
ProcessIdToSessionId
WritePrivateProfileStringA
CreateEventW
GetModuleFileNameA
Process32NextW
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
DeleteCriticalSection
CreateThread
GetComputerNameW
WideCharToMultiByte
OpenMutexW
ReleaseMutex
WinExec
CreateDirectoryW
TerminateThread
GetExitCodeThread
OutputDebugStringA
ResumeThread
MoveFileW
GetLocalTime
InterlockedIncrement
SetWaitableTimer
CancelWaitableTimer
WaitForMultipleObjects
CreateWaitableTimerW
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToLocalFileTime
ResetEvent
LocalReAlloc
LocalAlloc
LocalFree
CreateMutexW
GetFullPathNameW
MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
GetTempPathW
GetLongPathNameW
CreateFileMappingA
OpenFileMappingA
GetEnvironmentVariableW
FindFirstFileW
GetDriveTypeW
GetCurrentThread
GetVersionExW
SetLastError
FindClose
RemoveDirectoryW
FindFirstFileA
FindNextFileA
DeleteFileA
GetTempFileNameW
MoveFileExW
GetPrivateProfileIntA
CopyFileW
GetFileAttributesA
FindNextFileW
DeleteFileW
GetModuleHandleW
GetCurrentProcessId
GetLogicalDriveStringsW
SetEnvironmentVariableW
GetLogicalDrives
WriteFile
ReadFile
CreateFileW
GetDiskFreeSpaceW
QueryDosDeviceW
DeviceIoControl
FreeLibrary
GetFileAttributesExW
SetFileAttributesW
GetVolumeInformationW
GetSystemDirectoryW
InterlockedExchange
OpenFileMappingW
CloseHandle
GetModuleFileNameW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
LoadLibraryA
GetProcAddress
LocalFileTimeToFileTime
InterlockedDecrement
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
OpenEventW

user32

wsprintfW
ExitWindowsEx

advapi32

RegOpenKeyExW
RegCreateKeyExW
OpenThreadToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ControlService
StartServiceW
QueryServiceStatusEx
QueryServiceConfigW
UnlockServiceDatabase
LockServiceDatabase
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
AllocateAndInitializeSid
RegQueryValueExW
EqualSid
LogonUserW
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountSidW
GetTokenInformation
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
RegCloseKey
RegSetValueExW
FreeSid

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoInitializeEx
CoCreateGuid

msvcp90

?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?max_size@?$allocator@_W@std@@QBEIXZ
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?uncaught_exception@std@@YA_NXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE_W_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
??0?$allocator@_W@std@@QAE@ABV01@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??0?$allocator@_W@std@@QAE@XZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
?setf@ios_base@std@@QAEHHH@Z
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?eof@?$char_traits@_W@std@@SAGXZ
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?length@?$char_traits@_W@std@@SAIPB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@_W@Z

msvcr90

_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_errno
_wtof
memset
memcpy
_CxxThrowException
__RTDynamicCast
free
wcsncat
_invalid_parameter_noinfo
wcsrchr
_wcsdup
strcpy_s
_purecall
??3@YAXPAX@Z
strcat_s
wcschr
_wcsicmp
sprintf
wcsncpy_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
sscanf
_create_locale
_wcsnicmp
_localtime64_s
wcsncpy
??_V@YAXPAX@Z
_swprintf_s_l
strrchr
toupper
wcscat_s
wcsncmp
wcscpy_s
_wcstoui64
_time64
_free_locale
??2@YAPAXI@Z
atoi
strncpy
fopen
fwrite
fclose
malloc
_wcstod_l
wcsstr
_isnan
_wcstoul_l
realloc
towupper
swprintf_s
_waccess
_memicmp
memmove_s
_snwprintf
_wgetenv
_beginthread
_vswprintf
printf
wcstok
_wtoi
_wtol
fread
ftell
fseek
memmove
_wfopen
_vswprintf_c_l
setlocale
_localtime64
_itow
memcpy_s
_ltow
swscanf_s
vswprintf_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
__CxxFrameHandler3
__clean_type_info_names_internal
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

netapi32

NetApiBufferFree
NetServerEnum
NetShareEnum

powrprof

SetSuspendState

shlwapi

PathIsDirectoryW
StrRetToStrW
PathFileExistsW
PathIsNetworkPathW

ws2_32

WSAStartup

mpr

WNetAddConnection2W
WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetCancelConnection2W

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
TBCanUnloadNow
TBCreateObject

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20fbddf52e7615fd0c912febc667797a

Code Sign

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

01:09:1e:19:18:55:a7:0a:91:70:ef:18:e4:23:ea:d3Certificate

Extended Key Usages

Key Usages

dc:54:26:c0:9f:03:70:20:4c:7a:02:9f:65:ff:05:f4:33:8f:7a:27:a0:50:81:49:cf:c9:f9:ed:0c:33:f4:4fSigner

d7:2b:66:f6:3e:b2:57:04:6f:82:26:b5:28:e6:32:4d:76:4e:cd:f5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

xmlwrapper

compressfile

kernel32

user32

advapi32

shell32

ole32

msvcp90

msvcr90

wtsapi32

netapi32

powrprof

shlwapi

ws2_32

mpr

Exports

Exports

Sections

.text Size: 612KB - Virtual size: 612KB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

61:1c:b2:8a:00:00:00:00:00:26
Certificate

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

01:09:1e:19:18:55:a7:0a:91:70:ef:18:e4:23:ea:d3
Certificate

dc:54:26:c0:9f:03:70:20:4c:7a:02:9f:65:ff:05:f4:33:8f:7a:27:a0:50:81:49:cf:c9:f9:ed:0c:33:f4:4f
Signer

d7:2b:66:f6:3e:b2:57:04:6f:82:26:b5:28:e6:32:4d:76:4e:cd:f5
Signer

.text
Size: 612KB - Virtual size: 612KB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB