2024-04-16_ad147a90655144eaa90b526f0f84cb64_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-16_ad147a90655144eaa90b526f0f84cb64_mafia
Size

614KB
MD5

ad147a90655144eaa90b526f0f84cb64
SHA1

b5df12a0fb5f73734e24b57f11d7abf885bb09f4
SHA256

4bc7ec3d1e0402a8c9adacffd4eb1017a9f69d256690f5cfaa33a22704a9bd45
SHA512

5a88ee1cc95d7431d9b18d0a8bb509de50e341eb82cc3ac52ba728a163ca2a36c85bda3dbfc49c3cc6db4c3b2374a48940fbfcac6128ecb3d985845a02fdebbf
SSDEEP

12288:4BgKPLqiMfskfqg8CsdBlhc09HTHoMi+YNzzvkZKWeX8+dsu:sgKvMfsfg8HlhcCHTHoMi+YNzzaKy+dl

Score

1^/10

Malware Config

Signatures

Files

2024-04-16_ad147a90655144eaa90b526f0f84cb64_mafia
.exe windows:5 windows x86 arch:x86

1b26f13a8f331b4ecd71a772364201ac

Code Sign

6d:cc:7f:fc:9a:26:d2:1a:90:cd:e9:3e:72:1c:bd:fe
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

09-03-2017 06:31

Not After

09-02-2018 06:31

Subject

CN=PengXin Network Tech Co.\, LTD.,O=PengXin Network Tech Co.\, LTD.,L=Yantai,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2039 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29-04-2015 17:12

Not After

29-04-2025 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:9b:f3:be:64:85:5b:7f:65:28:2f:d5:fd:a6:74:77
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

09-03-2017 06:24

Not After

09-02-2018 06:24

Subject

CN=PengXin Network Tech Co.\, LTD.,O=PengXin Network Tech Co.\, LTD.,L=Yantai,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-11-2014 00:58

Not After

08-11-2029 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29-04-2015 17:12

Not After

29-04-2025 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08-04-2015 01:00

Not After

08-04-2023 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2039 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:d7:a4:61:8b:79:00:06:f6:91:18:40:ab:bf:69:60:ab:4f:f3:1d:33:f6:89:7b:7c:82:05:be:6c:d5:25:e9
Signer

Actual PE Digest

81:d7:a4:61:8b:79:00:06:f6:91:18:40:ab:bf:69:60:ab:4f:f3:1d:33:f6:89:7b:7c:82:05:be:6c:d5:25:e9

Digest Algorithm

sha256

PE Digest Matches

true

f2:04:74:0a:ee:ae:3b:97:5d:47:27:ad:56:9a:48:63:52:c4:01:99
Signer

Actual PE Digest

f2:04:74:0a:ee:ae:3b:97:5d:47:27:ad:56:9a:48:63:52:c4:01:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\@WORK~~~~~~~~~\@学习项目\1_新后台下载器\New下载器(缩小版本版面2)\DownLoad\Output\卓大师刷机专家v5.3.0.1 官方版_600_23.pdb

Imports

kernel32

WinExec
CloseHandle
DeleteFileW
lstrcpyW
SetFileAttributesW
CreateMutexW
SetFilePointer
SetEndOfFile
SetFilePointerEx
WaitForSingleObject
MoveFileW
WaitForMultipleObjects
ReleaseMutex
GetCommandLineW
VirtualQuery
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
TlsFree
GetModuleFileNameW
GetCurrentProcess
CreateDirectoryW
GetModuleHandleW
OpenProcess
WideCharToMultiByte
GetVersionExW
WritePrivateProfileStringW
GetSystemInfo
GetFileAttributesW
CreateFileA
ExitProcess
FreeResource
FindResourceW
LoadResource
GlobalLock
GlobalAlloc
SizeofResource
GlobalUnlock
LockResource
GetModuleFileNameA
GetNativeSystemInfo
GetTickCount
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
lstrcmpiW
lstrlenW
CompareStringW
GetProcessHeap
FindNextFileW
SetStdHandle
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapSize
SetLastError
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
HeapAlloc
HeapFree
DecodePointer
EncodePointer
lstrcmpW
lstrcpynW
LeaveCriticalSection
FormatMessageW
LoadLibraryW
TlsSetValue
TlsGetValue
OutputDebugStringW
lstrcatW
FindClose
GetLongPathNameW
GetTempPathW
MultiByteToWideChar
CreateFileW
ReadFile
CopyFileW
Sleep
WriteFile
FindFirstFileW
EnterCriticalSection
GetProcAddress
WriteConsoleW
GetLastError
InterlockedDecrement
InterlockedIncrement
FreeLibrary
WriteProcessMemory
SetEnvironmentVariableA

user32

WindowFromDC
IsWindow
CreateWindowExW
RegisterClassW
GetSystemMetrics
SendMessageW
DestroyMenu
CallWindowProcW
DefWindowProcW
ReleaseCapture
SetCapture
FindWindowExW
SetWindowLongW
GetDlgItem
ReleaseDC
GetClassNameW
SystemParametersInfoW
IntersectRect
GetDC
GetUpdateRect
GetClassInfoW
BeginPaint
LoadCursorW
GetParent
PostMessageW
LoadImageW
IsMenu
GetWindowRect
DestroyWindow
EndPaint
DispatchMessageW
MessageBoxW
PeekMessageW
TranslateMessage
UnregisterClassW
PostQuitMessage
GetMessageW
TranslateAcceleratorW
SetTimer
ShowWindow
InvalidateRect
LoadIconW
PtInRect
GetWindowLongW
CopyRect
GetMenuItemCount
EnableMenuItem
SetRect
GetClientRect
DeleteMenu
GetSystemMenu
SetCursor
MessageBoxA
KillTimer
GetWindowThreadProcessId
GetCursorPos
SetWindowPos
SendInput
SetCursorPos

gdi32

GetTextExtentPoint32W
SetTextCharacterExtra
BitBlt
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
GetObjectA
DeleteDC
SaveDC
GetStockObject
RestoreDC
SetWindowOrgEx

advapi32

RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetFolderLocation
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderLocation
ShellExecuteA
ord165
ShellExecuteW
SHFileOperationW
SHChangeNotify
SHGetDesktopFolder

ole32

CoCreateInstance
CoUninitialize
OleUninitialize
OleInitialize
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize

oleaut32

VariantInit
SafeArrayCreateVector
VariantClear
SysAllocString

shlwapi

PathIsDirectoryW
StrCatW
StrToIntW
PathAppendW
StrStrIW
StrCpyW
PathAppendA
PathAddBackslashW
StrCmpW
StrRetToStrW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathFileExistsA
PathFileExistsW

gdiplus

GdiplusStartup
GdipLoadImageFromStream
GdipDeleteBrush
GdipDrawRectangleI
GdipDeleteStringFormat
GdipCreatePen1
GdipCreateStringFormat
GdipDrawLineI
GdipFillRectangleI
GdipCreateLineBrushI
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDeleteFontFamily
GdipSetSmoothingMode
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeletePen
GdipGetImageWidth
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipGetImageHeight
GdipCreateFontFromDC
GdipCloneImage
GdipDrawString
GdipDisposeImage
GdipAlloc
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipFree

urlmon

URLDownloadToFileW

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetConnectW
InternetReadFile
InternetCrackUrlW
InternetOpenW

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpReceiveResponse

netapi32

Netbios

setupapi

SetupIterateCabinetW

Exports

Exports

arcfour_LTX__is_block_algorithm
arcfour_LTX__mcrypt_algorithm_version
arcfour_LTX__mcrypt_decrypt
arcfour_LTX__mcrypt_encrypt
arcfour_LTX__mcrypt_get_algo_iv_size
arcfour_LTX__mcrypt_get_algorithms_name
arcfour_LTX__mcrypt_get_block_size
arcfour_LTX__mcrypt_get_key_size
arcfour_LTX__mcrypt_get_size
arcfour_LTX__mcrypt_get_supported_key_sizes
arcfour_LTX__mcrypt_self_test
arcfour_LTX__mcrypt_set_key
blowfish_LTX__is_block_algorithm
blowfish_LTX__mcrypt_algorithm_version
blowfish_LTX__mcrypt_decrypt
blowfish_LTX__mcrypt_encrypt
blowfish_LTX__mcrypt_get_algorithms_name
blowfish_LTX__mcrypt_get_block_size
blowfish_LTX__mcrypt_get_key_size
blowfish_LTX__mcrypt_get_size
blowfish_LTX__mcrypt_get_supported_key_sizes
blowfish_LTX__mcrypt_self_test
blowfish_LTX__mcrypt_set_key
blowfish_compat_LTX__is_block_algorithm
blowfish_compat_LTX__mcrypt_algorithm_version
blowfish_compat_LTX__mcrypt_decrypt
blowfish_compat_LTX__mcrypt_encrypt
blowfish_compat_LTX__mcrypt_get_algorithms_name
blowfish_compat_LTX__mcrypt_get_block_size
blowfish_compat_LTX__mcrypt_get_key_size
blowfish_compat_LTX__mcrypt_get_size
blowfish_compat_LTX__mcrypt_get_supported_key_sizes
blowfish_compat_LTX__mcrypt_self_test
blowfish_compat_LTX__mcrypt_set_key
cast_128_LTX__is_block_algorithm
cast_128_LTX__mcrypt_algorithm_version
cast_128_LTX__mcrypt_decrypt
cast_128_LTX__mcrypt_encrypt
cast_128_LTX__mcrypt_get_algorithms_name
cast_128_LTX__mcrypt_get_block_size
cast_128_LTX__mcrypt_get_key_size
cast_128_LTX__mcrypt_get_size
cast_128_LTX__mcrypt_get_supported_key_sizes
cast_128_LTX__mcrypt_self_test
cast_128_LTX__mcrypt_set_key
cast_256_LTX__is_block_algorithm
cast_256_LTX__mcrypt_algorithm_version
cast_256_LTX__mcrypt_decrypt
cast_256_LTX__mcrypt_encrypt
cast_256_LTX__mcrypt_get_algorithms_name
cast_256_LTX__mcrypt_get_block_size
cast_256_LTX__mcrypt_get_key_size
cast_256_LTX__mcrypt_get_size
cast_256_LTX__mcrypt_get_supported_key_sizes
cast_256_LTX__mcrypt_self_test
cast_256_LTX__mcrypt_set_key
des_LTX__is_block_algorithm
des_LTX__mcrypt_algorithm_version
des_LTX__mcrypt_decrypt
des_LTX__mcrypt_encrypt
des_LTX__mcrypt_get_algorithms_name
des_LTX__mcrypt_get_block_size
des_LTX__mcrypt_get_key_size
des_LTX__mcrypt_get_size
des_LTX__mcrypt_get_supported_key_sizes
des_LTX__mcrypt_self_test
des_LTX__mcrypt_set_key
end_mcrypt
enigma_LTX__is_block_algorithm
enigma_LTX__mcrypt_algorithm_version
enigma_LTX__mcrypt_decrypt
enigma_LTX__mcrypt_encrypt
enigma_LTX__mcrypt_get_algo_iv_size
enigma_LTX__mcrypt_get_algorithms_name
enigma_LTX__mcrypt_get_block_size
enigma_LTX__mcrypt_get_key_size
enigma_LTX__mcrypt_get_size
enigma_LTX__mcrypt_get_supported_key_sizes
enigma_LTX__mcrypt_self_test
enigma_LTX__mcrypt_set_key
gost_LTX__is_block_algorithm
gost_LTX__mcrypt_algorithm_version
gost_LTX__mcrypt_decrypt
gost_LTX__mcrypt_encrypt
gost_LTX__mcrypt_get_algorithms_name
gost_LTX__mcrypt_get_block_size
gost_LTX__mcrypt_get_key_size
gost_LTX__mcrypt_get_size
gost_LTX__mcrypt_get_supported_key_sizes
gost_LTX__mcrypt_self_test
gost_LTX__mcrypt_set_key
init_mcrypt
loki97_LTX__is_block_algorithm
loki97_LTX__mcrypt_algorithm_version
loki97_LTX__mcrypt_decrypt
loki97_LTX__mcrypt_encrypt
loki97_LTX__mcrypt_get_algorithms_name
loki97_LTX__mcrypt_get_block_size
loki97_LTX__mcrypt_get_key_size
loki97_LTX__mcrypt_get_size
loki97_LTX__mcrypt_get_supported_key_sizes
loki97_LTX__mcrypt_self_test
loki97_LTX__mcrypt_set_key
mcrypt
mcrypt_dlopen
mcrypt_enc_get_algorithms_name
mcrypt_enc_get_block_size
mcrypt_enc_get_iv_size
mcrypt_enc_get_key_size
mcrypt_enc_get_modes_name
mcrypt_enc_get_state
mcrypt_enc_get_supported_key_sizes
mcrypt_enc_is_block_algorithm
mcrypt_enc_is_block_algorithm_mode
mcrypt_enc_is_block_mode
mcrypt_enc_mode_has_iv
mcrypt_enc_self_test
mcrypt_enc_set_state
mcrypt_free
mcrypt_generic
mcrypt_generic_deinit
mcrypt_generic_end
mcrypt_generic_init
mcrypt_get_algo_iv_size
mcrypt_get_size
mcrypt_mode_get_size
mcrypt_module_algorithm_version
mcrypt_module_close
mcrypt_module_get_algo_block_size
mcrypt_module_get_algo_key_size
mcrypt_module_get_algo_supported_key_sizes
mcrypt_module_is_block_algorithm
mcrypt_module_is_block_algorithm_mode
mcrypt_module_is_block_mode
mcrypt_module_mode_version
mcrypt_module_open
mcrypt_module_self_test
mcrypt_perror
mcrypt_set_key
mcrypt_strerror
mdecrypt
mdecrypt_generic
rc2_LTX__is_block_algorithm
rc2_LTX__mcrypt_algorithm_version
rc2_LTX__mcrypt_decrypt
rc2_LTX__mcrypt_encrypt
rc2_LTX__mcrypt_get_algorithms_name
rc2_LTX__mcrypt_get_block_size
rc2_LTX__mcrypt_get_key_size
rc2_LTX__mcrypt_get_size
rc2_LTX__mcrypt_get_supported_key_sizes
rc2_LTX__mcrypt_self_test
rc2_LTX__mcrypt_set_key
rijndael_128_LTX__is_block_algorithm
rijndael_128_LTX__mcrypt_algorithm_version
rijndael_128_LTX__mcrypt_decrypt
rijndael_128_LTX__mcrypt_encrypt
rijndael_128_LTX__mcrypt_get_algorithms_name
rijndael_128_LTX__mcrypt_get_block_size
rijndael_128_LTX__mcrypt_get_key_size
rijndael_128_LTX__mcrypt_get_size
rijndael_128_LTX__mcrypt_get_supported_key_sizes
rijndael_128_LTX__mcrypt_self_test
rijndael_128_LTX__mcrypt_set_key
rijndael_192_LTX__is_block_algorithm
rijndael_192_LTX__mcrypt_algorithm_version
rijndael_192_LTX__mcrypt_decrypt
rijndael_192_LTX__mcrypt_encrypt
rijndael_192_LTX__mcrypt_get_algorithms_name
rijndael_192_LTX__mcrypt_get_block_size
rijndael_192_LTX__mcrypt_get_key_size
rijndael_192_LTX__mcrypt_get_size
rijndael_192_LTX__mcrypt_get_supported_key_sizes
rijndael_192_LTX__mcrypt_self_test
rijndael_192_LTX__mcrypt_set_key
rijndael_256_LTX__is_block_algorithm
rijndael_256_LTX__mcrypt_algorithm_version
rijndael_256_LTX__mcrypt_decrypt
rijndael_256_LTX__mcrypt_encrypt
rijndael_256_LTX__mcrypt_get_algorithms_name
rijndael_256_LTX__mcrypt_get_block_size
rijndael_256_LTX__mcrypt_get_key_size
rijndael_256_LTX__mcrypt_get_size
rijndael_256_LTX__mcrypt_get_supported_key_sizes
rijndael_256_LTX__mcrypt_self_test
rijndael_256_LTX__mcrypt_set_key
saferplus_LTX__is_block_algorithm
saferplus_LTX__mcrypt_algorithm_version
saferplus_LTX__mcrypt_decrypt
saferplus_LTX__mcrypt_encrypt
saferplus_LTX__mcrypt_get_algorithms_name
saferplus_LTX__mcrypt_get_block_size
saferplus_LTX__mcrypt_get_key_size
saferplus_LTX__mcrypt_get_size
saferplus_LTX__mcrypt_get_supported_key_sizes
saferplus_LTX__mcrypt_self_test
saferplus_LTX__mcrypt_set_key
serpent_LTX__is_block_algorithm
serpent_LTX__mcrypt_algorithm_version
serpent_LTX__mcrypt_decrypt
serpent_LTX__mcrypt_encrypt
serpent_LTX__mcrypt_get_algorithms_name
serpent_LTX__mcrypt_get_block_size
serpent_LTX__mcrypt_get_key_size
serpent_LTX__mcrypt_get_size
serpent_LTX__mcrypt_get_supported_key_sizes
serpent_LTX__mcrypt_self_test
serpent_LTX__mcrypt_set_key
tripledes_LTX__is_block_algorithm
tripledes_LTX__mcrypt_algorithm_version
tripledes_LTX__mcrypt_decrypt
tripledes_LTX__mcrypt_encrypt
tripledes_LTX__mcrypt_get_algorithms_name
tripledes_LTX__mcrypt_get_block_size
tripledes_LTX__mcrypt_get_key_size
tripledes_LTX__mcrypt_get_size
tripledes_LTX__mcrypt_get_supported_key_sizes
tripledes_LTX__mcrypt_self_test
tripledes_LTX__mcrypt_set_key
twofish_LTX__is_block_algorithm
twofish_LTX__mcrypt_algorithm_version
twofish_LTX__mcrypt_decrypt
twofish_LTX__mcrypt_encrypt
twofish_LTX__mcrypt_get_algorithms_name
twofish_LTX__mcrypt_get_block_size
twofish_LTX__mcrypt_get_key_size
twofish_LTX__mcrypt_get_size
twofish_LTX__mcrypt_get_supported_key_sizes
twofish_LTX__mcrypt_self_test
twofish_LTX__mcrypt_set_key
wake_LTX__is_block_algorithm
wake_LTX__mcrypt_algorithm_version
wake_LTX__mcrypt_decrypt
wake_LTX__mcrypt_encrypt
wake_LTX__mcrypt_get_algo_iv_size
wake_LTX__mcrypt_get_algorithms_name
wake_LTX__mcrypt_get_block_size
wake_LTX__mcrypt_get_key_size
wake_LTX__mcrypt_get_size
wake_LTX__mcrypt_get_supported_key_sizes
wake_LTX__mcrypt_self_test
wake_LTX__mcrypt_set_key
xtea_LTX__is_block_algorithm
xtea_LTX__mcrypt_algorithm_version
xtea_LTX__mcrypt_decrypt
xtea_LTX__mcrypt_encrypt
xtea_LTX__mcrypt_get_algorithms_name
xtea_LTX__mcrypt_get_block_size
xtea_LTX__mcrypt_get_key_size
xtea_LTX__mcrypt_get_size
xtea_LTX__mcrypt_get_supported_key_sizes
xtea_LTX__mcrypt_self_test
xtea_LTX__mcrypt_set_key

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b26f13a8f331b4ecd71a772364201ac

Code Sign

6d:cc:7f:fc:9a:26:d2:1a:90:cd:e9:3e:72:1c:bd:feCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39Certificate

Extended Key Usages

Key Usages

23:9b:f3:be:64:85:5b:7f:65:28:2f:d5:fd:a6:74:77Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39Certificate

Extended Key Usages

Key Usages

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1bCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

81:d7:a4:61:8b:79:00:06:f6:91:18:40:ab:bf:69:60:ab:4f:f3:1d:33:f6:89:7b:7c:82:05:be:6c:d5:25:e9Signer

f2:04:74:0a:ee:ae:3b:97:5d:47:27:ad:56:9a:48:63:52:c4:01:99Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

urlmon

wininet

winhttp

netapi32

setupapi

Exports

Exports

Sections

.text Size: 323KB - Virtual size: 323KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 22KB - Virtual size: 69KB

.rsrc Size: 138KB - Virtual size: 138KB

.reloc Size: 23KB - Virtual size: 23KB

6d:cc:7f:fc:9a:26:d2:1a:90:cd:e9:3e:72:1c:bd:fe
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

23:9b:f3:be:64:85:5b:7f:65:28:2f:d5:fd:a6:74:77
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

81:d7:a4:61:8b:79:00:06:f6:91:18:40:ab:bf:69:60:ab:4f:f3:1d:33:f6:89:7b:7c:82:05:be:6c:d5:25:e9
Signer

f2:04:74:0a:ee:ae:3b:97:5d:47:27:ad:56:9a:48:63:52:c4:01:99
Signer

.text
Size: 323KB - Virtual size: 323KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 22KB - Virtual size: 69KB

.rsrc
Size: 138KB - Virtual size: 138KB

.reloc
Size: 23KB - Virtual size: 23KB