62af787137b767867d12c2ebb767c41e

Sharing

Copy URL

Twitter E-mail

General

Target

62af787137b767867d12c2ebb767c41e
Size

597KB
MD5

62af787137b767867d12c2ebb767c41e
SHA1

545065be052ed64f9158e9e80747fb8a744f94d9
SHA256

b18801ae430d1623822ce1d6f933afa0ce04923493dfbab5050b5c591d9c9a77
SHA512

e1484d2afb7b14a7f6ba89167c3d7e0749e167faa1f9301d1286b9de873401c43d66a48f5aa18fe17e1a1685cc18a0e30f16daf70e49cd8b80f2d3b85b2a1f80
SSDEEP

12288:2SdK4MVDr7vRgndOBBtggdMvk2CqvAmYac+MRGM4h/qofkKBw3:2Sd38r7ZgdOBHFt2CqvAic+MRGJ/qofO

Score

1^/10

Malware Config

Signatures

Files

62af787137b767867d12c2ebb767c41e
.dll windows:4 windows x86 arch:x86

ac7cb30edef2046fc9180ca2994f0ef2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:57:c3:39:eb:73:c7:6d:7d:f6:a2:ad:47:8e:66:e3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-08-2015 00:00

Not After

26-09-2017 23:59

Subject

CN=Sogou.com,OU=Desktop Business Division,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30-09-2015 00:00

Not After

28-09-2018 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-01-2016 00:00

Not After

11-04-2027 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2c:43:aa:13:3c:71:02:47:87:0a:d5:d4:d7:2b:47:3f:90:20:22:de:ba:c9:da:00:4a:e1:f7:f7:fa:8a:92:f8
Signer

Actual PE Digest

2c:43:aa:13:3c:71:02:47:87:0a:d5:d4:d7:2b:47:3f:90:20:22:de:ba:c9:da:00:4a:e1:f7:f7:fa:8a:92:f8

Digest Algorithm

sha256

PE Digest Matches

false

0c:a2:ef:6f:48:32:36:ac:2b:82:ee:0b:6a:36:7d:bd:14:ee:77:79
Signer

Actual PE Digest

0c:a2:ef:6f:48:32:36:ac:2b:82:ee:0b:6a:36:7d:bd:14:ee:77:79

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathRemoveBackslashW
PathIsDirectoryW
PathAppendW
PathRemoveFileSpecW
PathAddBackslashW
PathFindFileNameW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mfc42u

ord3826
ord826
ord600
ord1571
ord6466
ord1250
ord1248
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3396
ord3825
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord825
ord815
ord3948
ord2717
ord941
ord535
ord861
ord540
ord800
ord922
ord4124
ord5679
ord2606
ord858
ord538
ord942
ord823
ord4273
ord940
ord2810
ord925
ord2756
ord5568
ord2910
ord6868
ord4199
ord537
ord6655
ord5706
ord4197
ord860
ord1115
ord1173
ord1568
ord1165
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord6279
ord1567
ord6278
ord269

msvcrt

_strcmpi
__CxxFrameHandler
wcslen
memset
strlen
_wtol
wcschr
wcsncpy
_snwprintf
wcscmp
wcscpy
memcpy
swprintf
_itoa
sprintf
_wtoi
atoi
_purecall
_ftol
_wcslwr
rand
wcsstr
isprint
isspace
tolower
free
malloc
isalnum
_callnewh
strncpy
swscanf
strncmp
_snprintf
_wstati64
_wmkdir
_wsplitpath
wcstoul
_itow
_ultow
_ui64tow
srand
time
_wcsicmp
_except_handler3
_CxxThrowException
??0exception@@QAE@ABV0@@Z
strcpy
strcmp
memcmp
strchr
strrchr
strtoul
atof
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_beginthreadex
memmove
fopen
_wfopen
fprintf
fclose
fread
ftell
fseek
fputc
sscanf
isalpha
wcscat
wcsrchr
calloc
wcsncat
_wcsnicmp
strncat
fwrite
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
towlower
_getpid
fflush
wprintf

kernel32

GetTempPathW
LocalAlloc
InitializeCriticalSectionAndSpinCount
DuplicateHandle
GetModuleFileNameA
ResetEvent
IsBadReadPtr
GetFileInformationByHandle
FileTimeToSystemTime
SetFileTime
GetFileAttributesW
LocalFileTimeToFileTime
SetFilePointer
LoadLibraryA
VirtualQuery
GetSystemInfo
GetSystemDefaultLangID
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetLocalTime
VirtualAllocEx
VirtualAlloc
SetUnhandledExceptionFilter
ReadProcessMemory
WriteProcessMemory
WaitForMultipleObjects
TerminateProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
SetErrorMode
UnhandledExceptionFilter
SetEvent
CreateEventW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
lstrcmpiW
GetVersion
OpenSemaphoreW
CreateNamedPipeW
OpenEventW
OpenMutexW
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
InterlockedDecrement
ResumeThread
GetFullPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
GetCurrentDirectoryW
WritePrivateProfileStructW
WritePrivateProfileStringW
WritePrivateProfileSectionW
GetPrivateProfileStructW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
lstrlenW
FindFirstFileW
FindClose
GetFileSize
ReadFile
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
DeviceIoControl
GetDiskFreeSpaceExW
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
CreateThread
FindResourceW
SizeofResource
LoadResource
LockResource
CreateFileW
WriteFile
RaiseException
TerminateThread
InterlockedCompareExchange
CreateMutexW
lstrcpynA
lstrcpyA
OutputDebugStringA
GlobalAlloc
lstrcpyW
GlobalFree
OutputDebugStringW
SleepEx
InterlockedExchange
GetCommandLineW
LocalFree
GetPrivateProfileIntW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetModuleHandleW
CopyFileW
Sleep
GetCurrentProcessId
GetCurrentProcess
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
GetVersionExW
CreateProcessW
WaitForSingleObject
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CloseHandle
FreeLibrary
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
GetProcAddress
GetLastError
GetModuleFileNameW
LoadLibraryW

user32

FindWindowA
IsIconic
SetWindowLongW
UnregisterClassW
RegisterClassExW
DefWindowProcW
DestroyWindow
ShowWindow
CreateWindowExW
SetTimer
PostQuitMessage
RemovePropW
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetPropW
GetDesktopWindow
GetWindow
GetPropW
IsWindowVisible
GetWindowThreadProcessId
GetClassNameW
SendMessageTimeoutW
FindWindowW
EnumWindows
PostMessageW
IsWindow
CharUpperW

advapi32

RegEnumKeyExW
RegOpenKeyW
QueryServiceConfigW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
GetSecurityInfo
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegDeleteKeyW
RegDeleteValueW
LookupAccountNameW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CLSIDFromProgID
CoInitializeEx
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoLoadLibrary
CoFreeLibrary
CoCreateGuid

oleaut32

SysFreeString
SysAllocStringByteLen

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?nothrow@std@@3Unothrow_t@1@B
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBGI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEGXZ
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??_7bad_cast@std@@6B@
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??0bad_cast@std@@QAE@ABV01@@Z
?_Doraise@bad_cast@std@@MBEXXZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z

ws2_32

ntohl
htonl
htons
ntohs

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

wininet

InternetGetConnectedState
InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW

Exports

Exports

CancelDetector
GetDectectorResult
GetDectectorResultEx
InitDetector
InitDownloader
InitLoadLoadParam
NsisGetDectectorResult
NsisGetDectectorResultA
NsisGetDectectorResultEx
NsisRunDetector
NsisRunDetectorA
NsisRunDetectorEx
NsisWaitDetectorComplete
NsisWaitDetectorCompleteA
NsisWaitDetectorCompleteEx
QQBrowserModuleEntry
QQBrowserProcessParamVersion
ReleaseDR
RunDetector
RunDetectorEx
RunDetectorWithNotification
SetDriverService
SetGroupId
UnInitDetector
WaitDetectorComplete
WaitDetectorCompleteEx

Sections

.text
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac7cb30edef2046fc9180ca2994f0ef2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

76:57:c3:39:eb:73:c7:6d:7d:f6:a2:ad:47:8e:66:e3Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ceCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

2c:43:aa:13:3c:71:02:47:87:0a:d5:d4:d7:2b:47:3f:90:20:22:de:ba:c9:da:00:4a:e1:f7:f7:fa:8a:92:f8Signer

0c:a2:ef:6f:48:32:36:ac:2b:82:ee:0b:6a:36:7d:bd:14:ee:77:79Signer

Headers

File Characteristics

Imports

shlwapi

version

mfc42u

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp60

ws2_32

netapi32

wininet

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 301KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 20KB - Virtual size: 30KB

.rsrc Size: 92KB - Virtual size: 90KB

.reloc Size: 24KB - Virtual size: 23KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

76:57:c3:39:eb:73:c7:6d:7d:f6:a2:ad:47:8e:66:e3
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

2c:43:aa:13:3c:71:02:47:87:0a:d5:d4:d7:2b:47:3f:90:20:22:de:ba:c9:da:00:4a:e1:f7:f7:fa:8a:92:f8
Signer

0c:a2:ef:6f:48:32:36:ac:2b:82:ee:0b:6a:36:7d:bd:14:ee:77:79
Signer

.text
Size: 304KB - Virtual size: 301KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 20KB - Virtual size: 30KB

.rsrc
Size: 92KB - Virtual size: 90KB

.reloc
Size: 24KB - Virtual size: 23KB