9f92bab405523637cba92a8ff283756d00a01674422a2bce699cde6aa949d826

Sharing

Copy URL Twitter E-mail

General

Target

9f92bab405523637cba92a8ff283756d00a01674422a2bce699cde6aa949d826
Size

4.8MB
MD5

b79d69aaf67a0fda70374acca614ef2f
SHA1

a12633609cc7ebcd8175aabc25e514b9029f8e04
SHA256

9f92bab405523637cba92a8ff283756d00a01674422a2bce699cde6aa949d826
SHA512

dcfbd224502161c243819313aeea1787211de5f462a9680329780b1a7efcba33c2161ef3d31d121cfb415d1baad4d5e201bf32d039e3587aa6b81b59a208b1f3
SSDEEP

49152:8J+39ND3Ph2taJX9RDUIUvvXD5c4E4DCQUG2DptVpFsgMyZh2dpZAXJEL:EKL7PEOX9evFcKDlj2HVcaZh2dkXJEL

Score

1^/10

Malware Config

Signatures

Files

9f92bab405523637cba92a8ff283756d00a01674422a2bce699cde6aa949d826
.exe windows:4 windows x86 arch:x86

7b72613656febe22ee87be669e792542

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/05/2021, 00:00

Not After

21/08/2024, 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:1b:28:44:e8:d1:fc:2d:3f:64:77:ec:26:8d:29:74:92:03:c8:a7:6a:b8:8a:4f:f7:76:5e:8f:a7:86:5c:fe
Signer

Actual PE Digest

1a:1b:28:44:e8:d1:fc:2d:3f:64:77:ec:26:8d:29:74:92:03:c8:a7:6a:b8:8a:4f:f7:76:5e:8f:a7:86:5c:fe

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

freeimageplus

?rescale@fipImage@@QAEHIIW4FREE_IMAGE_FILTER@@@Z
??0fipWinImage@@QAE@W4FREE_IMAGE_TYPE@@III@Z
??1fipWinImage@@UAE@XZ
?saveU@fipImage@@QBEHPB_WH@Z
?isValid@fipWinImage@@UBEHXZ
?clear@fipWinImage@@UAEXXZ
??0fipMemoryIO@@QAE@PAEK@Z
??1fipMemoryIO@@UAE@XZ
?getFileType@fipMemoryIO@@QBE?AW4FREE_IMAGE_FORMAT@@XZ
?loadFromMemory@fipImage@@QAEHAAVfipMemoryIO@@H@Z
?getWidth@fipImage@@QBEIXZ
?getHeight@fipImage@@QBEIXZ

kernel32

GlobalLock
LoadLibraryExW
GlobalAlloc
OpenProcess
TerminateProcess
lstrcmpiW
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
InterlockedIncrement
WriteFile
LocalAlloc
SetFilePointer
LocalFree
WaitForSingleObject
GetExitCodeThread
SetEvent
CreateEventW
WaitForMultipleObjects
WritePrivateProfileStringW
ResetEvent
DeleteFileW
GetCommandLineW
RemoveDirectoryW
CopyFileW
MoveFileW
DeleteCriticalSection
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetLogicalDriveStringsW
Process32NextW
QueryDosDeviceW
ExpandEnvironmentStringsW
ReadProcessMemory
CreateToolhelp32Snapshot
Process32FirstW
GetSystemDirectoryW
InterlockedCompareExchange
OpenMutexW
ReleaseMutex
CreateProcessW
GetTempPathW
GetComputerNameA
GetDiskFreeSpaceExW
GetCurrentDirectoryW
SetCurrentDirectoryW
FileTimeToSystemTime
GetFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
GlobalUnlock
GlobalFree
CreateMutexW
Sleep
GetCurrentProcessId
FindResourceW
GetPrivateProfileStringW
SizeofResource
GetSystemTime
SystemTimeToFileTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
SwitchToFiber
DeleteFiber
GetVersion
GetModuleHandleExW
InterlockedExchangeAdd
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
GetFileType
PeekNamedPipe
GetStdHandle
DuplicateHandle
TerminateThread
FormatMessageW
SleepEx
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LoadResource
LockResource
GetProcAddress
FreeResource
LeaveCriticalSection
FreeLibrary
CreateFileW
LoadLibraryW
FindResourceExW
GetFileSize
EnterCriticalSection
RaiseException
GetLocalTime
ReadFile
CloseHandle
OutputDebugStringW
InitializeCriticalSection
GetPrivateProfileIntW
GetVersionExW
SetLastError
GetModuleFileNameW
lstrlenA
GetCurrentThreadId
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetWindowsDirectoryW
GetCurrentProcess
GetLastError
InterlockedExchange
WideCharToMultiByte
lstrlenW
CreateThread

user32

GetDlgCtrlID
MapWindowPoints
BeginPaint
SetCursor
EnableWindow
ShowWindow
GetFocus
LoadCursorW
IsChild
EndPaint
GetWindowThreadProcessId
GetNextDlgTabItem
FindWindowW
GetForegroundWindow
SendMessageW
UpdateLayeredWindow
IsDialogMessageW
SetCapture
SystemParametersInfoW
KillTimer
LoadImageW
SetWindowPos
OffsetRect
ReleaseCapture
AttachThreadInput
LoadIconW
GetCursorPos
SetForegroundWindow
DestroyIcon
GetActiveWindow
PostMessageW
IsWindowVisible
CallWindowProcW
GetDC
EqualRect
IsWindowEnabled
DestroyWindow
MonitorFromWindow
ScreenToClient
PeekMessageW
ReleaseDC
DrawTextW
GetMonitorInfoW
IsWindow
IsRectEmpty
CopyRect
GetMessageW
TranslateMessage
DefWindowProcW
DispatchMessageW
PostThreadMessageW
RegisterWindowMessageW
InflateRect
GetClassInfoExW
SetFocus
BringWindowToTop
IsIconic
CharNextW
GetWindowRect
DrawIconEx
LoadBitmapW
GetWindow
GetParent
IntersectRect
CreateWindowExW
MoveWindow
GetDlgItem
PtInRect
wsprintfW
GetAsyncKeyState
FillRect
GetClientRect
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
SetRectEmpty
ClientToScreen
GetDesktopWindow
RegisterClassExW
InvalidateRect
SetActiveWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetTimer
SwitchToThisWindow
SetWindowLongW
SetRect
GetLastActivePopup

gdi32

SetStretchBltMode
StretchBlt
CreateSolidBrush
ExtCreatePen
SetDIBColorTable
RectInRegion
MoveToEx
BitBlt
DeleteObject
Rectangle
SelectObject
SetTextColor
SetBkMode
CreateCompatibleDC
CreateDIBSection
GetCurrentObject
CreateCompatibleBitmap
SetViewportOrgEx
GetClipRgn
ExtSelectClipRgn
GetStockObject
RoundRect
GetObjectW
GetViewportOrgEx
OffsetRgn
GetDeviceCaps
SaveDC
CreateRectRgnIndirect
CreatePen
GetTextColor
CreateBitmap
CombineRgn
CreateRoundRectRgn
RestoreDC
CreateRectRgn
TextOutW
SetBkColor
GetTextExtentPoint32W
ExtTextOutW
SelectClipRgn
DeleteDC
LineTo
CreateFontIndirectW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

CryptDecrypt
CryptDestroyKey
CryptEnumProvidersW
RegisterEventSourceW
ReportEventW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
DeregisterEventSource
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashW
CryptSetHashParam
CryptCreateHash
CryptGetProvParam

shell32

SHCreateDirectoryExW
Shell_NotifyIconW
SHBrowseForFolderW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW
DragAcceptFiles
DragQueryFileW
CommandLineToArgvW
ord680
ShellExecuteW
SHGetFolderPathW

ole32

CoCreateGuid
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
VarUI4FromStr
SysFreeString

shlwapi

PathFileExistsW
PathRemoveFileSpecW
StrToIntA
StrToIntW
PathFindFileNameW
StrStrIW
PathAppendW
PathIsDirectoryW
StrCmpLogicalW
PathFindExtensionW
PathAddBackslashW

msvcp80

?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipDeletePrivateFontCollection
GdipDeleteFontFamily
GdipGetFontSize
GdipCreateLineBrushFromRectWithAngleI
GdipSetClipPath
GdipNewPrivateFontCollection
GdipFree
GdipCreatePen1
GdipAddPathStringI
GdipMeasureString
GdipSetSmoothingMode
GdipDisposeImageAttributes
GdipGetFamily
GdipCreateImageAttributes
GdipDeleteBrush
GdipDrawLinesI
GdipSetPixelOffsetMode
GdipCreateFontFromLogfontW
GdipAddPathRectangleI
GdipSetInterpolationMode
GdipDeleteFont
GdipCloneBrush
GdiplusStartup
GdipGetImageGraphicsContext
GdipFillPath
GdipClosePathFigure
GdipDeletePen
GdipCreateFont
GdipCreateBitmapFromScan0
GdipAddPathPieI
GdipRotateWorldTransform
GdipLoadImageFromFile
GdipAddPathArcI
GdiplusShutdown
GdipCreateBitmapFromStream
GdipDrawString
GdipDeletePath
GdipCloneImage
GdipSetTextRenderingHint
GdipCreatePath
GdipDrawPath
GdipDisposeImage
GdipSetStringFormatTrimming
GdipLoadImageFromStream
GdipCreateHBITMAPFromBitmap
GdipDrawImagePointsRectI
GdipImageRotateFlip
GdipCloneBitmapArea
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipSetPenDashStyle
GdipSetPenEndCap
GdipDeleteGraphics
GdipSetImageAttributesColorMatrix
GdipGraphicsClear
GdipSetPenStartCap
GdipCreateFromHDC
GdipPrivateAddFontFile
GdipDrawImageRectI
GdipCreateStringFormat
GdipSetPenMode
GdipGetFontCollectionFamilyCount
GdipCreateSolidFill
GdipDrawImageI
GdipDeleteStringFormat
GdipAlloc
GdipDrawImageRectRectI
GdipDrawLine
GdipFillRectangle
GdipSetStringFormatFlags
GdipDrawImageRectRect
GdipGetFontCollectionFamilyList
GdipSetStringFormatAlign
GdipGetImageHeight
GdipSetCompositingQuality
GdipDrawRectangleI
GdipCloneFontFamily
GdipFillRectangleI
GdipSetStringFormatLineAlign
GdipGetImageWidth
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipAddPathEllipseI
GdipGetImagePixelFormat
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipBitmapUnlockBits

msvcr80

_vsnwprintf
_mktime64
_get_errno
wcstok
_findclose
_wfindnext64i32
_wfindfirst64i32
strcpy_s
_snwprintf_s
_wstat64
_localtime64_s
_wtoi64
setlocale
wcsncmp
_wcsnicmp
wcspbrk
iswspace
strchr
isspace
strncmp
isalpha
_wtol
__CxxFrameHandler3
_CxxThrowException
sprintf_s
strpbrk
sprintf
sscanf
__argv
fgetws
fputws
fflush
?terminate@@YAXXZ
_unlock
__dllonexit
strcspn
_strdup
raise
_vsnprintf
_gmtime64_s
feof
_setmode
_strnicmp
strspn
strerror_s
_stat64i32
_fileno
_fstat64i32
setbuf
clearerr
qsort
_stat64
getenv
_fstat64
_gmtime64
_lseeki64
_encode_pointer
_lock
_onexit
strncpy
strerror
__sys_nerr
strtol
fputs
fopen
fgets
_errno
memchr
_strtoi64
toupper
strrchr
strstr
isdigit
isxdigit
strtoul
realloc
strcpy
__iob_func
_stricmp
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_putenv
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_wstat32
signal
_read
_close
_open
_decode_pointer
tolower
isalnum
fprintf
ftell
_vsnprintf_s
ferror
fputc
memmove
strcat
fseek
fwrite
memcmp
fclose
fread
_wfopen
wcscat_s
_mbsinc
wcscat
_wcslwr_s
_resetstkoflw
_wcsupr_s
??8type_info@@QBE_NABV0@@Z
_mbsstr
_time64
rand
srand
_wcsicmp
wcstol
_beginthreadex
__wargv
__argc
wcsncpy_s
_waccess
printf
free
_wtoi
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
calloc
??2@YAPAXI@Z
wcschr
swprintf_s
_mbscmp
strlen
_recalloc
memmove_s
abs
labs
_mbsicmp
_invalid_parameter_noinfo
vswprintf_s
?what@exception@std@@UBEPBDXZ
memset
??_V@YAXPAX@Z
_vscwprintf
ceil
vsprintf_s
floor
_vscprintf
wcsrchr
wcscpy_s
_wtof
_mbschr
memcpy_s
wcslen
??0exception@std@@QAE@ABV01@@Z
wcsstr
wcsspn
memcpy
??0exception@std@@QAE@XZ
wcscmp
strcmp
wcscspn
atoi
malloc
__RTDynamicCast
_purecall
??3@YAXPAX@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

getsockname
getsockopt
inet_addr
connect
ioctlsocket
socket
WSASetLastError
WSAGetLastError
setsockopt
send
select
__WSAFDIsSet
accept
listen
recvfrom
sendto
gethostbyname
recv
ntohs
htons
closesocket
inet_ntoa
WSACleanup
bind
WSAStartup

winmm

timeGetTime

crypt32

CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 676KB - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 64KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7b72613656febe22ee87be669e792542

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1a:1b:28:44:e8:d1:fc:2d:3f:64:77:ec:26:8d:29:74:92:03:c8:a7:6a:b8:8a:4f:f7:76:5e:8f:a7:86:5c:feSigner

Headers

File Characteristics

Imports

freeimageplus

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp80

comctl32

msimg32

gdiplus

msvcr80

version

ws2_32

winmm

crypt32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 676KB - Virtual size: 675KB

.data Size: 64KB - Virtual size: 81KB

Size: 2.0MB - Virtual size: 2.0MB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1a:1b:28:44:e8:d1:fc:2d:3f:64:77:ec:26:8d:29:74:92:03:c8:a7:6a:b8:8a:4f:f7:76:5e:8f:a7:86:5c:fe
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 676KB - Virtual size: 675KB

.data
Size: 64KB - Virtual size: 81KB