e1bfff59a828666570ad0e62549612582651c8acc13513328b5606100c9256a9

Sharing

Copy URL Twitter E-mail

General

Target

e1bfff59a828666570ad0e62549612582651c8acc13513328b5606100c9256a9
Size

1.5MB
MD5

b24ddb5301d175f578ab192330cbf467
SHA1

2e9a954c085a1b3bf4eb14f34c931ca952fe24b2
SHA256

e1bfff59a828666570ad0e62549612582651c8acc13513328b5606100c9256a9
SHA512

6cb856cb36f0f59bfe1274beffc48d5029e1f8c1007db8d3328437992e8eab2f2fb85f4b8e59d73ef385a2afa6fc9ddfd414818d478cde5054d1f11cbdbcad3d
SSDEEP

24576:dFnQZj6HM6dLL8Om96wd76xvAbAL0xzFeyJ6k:TAOHHGd76xvAbcAJPJ

Score

1^/10

Malware Config

Signatures

Files

e1bfff59a828666570ad0e62549612582651c8acc13513328b5606100c9256a9
.exe windows:5 windows x86 arch:x86

33e928c7cbc42343a6e477a6d4af528a

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:b6:43:51:e6:76:58:2d:e6:2b:81:c5:a4:10:23:a9:7a:76:5b:18:35:da:49:29:e0:98:2c:ce:4c:54:19:ed
Signer

Actual PE Digest

26:b6:43:51:e6:76:58:2d:e6:2b:81:c5:a4:10:23:a9:7a:76:5b:18:35:da:49:29:e0:98:2c:ce:4c:54:19:ed

Digest Algorithm

sha256

PE Digest Matches

false

a1:43:29:1e:06:a0:19:9f:ad:04:9c:8d:c1:7b:24:47:3a:3b:2d:0c
Signer

Actual PE Digest

a1:43:29:1e:06:a0:19:9f:ad:04:9c:8d:c1:7b:24:47:3a:3b:2d:0c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\dailybuild_fix\wegame_client\build\bin\Release\wegame_streaming_service.pdb

Imports

common

?extract_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?extract_name@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?gen_relative_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV34@@Z
?enable_static_detail_log@common@ierd_tgp@@YAX_N@Z
?is_static_detail_log@common@ierd_tgp@@YA_NXZ
?enable_one_more_instance@common@ierd_tgp@@YAX_N@Z
?enable_app_session_end@common@ierd_tgp@@YAX_N@Z
?set_qos_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXK@Z
?set_ver@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABUversion_t@common@4@@Z
?set_machine_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_qm_report_guid@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_session_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_uid@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_channel_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABH@Z
?set_bind_game_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXAB_K@Z
?gen_seq_num@@YAGXZ
?SetStartForID@Qos@qos@adapt_for_imports@ierd_tgp@@QAEX_K@Z
?set_client_version_type@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXH@Z
?GetLastLoginedUin@common@ierd_tgp@@YA_KXZ
?extract_op_from_cmd@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAH@Z
??0Application@common@ierd_tgp@@QAE@HQAPAD_NKK1ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1Application@common@ierd_tgp@@UAE@XZ
?get_session_id@Application@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_machine_id@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?set_machine_guid_async@Application@common@ierd_tgp@@SAXXZ
?get_exe_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?set_app_path@Application@common@ierd_tgp@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?process@Application@common@ierd_tgp@@QAEXXZ
?stamp_point@@YAXPBD@Z
?stamp_uninit@@YAXXZ
??1ShareMemory@Memory@ierd_tgp@@QAE@XZ
?MainThreadTaskUpdate@common@ierd_tgp@@YAXXZ
?get_client_id@util_client_info@ierd_tgp@@YAHXZ
?load_config@Component_mgr@common@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?get_cfg_by_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@_N@Z
?init@Component_mgr@common@ierd_tgp@@QAE_NXZ
?WaitForStop@Qos@qos@adapt_for_imports@ierd_tgp@@QAE_NI@Z
?inited@Component_mgr@common@ierd_tgp@@QAEXXZ
?uninitialize@Component_mgr@common@ierd_tgp@@QAEXXZ
?tick@Component_mgr@common@ierd_tgp@@QAEXN@Z
?load_proxy_param@wgl_helper@net@ierd_tgp@@YAXPBDPAUstWeGameLoginProxyInfo@wgl@@@Z
?get_client_type@overseas@ierd_tgp@@YAHXZ
?IsProcessRunning@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@5@@Z
?get_system_name@Sys_wrapper@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?instance@Application@common@ierd_tgp@@SAPAV123@XZ
?get_workingdir_path_ex@Application@common@ierd_tgp@@SA?AVpath@filesystem@3@XZ
?get_exe_path_ex@Application@common@ierd_tgp@@SA?AVpath@filesystem@3@XZ
?get_first_mac@common@ierd_tgp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_qm_report_guid@common@ierd_tgp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_coexist_name@util_multi_instance@ierd_tgp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
??1BaseTimer@base@@QAE@XZ
??0BaseTimer@base@@QAE@XZ
?Stop@BaseTimer@base@@QAEX_N@Z
?StartInterval@BaseTimer@base@@QAE_NIV?$function@$$A6AXXZ@std@@I@Z
?get_root_path@common@ierd_tgp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?file_exists@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?extract_path@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV34@@Z
?find_component@Component_mgr@common@ierd_tgp@@QAE?AV?$weak_ptr@UIComponent@common@ierd_tgp@@@std@@ABVcomponent_interface_type@23@@Z
?get_comp_mgr_instance@common@ierd_tgp@@YAAAVComponent_mgr@12@XZ
?unreg_all_service@@YAXPAX@Z
?unreg_all_msg_handler@@YAXPAX@Z
?get_log_instance@base@@YAPAVILogger@1@XZ
?DESEncrypt@@YA_NPBDAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4EPadType@@W4EDESMode@@@Z
?Uninit@WndMsgReceiver@Tenio@@QAE_NXZ
?Init@WndMsgReceiver@Tenio@@QAE_NPBD@Z
??1WndMsgReceiver@Tenio@@QAE@XZ
??0WndMsgReceiver@Tenio@@QAE@XZ
?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@YAAAVQos@123@XZ
?report@Qos@qos@adapt_for_imports@ierd_tgp@@QAE_NABUQos_data_base@234@W4Qos_occasion@234@@Z
?remove_qos_invalid_text@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?loc_to_u8@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z
??_0path@filesystem@ierd_tgp@@QAEAAV012@PB_W@Z
?LoadStr@overseas@ierd_tgp@@YAPB_WV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?DESDecrypt@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV12@PBDW4EPadType@@W4EDESMode@@@Z
?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z

jiamao.pyd

WGLoginSetLogCallBack
WGLoginGetLogin
WGLoginExit

kernel32

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetModuleHandleW
InterlockedDecrement
OpenEventA
CreateEventA
CloseHandle
WaitForSingleObject
SetEvent
GetCurrentProcessId
WideCharToMultiByte
LocalFree
FormatMessageA
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
CreateEventW
WaitForSingleObjectEx
ResetEvent
OutputDebugStringW
IsDebuggerPresent
GetModuleHandleA
InterlockedCompareExchange
GetSystemInfo
SwitchToThread
Sleep
GetComputerNameW
GetPrivateProfileStringW
GetPrivateProfileStringA
CreateProcessW
GetModuleFileNameW
LoadLibraryW
GetLastError
TerminateProcess
GetCurrentProcess
GetProcAddress
GetTickCount

user32

LoadCursorA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
FindWindowA
PostMessageA
SendMessageA
wsprintfW
PostQuitMessage

shell32

ShellExecuteExW

ole32

CoUninitialize
StringFromGUID2
CoInitializeEx

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VariantClear

msvcp140

?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?unsetf@ios_base@std@@QAEXH@Z
?setf@ios_base@std@@QAEHH@Z
??Bios_base@std@@QBE_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?id@?$ctype@D@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Syserror_map@std@@YAPBDH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_alloc@std@@YAXXZ
??Bid@locale@std@@QAEIXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?eof@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
?bad@ios_base@std@@QBE_NXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

iphlpapi

GetAdaptersAddresses

ws2_32

ntohs
WSAAddressToStringA
WSAGetLastError
inet_ntoa
inet_addr
ntohl

vcruntime140

__RTDynamicCast
_purecall
memcpy
memmove
_except_handler4_common
memset
__std_terminate
__std_type_info_name
memchr
memcmp
_CxxThrowException
__std_exception_destroy
__std_exception_copy
strchr
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

__p___argv
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
__p___argc
_controlfp_s
_seh_filter_exe
_cexit
exit
_crt_atexit
terminate
_configure_narrow_argv
_exit
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
strerror
_errno
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo
_set_app_type

api-ms-win-crt-stdio-l1-1-0

fwrite
fputc
__acrt_iob_func
_set_fmode
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__p__commode
__stdio_common_vfprintf
__stdio_common_vsscanf
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fread
fsetpos
_fseeki64
setvbuf
ungetc

api-ms-win-crt-string-l1-1-0

_stricmp
strcpy_s
_wcsnicmp
wcslen
strpbrk

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
free

api-ms-win-crt-utility-l1-1-0

srand
ldiv

api-ms-win-crt-convert-l1-1-0

strtol
strtod
_strtoi64
strtoul
_strtoui64

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 583KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 747KB - Virtual size: 747KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33e928c7cbc42343a6e477a6d4af528a

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

26:b6:43:51:e6:76:58:2d:e6:2b:81:c5:a4:10:23:a9:7a:76:5b:18:35:da:49:29:e0:98:2c:ce:4c:54:19:edSigner

a1:43:29:1e:06:a0:19:9f:ad:04:9c:8d:c1:7b:24:47:3a:3b:2d:0cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

common

jiamao.pyd

kernel32

user32

shell32

ole32

oleaut32

msvcp140

iphlpapi

ws2_32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 583KB - Virtual size: 582KB

.rdata Size: 147KB - Virtual size: 146KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 747KB - Virtual size: 747KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

26:b6:43:51:e6:76:58:2d:e6:2b:81:c5:a4:10:23:a9:7a:76:5b:18:35:da:49:29:e0:98:2c:ce:4c:54:19:ed
Signer

a1:43:29:1e:06:a0:19:9f:ad:04:9c:8d:c1:7b:24:47:3a:3b:2d:0c
Signer

.text
Size: 583KB - Virtual size: 582KB

.rdata
Size: 147KB - Virtual size: 146KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 747KB - Virtual size: 747KB