7991bad4e2d1f36c5a9144d03cf37455c3c3ccc90f2c509ba8a295736776b79d

Sharing

Copy URL

Twitter E-mail

General

Target

7991bad4e2d1f36c5a9144d03cf37455c3c3ccc90f2c509ba8a295736776b79d
Size

2.0MB
MD5

6adc83fe20b721f6e980cb14cee244ee
SHA1

5f6049f7cb5e1c6d0c821be0ccf1717942f788e1
SHA256

7991bad4e2d1f36c5a9144d03cf37455c3c3ccc90f2c509ba8a295736776b79d
SHA512

3aa80abb9959870cf10c70674b8bbefc09d0d6c9884e6be846a90491f270ee8689a31cd8a081a92d6d6211278918f9a18d043e830c9779ba7e970d0809e847fe
SSDEEP

49152:pofmfo5xTV50fAfu/QFpnq2GloDdXKB0zOK4AATjj3lCgaTf:zQFYoDdXlMQ

Score

1^/10

Malware Config

Signatures

Files

7991bad4e2d1f36c5a9144d03cf37455c3c3ccc90f2c509ba8a295736776b79d
.exe windows:5 windows x86 arch:x86

3222db8787663d8777de4ac8ba2564fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:cf:6f:8a:41:9c:ad:3b:3b:de:ca:09:2b:cb:a3:fa
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02-02-2012 00:00

Not After

01-02-2015 23:59

Subject

CN=Guangzhou KuGou Computer Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Guangzhou KuGou Computer Technology Co.\, Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fb:ed:49:29:32:4b:23:ec:31:8c:24:9a:23:52:48:3e:17:cc:f6:bf
Signer

Actual PE Digest

fb:ed:49:29:32:4b:23:ec:31:8c:24:9a:23:52:48:3e:17:cc:f6:bf

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\buildersystem\workspace_7631\Sources\KuGou\branches\release_7631\bin\dlna_player.pdb

Imports

ws2_32

accept
WSAIoctl
WSAStartup
ntohl
WSACleanup
closesocket
WSASocketA
listen
bind
getaddrinfo
htonl
recvfrom
connect
ioctlsocket
getpeername
getsockopt
send
__WSAFDIsSet
freeaddrinfo
WSAGetLastError
socket
gethostname
recv
sendto
setsockopt
shutdown
getsockname
ntohs
select
htons

kernel32

HeapSetInformation
GetEnvironmentVariableA
ConnectNamedPipe
CreateNamedPipeW
CancelIo
InitializeCriticalSection
CreateEventA
SetThreadPriority
GetThreadPriority
CreateMutexA
OutputDebugStringA
GetModuleFileNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GetVersionExW
GetNativeSystemInfo
CreateIoCompletionPort
PostQueuedCompletionStatus
InterlockedExchange
GetQueuedCompletionStatus
TlsFree
TlsAlloc
WriteFile
TlsGetValue
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
CreateEventW
ResetEvent
SetEvent
FindNextFileW
FindClose
GetTempPathW
lstrlenW
FileTimeToSystemTime
CreateDirectoryW
FindFirstFileW
GetFileInformationByHandle
FlushFileBuffers
SetFilePointerEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
LocalFree
GetCommandLineW
CreateThread
IsDebuggerPresent
InterlockedExchangeAdd
GetModuleHandleA
SetLastError
FormatMessageA
GetTickCount
DeleteFileW
GetPrivateProfileIntW
RaiseException
WritePrivateProfileStringW
GetExitCodeProcess
GetCurrentThread
SetUnhandledExceptionFilter
CreateProcessW
SetErrorMode
GetLastError
GetFileSizeEx
GetCurrentProcessId
ReleaseMutex
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TerminateProcess
OpenProcess
WaitForSingleObject
GetCurrentProcess
CreateMutexW
GlobalUnlock
GlobalLock
SetFilePointer
MulDiv
GetStartupInfoW
GetCurrentDirectoryW
EncodePointer
DecodePointer
UnhandledExceptionFilter
MultiByteToWideChar
WideCharToMultiByte
SetFileAttributesW
ReadFile
GetFileSize
CreateFileW
MoveFileW
GetPrivateProfileStringW
Sleep
GetModuleHandleW
GetCurrentThreadId
GetProcAddress
LoadLibraryW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
OutputDebugStringW
GetFileAttributesW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
TlsSetValue
IsProcessorFeaturePresent
GetTimeZoneInformation

user32

DestroyWindow
GetKeyState
IsRectEmpty
GetWindow
GetWindowThreadProcessId
EndDeferWindowPos
SetWindowTextW
EnableWindow
IsWindowVisible
RegisterClassW
BeginDeferWindowPos
DeferWindowPos
EqualRect
GetCaretPos
SetWindowLongW
MonitorFromWindow
BringWindowToTop
UnionRect
IntersectRect
SetRect
GetAsyncKeyState
OffsetRect
GetWindowPlacement
GetForegroundWindow
GetClassInfoW
BeginPaint
SetFocus
GetClientRect
SetParent
WindowFromPoint
IsWindowEnabled
LoadCursorW
InvalidateRgn
AttachThreadInput
TrackMouseEvent
GetParent
GetFocus
IsZoomed
SetTimer
IsIconic
SetActiveWindow
GetWindowRect
ScreenToClient
SetWindowRgn
UpdateLayeredWindow
EnumDisplayMonitors
SetWindowPlacement
EndPaint
ReleaseDC
InvalidateRect
GetDC
SetRectEmpty
FillRect
SetCursor
UpdateWindow
DrawTextW
ClipCursor
DragDetect
DrawIconEx
GetSystemMetrics
GetQueueStatus
RegisterClassExW
CallMsgFilterW
PeekMessageW
MsgWaitForMultipleObjectsEx
CreateWindowExW
DefWindowProcW
SendMessageW
GetWindowLongW
TranslateMessage
DispatchMessageW
DestroyIcon
RegisterWindowMessageW
LoadIconW
UnregisterClassW
WaitMessage
KillTimer
MessageBoxW
GetCursorPos
PostQuitMessage
SystemParametersInfoW
CopyRect
PtInRect
IsWindow
PostMessageW
MonitorFromPoint
GetMonitorInfoW
SetWindowPos
SetCapture
SetForegroundWindow
GetMessageW
RegisterClipboardFormatW
IsChild
ReleaseCapture
GetCapture
ShowWindow
ClientToScreen

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetFolderPathW
SHGetPathFromIDListW
CommandLineToArgvW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
RegisterDragDrop
ReleaseStgMedium
CoInitialize

transmission

?CurlEasyPerform@kugou@@YA?AW4CURLcode@@PAX@Z
?CurlEasyCleanup@kugou@@YAXPAX@Z
?CurlEasySetOpt@kugou@@YA?AW4CURLcode@@PAXW4CURLoption@@0@Z
?CurlEasySetOpt@kugou@@YA?AW4CURLcode@@PAXW4CURLoption@@PBD@Z
?CurlEasyInit@kugou@@YAPAXXZ
?CurlEasyGetInfo@kugou@@YA?AW4CURLcode@@PAXW4CURLINFO@@PAN@Z
?CurlEasyGetInfo@kugou@@YA?AW4CURLcode@@PAXW4CURLINFO@@PAJ@Z
?CurlGlobalCleanup@kugou@@YAXXZ
?CurlGlobalInit@kugou@@YA?AW4CURLcode@@J@Z
?CurlEasySetOpt@kugou@@YA?AW4CURLcode@@PAXW4CURLoption@@J@Z

msvcp100

?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?toupper@?$ctype@_W@std@@QBE_W_W@Z
??1_Container_base12@std@@QAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?widen@?$ctype@D@std@@QBEDD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_BADOFF@std@@3_JB
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?_Xfunc@tr1@std@@YAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Incref@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??Bid@locale@std@@QAEIXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QBE_WD@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?narrow@?$ctype@_W@std@@QBED_WD@Z
?exceptions@ios_base@std@@QAEXH@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ

msvcr100

_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_cexit
__wgetmainargs
_amsg_exit
__CxxFrameHandler3
wcstok_s
_set_errno
wcsncpy
printf
qsort
_snprintf
strncmp
sscanf
abort
calloc
_ftime64_s
_dupenv_s
_wstat64
feof
_ftelli64
_snprintf_s
_beginthreadex
_vsnprintf_s
fread
realloc
strchr
_exit
malloc
free
_vsnwprintf_s
_vscwprintf
_vscprintf
ceil
srand
rand
_wfsopen
ldiv
_time64
wcscat_s
fprintf
wcsrchr
__iob_func
_localtime64_s
_errno
isspace
_wcsicmp
exit
_set_invalid_parameter_handler
_set_abort_behavior
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
signal
_set_purecall_handler
??0exception@std@@QAE@ABQBDH@Z
wcschr
vswprintf_s
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
memchr
sprintf
??8type_info@@QBE_NABV0@@Z
fclose
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
fwrite
_unlock_file
_lock_file
_wtoi
_swprintf
wprintf
iswprint
tolower
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
ungetc
fputc
fgetc
memcpy_s
??_V@YAXPAX@Z
??0exception@std@@QAE@XZ
wcscpy_s
_purecall
_vswprintf
memmove
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
_vsnprintf
wcstoul
_CxxThrowException
memset
memcpy
strerror
_wcsnicmp
wcsstr
wcsncmp
longjmp
strtod
getenv
_CIfmod
_CIpow
_CIacos
_CIsqrt
_CIsin
_CIcos
floor
_setjmp3
__CxxLongjmpUnwind
_CIexp
_CIlog
?what@exception@std@@UBEPBDXZ

winmm

timeSetEvent
timeBeginPeriod
timeGetTime
timeEndPeriod
timeKillEvent

dbghelp

MiniDumpWriteDump
SymGetModuleBase64
StackWalk64
SymFunctionTableAccess64

psapi

GetModuleInformation
GetModuleBaseNameW
EnumProcessModules

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdi32

GetDeviceCaps
PathToRegion
GetStockObject
PolyBezier
GetTextExtentPointW
SetPolyFillMode
BitBlt
AbortPath
BeginPath
EnumFontFamiliesExW
GetObjectType
CreateRectRgnIndirect
GetGlyphIndicesW
GetFontData
SetTextAlign
GetGlyphOutlineW
SetWorldTransform
GetTextExtentPointI
GetOutlineTextMetricsW
ExtTextOutW
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
GdiFlush
CreateFontIndirectW
CreateDIBSection
DeleteDC
SetTextColor
GetTextMetricsW
SetGraphicsMode
CreateRectRgn
CombineRgn
EndPath
GetRgnBox

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
IsTextUnicode

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3222db8787663d8777de4ac8ba2564fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

26:cf:6f:8a:41:9c:ad:3b:3b:de:ca:09:2b:cb:a3:faCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

fb:ed:49:29:32:4b:23:ec:31:8c:24:9a:23:52:48:3e:17:cc:f6:bfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

shell32

ole32

transmission

msvcp100

msvcr100

winmm

dbghelp

psapi

usp10

imm32

version

gdi32

advapi32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 393KB - Virtual size: 393KB

.data Size: 70KB - Virtual size: 92KB

.rsrc Size: 61KB - Virtual size: 61KB

.reloc Size: 99KB - Virtual size: 98KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

26:cf:6f:8a:41:9c:ad:3b:3b:de:ca:09:2b:cb:a3:fa
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

fb:ed:49:29:32:4b:23:ec:31:8c:24:9a:23:52:48:3e:17:cc:f6:bf
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 393KB - Virtual size: 393KB

.data
Size: 70KB - Virtual size: 92KB

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 99KB - Virtual size: 98KB