Archive[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Archive.zip
Size

1.3MB
MD5

8c0bb53e0538c1adaca7e4abc98a5cb6
SHA1

b434570da7d56b30d5e2e5cf4d611dcdc1af2a52
SHA256

34ac5e62f1054f09514c479c48942c620728dd2dc80c70ef5e5ee31b1a204056
SHA512

0f1ad72cb083de320ee92e89c92ab3ba663d24f304789828d72c50175000443f41cfff0c855d9844335f60cb4b7623f163c0140661b69c4ff6dd8be001446b70
SSDEEP

24576:eWvopIV6fkhwOX1E3HtpXjqFwuShzifb6iXzCF9wqj1Umep5nM:KOV6chwK1E3Hvz6Shefb6Fwqj1kI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/m_darkgate_6_5.bin

Files

Archive.zip
.zip
91da55b1d1f81028ab95e9713408f68301f445562e98a2753ba6a22c193abda8
.exe windows:4 windows x86 arch:x86

3f3ba6e4f0cb53473fb6baf946a3d4ee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:20:eb:33:80:79:2a:b0:11:f6:62:c0:64:fd:b4:73
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29/07/2015, 00:00

Not After

27/08/2017, 23:59

Subject

CN=Apple Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Apple Inc.,L=Cupertino,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:91:a5:bc:3e:4a:46:74:21:02:c2:b4:f5:d3:02:e0:bf:27:aa:7c
Signer

Actual PE Digest

5e:91:a5:bc:3e:4a:46:74:21:02:c2:b4:f5:d3:02:e0:bf:27:aa:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\bwa\quicktimeplayerwin-1680.96.30\srcroot\quicktimeplayerwin\projects\release\QuickTimePlayerLauncher.pdb

Imports

kernel32

SetDllDirectoryA
SetDllDirectoryW
GetSystemTimeAsFileTime
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentThreadId

user32

MessageBoxW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

msvcr80

_configthreadlocale
__setusermatherr
_initterm_e
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
getenv_s
strcat_s
_adjust_fdiv
memset

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
m_darkgate_6_5.bin
.dll windows:5 windows x86 arch:x86

b586b02e0fb2211c57d713285b28047a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BWA\CF-750.29\objroot\CoreFoundation.build\x86\Release\CoreFoundation.pdb

Imports

kernel32

UnmapViewOfFile
GetSystemInfo
WriteFile
GetLocaleInfoW
GetUserDefaultUILanguage
GetUserDefaultLCID
FlushFileBuffers
QueryPerformanceCounter
Sleep
InterlockedCompareExchange
GetModuleFileNameW
GetModuleHandleW
WideCharToMultiByte
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetLastError
MoveFileExW
DeviceIoControl
CreateFileA
GetSystemTimeAsFileTime
InterlockedDecrement
InterlockedIncrement
InterlockedExchangeAdd
GetCurrentDirectoryW
GetVolumeInformationW
SetErrorMode
GetLogicalDriveStringsW
IsValidCodePage
EnumSystemCodePagesA
GetCPInfo
MultiByteToWideChar
GetCurrentThreadId
RaiseException
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
CreateEventA
CloseHandle
WaitForMultipleObjects
SetEvent
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
LocalFree
GetCommandLineW
LoadLibraryA
GetACP
CreateFileMappingW
lstrcpyW
lstrlenW
VirtualQueryEx
MapViewOfFileEx
CreateFileW
OpenFileMappingW
ResumeThread
GetVersionExA
OutputDebugStringW
ReadFile
GetCurrentProcessId
GetTempPathA
ConnectNamedPipe
CreateNamedPipeA
DeleteFileA
CompareFileTime
GetOverlappedResult
SetNamedPipeHandleState
CreateProcessW
CreateMutexW
QueryPerformanceFrequency
GetTickCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentProcess
DuplicateHandle
CreateFileMappingA
MapViewOfFile
FindFirstFileW
FindClose
FindNextFileW
DebugBreak
LoadLibraryW
GetProcAddress
FreeLibrary
ResetEvent

user32

DispatchMessageW
MsgWaitForMultipleObjectsEx
wsprintfA
TranslateMessage
PeekMessageW

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetFolderPathAndSubDirW

ws2_32

htonl
bind
socket
send
WSACleanup
gethostname
recv
recvfrom
accept
htons
select
listen
setsockopt
sendto
ioctlsocket
connect
closesocket
getsockopt
getpeername
getsockname
__WSAFDIsSet
WSAGetLastError
WSAStartup

rpcrt4

UuidCreate

advapi32

GetUserNameW
CryptGenRandom
CryptAcquireContextW
GetCurrentHwProfileA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

CFAbsoluteTimeAddGregorianUnits
CFAbsoluteTimeGetCurrent
CFAbsoluteTimeGetDayOfWeek
CFAbsoluteTimeGetDayOfYear
CFAbsoluteTimeGetDifferenceAsGregorianUnits
CFAbsoluteTimeGetGregorianDate
CFAbsoluteTimeGetWeekOfYear
CFAllocatorAllocate
CFAllocatorCreate
CFAllocatorDeallocate
CFAllocatorGetContext
CFAllocatorGetDefault
CFAllocatorGetPreferredSizeForSize
CFAllocatorGetTypeID
CFAllocatorReallocate
CFAllocatorSetDefault
CFArrayAppendArray
CFArrayAppendValue
CFArrayApplyFunction
CFArrayBSearchValues
CFArrayContainsValue
CFArrayCreate
CFArrayCreateCopy
CFArrayCreateMutable
CFArrayCreateMutableCopy
CFArrayExchangeValuesAtIndices
CFArrayGetCount
CFArrayGetCountOfValue
CFArrayGetFirstIndexOfValue
CFArrayGetLastIndexOfValue
CFArrayGetTypeID
CFArrayGetValueAtIndex
CFArrayGetValues
CFArrayInsertValueAtIndex
CFArrayRemoveAllValues
CFArrayRemoveValueAtIndex
CFArrayReplaceValues
CFArraySetValueAtIndex
CFArraySortValues
CFAttributedStringBeginEditing
CFAttributedStringCreate
CFAttributedStringCreateCopy
CFAttributedStringCreateMutable
CFAttributedStringCreateMutableCopy
CFAttributedStringCreateWithSubstring
CFAttributedStringEndEditing
CFAttributedStringGetAttribute
CFAttributedStringGetAttributeAndLongestEffectiveRange
CFAttributedStringGetAttributes
CFAttributedStringGetAttributesAndLongestEffectiveRange
CFAttributedStringGetLength
CFAttributedStringGetMutableString
CFAttributedStringGetString
CFAttributedStringGetTypeID
CFAttributedStringOpenUText
CFAttributedStringRemoveAttribute
CFAttributedStringReplaceAttributedString
CFAttributedStringReplaceString
CFAttributedStringSetAttribute
CFAttributedStringSetAttributes
CFBSearch
CFBagAddValue
CFBagApplyFunction
CFBagContainsValue
CFBagCreate
CFBagCreateCopy
CFBagCreateMutable
CFBagCreateMutableCopy
CFBagGetCount
CFBagGetCountOfValue
CFBagGetTypeID
CFBagGetValue
CFBagGetValueIfPresent
CFBagGetValues
CFBagRemoveAllValues
CFBagRemoveValue
CFBagReplaceValue
CFBagSetValue
CFBinaryHeapAddValue
CFBinaryHeapApplyFunction
CFBinaryHeapContainsValue
CFBinaryHeapCreate
CFBinaryHeapCreateCopy
CFBinaryHeapGetCount
CFBinaryHeapGetCountOfValue
CFBinaryHeapGetMinimum
CFBinaryHeapGetMinimumIfPresent
CFBinaryHeapGetTypeID
CFBinaryHeapGetValues
CFBinaryHeapRemoveAllValues
CFBinaryHeapRemoveMinimumValue
CFBitVectorContainsBit
CFBitVectorCreate
CFBitVectorCreateCopy
CFBitVectorCreateMutable
CFBitVectorCreateMutableCopy
CFBitVectorFlipBitAtIndex
CFBitVectorFlipBits
CFBitVectorGetBitAtIndex
CFBitVectorGetBits
CFBitVectorGetCount
CFBitVectorGetCountOfBit
CFBitVectorGetFirstIndexOfBit
CFBitVectorGetLastIndexOfBit
CFBitVectorGetTypeID
CFBitVectorSetAllBits
CFBitVectorSetBitAtIndex
CFBitVectorSetBits
CFBitVectorSetCount
CFBooleanGetTypeID
CFBooleanGetValue
CFBundleCopyAuxiliaryExecutableURL
CFBundleCopyBuiltInPlugInsURL
CFBundleCopyBundleLocalizations
CFBundleCopyBundleURL
CFBundleCopyExecutableArchitectures
CFBundleCopyExecutableArchitecturesForURL
CFBundleCopyExecutableURL
CFBundleCopyInfoDictionaryForURL
CFBundleCopyInfoDictionaryInDirectory
CFBundleCopyLocalizationForLocalizationInfo
CFBundleCopyLocalizationsForPreferences
CFBundleCopyLocalizationsForURL
CFBundleCopyLocalizedString
CFBundleCopyPreferredLocalizationsFromArray
CFBundleCopyPrivateFrameworksURL
CFBundleCopyResourceURL
CFBundleCopyResourceURLForLocalization
CFBundleCopyResourceURLInDirectory
CFBundleCopyResourceURLsOfType
CFBundleCopyResourceURLsOfTypeForLocalization
CFBundleCopyResourceURLsOfTypeInDirectory
CFBundleCopyResourcesDirectoryURL
CFBundleCopySharedFrameworksURL
CFBundleCopySharedSupportURL
CFBundleCopySupportFilesDirectoryURL
CFBundleCreate
CFBundleCreateBundlesFromDirectory
CFBundleGetAllBundles
CFBundleGetBundleWithIdentifier
CFBundleGetDataPointerForName
CFBundleGetDataPointersForNames
CFBundleGetDevelopmentRegion
CFBundleGetFunctionPointerForName
CFBundleGetFunctionPointersForNames
CFBundleGetIdentifier
CFBundleGetInfoDictionary
CFBundleGetLocalInfoDictionary
CFBundleGetLocalizationInfoForLocalization
CFBundleGetMainBundle
CFBundleGetPackageInfo
CFBundleGetPackageInfoInDirectory
CFBundleGetPlugIn
CFBundleGetTypeID
CFBundleGetValueForInfoDictionaryKey
CFBundleGetVersionNumber
CFBundleIsExecutableLoaded
CFBundleLoadExecutable
CFBundleLoadExecutableAndReturnError
CFBundlePreflightExecutable
CFBundleUnloadExecutable
CFBurstTrieAdd
CFBurstTrieAddCharacters
CFBurstTrieAddCharactersWithWeight
CFBurstTrieAddUTF8String
CFBurstTrieAddUTF8StringWithWeight
CFBurstTrieAddWithWeight
CFBurstTrieContains
CFBurstTrieContainsCharacters
CFBurstTrieContainsUTF8String
CFBurstTrieCreate
CFBurstTrieCreateCursorForBytes
CFBurstTrieCreateFromFile
CFBurstTrieCreateFromMapBytes
CFBurstTrieCreateWithOptions
CFBurstTrieCursorAdvanceForBytes
CFBurstTrieCursorCreateByCopy
CFBurstTrieCursorGetPayload
CFBurstTrieCursorIsEqual
CFBurstTrieCursorRelease
CFBurstTrieFind
CFBurstTrieFindCharacters
CFBurstTrieFindUTF8String
CFBurstTrieGetCount
CFBurstTrieInsert
CFBurstTrieInsertCharacters
CFBurstTrieInsertCharactersWithWeight
CFBurstTrieInsertUTF8String
CFBurstTrieInsertUTF8StringWithWeight
CFBurstTrieInsertWithWeight
CFBurstTrieRelease
CFBurstTrieRetain
CFBurstTrieSerialize
CFBurstTrieSerializeWithFileDescriptor
CFBurstTrieSetCursorForBytes
CFBurstTrieTraverse
CFBurstTrieTraverseFromCursor
CFCalendarAddComponents
CFCalendarComposeAbsoluteTime
CFCalendarCopyCurrent
CFCalendarCopyGregorianStartDate
CFCalendarCopyLocale
CFCalendarCopyTimeZone
CFCalendarCreateWithIdentifier
CFCalendarDecomposeAbsoluteTime
CFCalendarGetComponentDifference
CFCalendarGetFirstWeekday
CFCalendarGetIdentifier
CFCalendarGetMaximumRangeOfUnit
CFCalendarGetMinimumDaysInFirstWeek
CFCalendarGetMinimumRangeOfUnit
CFCalendarGetOrdinalityOfUnit
CFCalendarGetRangeOfUnit
CFCalendarGetTimeRangeOfUnit
CFCalendarGetTypeID
CFCalendarSetFirstWeekday
CFCalendarSetGregorianStartDate
CFCalendarSetLocale
CFCalendarSetMinimumDaysInFirstWeek
CFCalendarSetTimeZone
CFCharacterSetAddCharactersInRange
CFCharacterSetAddCharactersInString
CFCharacterSetCompact
CFCharacterSetCreateBitmapRepresentation
CFCharacterSetCreateCopy
CFCharacterSetCreateInvertedSet
CFCharacterSetCreateMutable
CFCharacterSetCreateMutableCopy
CFCharacterSetCreateWithBitmapRepresentation
CFCharacterSetCreateWithCharactersInRange
CFCharacterSetCreateWithCharactersInString
CFCharacterSetFast
CFCharacterSetGetPredefined
CFCharacterSetGetTypeID
CFCharacterSetHasMemberInPlane
CFCharacterSetInitInlineBuffer
CFCharacterSetIntersect
CFCharacterSetInvert
CFCharacterSetIsCharacterMember
CFCharacterSetIsLongCharacterMember
CFCharacterSetIsSupersetOfSet
CFCharacterSetIsSurrogatePairMember
CFCharacterSetRemoveCharactersInRange
CFCharacterSetRemoveCharactersInString
CFCharacterSetUnion
CFCopyDescription
CFCopyHomeDirectoryURLForUser
CFCopySearchPathForDirectoriesInDomains
CFCopySystemVersionString
CFCopyTypeIDDescription
CFCopyUserName
CFDataAppendBytes
CFDataCreate
CFDataCreateCopy
CFDataCreateMutable
CFDataCreateMutableCopy
CFDataCreateWithBytesNoCopy
CFDataDeleteBytes
CFDataFind
CFDataGetBytePtr
CFDataGetBytes
CFDataGetLength
CFDataGetMutableBytePtr
CFDataGetTypeID
CFDataIncreaseLength
CFDataReplaceBytes
CFDataSetLength
CFDateCompare
CFDateCreate
CFDateFormatterCopyProperty
CFDateFormatterCreate
CFDateFormatterCreateDateFormatFromTemplate
CFDateFormatterCreateDateFormatsFromTemplates
CFDateFormatterCreateDateFromString
CFDateFormatterCreateStringWithAbsoluteTime
CFDateFormatterCreateStringWithDate
CFDateFormatterGetAbsoluteTimeFromString
CFDateFormatterGetDateStyle
CFDateFormatterGetFormat
CFDateFormatterGetLocale
CFDateFormatterGetTimeStyle
CFDateFormatterGetTypeID
CFDateFormatterSetFormat
CFDateFormatterSetProperty
CFDateGetAbsoluteTime
CFDateGetTimeIntervalSinceDate
CFDateGetTypeID
CFDictionaryAddValue
CFDictionaryApplyFunction
CFDictionaryContainsKey
CFDictionaryContainsValue
CFDictionaryCreate
CFDictionaryCreateCopy
CFDictionaryCreateMutable
CFDictionaryCreateMutableCopy
CFDictionaryGetCount
CFDictionaryGetCountOfKey
CFDictionaryGetCountOfValue
CFDictionaryGetKeyIfPresent
CFDictionaryGetKeysAndValues
CFDictionaryGetTypeID
CFDictionaryGetValue
CFDictionaryGetValueIfPresent
CFDictionaryRemoveAllValues
CFDictionaryRemoveValue
CFDictionaryReplaceValue
CFDictionarySetValue
CFEqual
CFErrorCopyDescription
CFErrorCopyFailureReason
CFErrorCopyRecoverySuggestion
CFErrorCopyUserInfo
CFErrorCreate
CFErrorCreateWithUserInfoKeysAndValues
CFErrorGetCallBackForDomain
CFErrorGetCode
CFErrorGetDomain
CFErrorGetTypeID
CFErrorSetCallBackForDomain
CFGetAllocator
CFGetRetainCount
CFGetSystemUptime
CFGetTypeID
CFGetUserName
CFGregorianDateGetAbsoluteTime
CFGregorianDateIsValid
CFHash
CFHashBytes
CFLocaleCopyAvailableLocaleIdentifiers
CFLocaleCopyCommonISOCurrencyCodes
CFLocaleCopyCurrent
CFLocaleCopyDisplayNameForPropertyValue
CFLocaleCopyISOCountryCodes
CFLocaleCopyISOCurrencyCodes
CFLocaleCopyISOLanguageCodes
CFLocaleCopyPreferredLanguages
CFLocaleCreate
CFLocaleCreateCanonicalLanguageIdentifierFromString
CFLocaleCreateCanonicalLocaleIdentifierFromScriptManagerCodes
CFLocaleCreateCanonicalLocaleIdentifierFromString
CFLocaleCreateComponentsFromLocaleIdentifier
CFLocaleCreateCopy
CFLocaleCreateLocaleIdentifierFromComponents
CFLocaleCreateLocaleIdentifierFromWindowsLocaleCode
CFLocaleGetIdentifier
CFLocaleGetLanguageCharacterDirection
CFLocaleGetLanguageLineDirection
CFLocaleGetLanguageRegionEncodingForLocaleIdentifier
CFLocaleGetSystem
CFLocaleGetTypeID
CFLocaleGetValue
CFLocaleGetWindowsLocaleCodeFromLocaleIdentifier
CFLog
CFMakeCollectable
CFMergeSortArray
CFMessagePortCreateLocal
CFMessagePortCreateRemote
CFMessagePortCreateRunLoopSource
CFMessagePortCreateUber
CFMessagePortGetContext
CFMessagePortGetInvalidationCallBack
CFMessagePortGetName
CFMessagePortGetTypeID
CFMessagePortInvalidate
CFMessagePortIsRemote
CFMessagePortIsValid
CFMessagePortSendRequest
CFMessagePortSetCloneCallout
CFMessagePortSetInvalidationCallBack
CFMessagePortSetName
CFMutableAttributedStringOpenUText
CFMutableStringOpenUText
CFNotificationCenterAddObserver
CFNotificationCenterGetDarwinNotifyCenter
CFNotificationCenterGetDistributedCenter
CFNotificationCenterGetLocalCenter
CFNotificationCenterGetTypeID
CFNotificationCenterPostNotification
CFNotificationCenterPostNotificationWithOptions
CFNotificationCenterRemoveEveryObserver
CFNotificationCenterRemoveObserver
CFNullGetTypeID
CFNumberCompare
CFNumberCreate
CFNumberFormatterCopyProperty
CFNumberFormatterCreate
CFNumberFormatterCreateNumberFromString
CFNumberFormatterCreateStringWithNumber
CFNumberFormatterCreateStringWithValue
CFNumberFormatterGetDecimalInfoForCurrencyCode
CFNumberFormatterGetFormat
CFNumberFormatterGetLocale
CFNumberFormatterGetStyle
CFNumberFormatterGetTypeID
CFNumberFormatterGetValueFromString
CFNumberFormatterSetFormat
CFNumberFormatterSetProperty
CFNumberGetByteSize
CFNumberGetType
CFNumberGetTypeID
CFNumberGetValue
CFNumberIsFloatType
CFPlugInAddInstanceForFactory
CFPlugInCreate
CFPlugInFindFactoriesForPlugInType
CFPlugInFindFactoriesForPlugInTypeInPlugIn
CFPlugInGetBundle
CFPlugInGetTypeID
CFPlugInInstanceCreate
CFPlugInInstanceCreateWithInstanceDataSize
CFPlugInInstanceGetFactoryName
CFPlugInInstanceGetInstanceData
CFPlugInInstanceGetInterfaceFunctionTable
CFPlugInInstanceGetTypeID
CFPlugInIsLoadOnDemand
CFPlugInRegisterFactoryFunction
CFPlugInRegisterFactoryFunctionByName
CFPlugInRegisterPlugInType
CFPlugInRemoveInstanceForFactory
CFPlugInSetLoadOnDemand
CFPlugInUnregisterFactory
CFPlugInUnregisterPlugInType
CFPreferencesAddSuitePreferencesToApp
CFPreferencesAppSynchronize
CFPreferencesAppValueIsForced
CFPreferencesCopyAppValue
CFPreferencesCopyApplicationList
CFPreferencesCopyKeyList
CFPreferencesCopyMultiple
CFPreferencesCopyValue
CFPreferencesFlushCaches
CFPreferencesGetAppBooleanValue
CFPreferencesGetAppIntegerValue
CFPreferencesRemoveSuitePreferencesFromApp
CFPreferencesSetAppValue
CFPreferencesSetMultiple
CFPreferencesSetValue
CFPreferencesSynchronize
CFPropertyListCreateData
CFPropertyListCreateDeepCopy
CFPropertyListCreateFromStream
CFPropertyListCreateFromXMLData
CFPropertyListCreateWithData
CFPropertyListCreateWithStream
CFPropertyListCreateXMLData
CFPropertyListIsValid
CFPropertyListWrite
CFPropertyListWriteToStream
CFQSortArray
CFReadStreamClose
CFReadStreamCopyError
CFReadStreamCopyProperty
CFReadStreamCreate
CFReadStreamCreateWithBytesNoCopy
CFReadStreamCreateWithData
CFReadStreamCreateWithFile
CFReadStreamGetBuffer
CFReadStreamGetError
CFReadStreamGetInfoPointer
CFReadStreamGetStatus
CFReadStreamGetTypeID
CFReadStreamHasBytesAvailable
CFReadStreamOpen
CFReadStreamRead
CFReadStreamScheduleWithRunLoop
CFReadStreamSetClient
CFReadStreamSetProperty
CFReadStreamSignalEvent
CFReadStreamUnscheduleFromRunLoop
CFRelease
CFRetain
CFRunArrayCreate
CFRunArrayDelete
CFRunArrayGetCount
CFRunArrayGetTypeID
CFRunArrayGetValueAtIndex
CFRunArrayGetValueAtRunArrayIndex
CFRunArrayInsert
CFRunArrayReplace
CFRunLoopAddCommonMode
CFRunLoopAddObserver
CFRunLoopAddSource
CFRunLoopAddTimer
CFRunLoopContainsObserver
CFRunLoopContainsSource
CFRunLoopContainsTimer
CFRunLoopCopyAllModes
CFRunLoopCopyCurrentMode
CFRunLoopGetCurrent
CFRunLoopGetMain
CFRunLoopGetNextTimerFireDate
CFRunLoopGetTypeID
CFRunLoopIsWaiting
CFRunLoopObserverCreate
CFRunLoopObserverCreateWithHandler
CFRunLoopObserverDoesRepeat
CFRunLoopObserverGetActivities
CFRunLoopObserverGetContext
CFRunLoopObserverGetOrder
CFRunLoopObserverGetTypeID

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.objc_im
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 770KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f3ba6e4f0cb53473fb6baf946a3d4ee

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2b:20:eb:33:80:79:2a:b0:11:f6:62:c0:64:fd:b4:73Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5e:91:a5:bc:3e:4a:46:74:21:02:c2:b4:f5:d3:02:e0:bf:27:aa:7cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcr80

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 920B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 4KB - Virtual size: 2KB

b586b02e0fb2211c57d713285b28047a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ws2_32

rpcrt4

advapi32

version

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 240KB - Virtual size: 244KB

.data Size: 71KB - Virtual size: 92KB

.idata Size: 16KB - Virtual size: 16KB

.objc_im Size: 1024B - Virtual size: 4KB

.rsrc Size: 770KB - Virtual size: 770KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2b:20:eb:33:80:79:2a:b0:11:f6:62:c0:64:fd:b4:73
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5e:91:a5:bc:3e:4a:46:74:21:02:c2:b4:f5:d3:02:e0:bf:27:aa:7c
Signer

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 920B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 240KB - Virtual size: 244KB

.data
Size: 71KB - Virtual size: 92KB

.idata
Size: 16KB - Virtual size: 16KB

.objc_im
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 770KB - Virtual size: 770KB