43e90d89f0c4349debda10c1c6736152_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

43e90d89f0c4349debda10c1c6736152_JaffaCakes118
Size

7.2MB
MD5

43e90d89f0c4349debda10c1c6736152
SHA1

11b3dc628741b3fb8efb22017903d6118a5e4025
SHA256

025b5c06132c1891780252ba071f0d115cc9d253a9a5b0a78690607cadf518da
SHA512

52116f36fc45bfe68e8ac9fe851a9bf6f6e223bc9be33807da2d372ff38291d89ee6a54d75e9910394d421c4cea48bf1b3f934710c460633ada13e485fd0cdf3
SSDEEP

196608:jrUTMTSK3BF+5encO4QLGJGnLJBtTulr+PW+Vtqh:joIfEex4QLuGjRulrV+VtM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/BitcoinMixer.exe

resource
unpack001/BitcoinMixer.exe

Files

43e90d89f0c4349debda10c1c6736152_JaffaCakes118
.rar
BitcoinMixer.exe
.exe windows:4 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrcpy

Sections

Size: 50KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ptfhatcm
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bhhidjpa
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
NBug.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

57:6d:e7:2e:cd:6c:a2:1e:96:3c:cc:a1:5f:38:69:48
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04-02-2013 00:00

Not After

06-05-2015 23:59

Subject

CN=HIDEMAN LTD,OU=IT,O=HIDEMAN LTD,L=London,ST=Great Britain,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:7d:c5:6d:a2:70:0c:90:05:4c:87:00:91:10:a8:4f:5b:32:d9:e7
Signer

Actual PE Digest

08:7d:c5:6d:a2:70:0c:90:05:4c:87:00:91:10:a8:4f:5b:32:d9:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dev\NBug\NBug\obj\Release\NBug.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

57:6d:e7:2e:cd:6c:a2:1e:96:3c:cc:a1:5f:38:69:48
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04-02-2013 00:00

Not After

06-05-2015 23:59

Subject

CN=HIDEMAN LTD,OU=IT,O=HIDEMAN LTD,L=London,ST=Great Britain,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

85:16:b9:cf:a7:4e:e9:28:13:38:c9:47:63:63:b2:99:05:29:eb:1f
Signer

Actual PE Digest

85:16:b9:cf:a7:4e:e9:28:13:38:c9:47:63:63:b2:99:05:29:eb:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Temp\Json\Working\Newtonsoft.Json\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
liblzo2-2.dll
.dll windows:4 windows x64 arch:x64

b685a60d3f35917b5b75262167909cde

Code Sign

04:d5:4d:c0:a2:01:6b:26:3e:ee:b2:55:d3:21:05:6e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-08-2013 00:00

Not After

02-09-2016 12:00

Subject

CN=OpenVPN Technologies\, Inc.,O=OpenVPN Technologies\, Inc.,L=Pleasanton,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-05-2014 00:00

Not After

03-06-2015 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:a1:c3:4d:6e:b9:25:8b:80:2a:7e:fa:a8:f2:b7:7c:61:f5:37:37
Signer

Actual PE Digest

34:a1:c3:4d:6e:b9:25:8b:80:2a:7e:fa:a8:f2:b7:7c:61:f5:37:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__iob_func
_amsg_exit
_initterm
_lock
_onexit
_unlock
abort
calloc
free
fwrite
malloc
memcmp
memcpy
memmove
memset
signal
strlen
strncmp
vfprintf

Exports

Exports

__lzo_align_gap
__lzo_init_v2
__lzo_ptr_linear
_lzo1b_1_compress_func
_lzo1b_2_compress_func
_lzo1b_3_compress_func
_lzo1b_4_compress_func
_lzo1b_5_compress_func
_lzo1b_6_compress_func
_lzo1b_7_compress_func
_lzo1b_8_compress_func
_lzo1b_99_compress_func
_lzo1b_9_compress_func
_lzo1b_do_compress
_lzo1b_get_compress_func
_lzo1b_store_run
_lzo1c_1_compress_func
_lzo1c_2_compress_func
_lzo1c_3_compress_func
_lzo1c_4_compress_func
_lzo1c_5_compress_func
_lzo1c_6_compress_func
_lzo1c_7_compress_func
_lzo1c_8_compress_func
_lzo1c_99_compress_func
_lzo1c_9_compress_func
_lzo1c_do_compress
_lzo1c_get_compress_func
_lzo1c_store_run
_lzo_config_check
_lzo_version_date
_lzo_version_string
lzo1_99_compress
lzo1_compress
lzo1_decompress
lzo1_info
lzo1a_99_compress
lzo1a_compress
lzo1a_decompress
lzo1a_info
lzo1b_1_compress
lzo1b_2_compress
lzo1b_3_compress
lzo1b_4_compress
lzo1b_5_compress
lzo1b_6_compress
lzo1b_7_compress
lzo1b_8_compress
lzo1b_999_compress
lzo1b_999_compress_callback
lzo1b_99_compress
lzo1b_9_compress
lzo1b_compress
lzo1b_decompress
lzo1b_decompress_safe
lzo1c_1_compress
lzo1c_2_compress
lzo1c_3_compress
lzo1c_4_compress
lzo1c_5_compress
lzo1c_6_compress
lzo1c_7_compress
lzo1c_8_compress
lzo1c_999_compress
lzo1c_999_compress_callback
lzo1c_99_compress
lzo1c_9_compress
lzo1c_compress
lzo1c_decompress
lzo1c_decompress_safe
lzo1f_1_compress
lzo1f_999_compress
lzo1f_999_compress_callback
lzo1f_decompress
lzo1f_decompress_safe
lzo1x_1_11_compress
lzo1x_1_12_compress
lzo1x_1_15_compress
lzo1x_1_compress
lzo1x_999_compress
lzo1x_999_compress_dict
lzo1x_999_compress_internal
lzo1x_999_compress_level
lzo1x_decompress
lzo1x_decompress_dict_safe
lzo1x_decompress_safe
lzo1x_optimize
lzo1y_1_compress
lzo1y_999_compress
lzo1y_999_compress_dict
lzo1y_999_compress_internal
lzo1y_999_compress_level
lzo1y_decompress
lzo1y_decompress_dict_safe
lzo1y_decompress_safe
lzo1y_optimize
lzo1z_999_compress
lzo1z_999_compress_dict
lzo1z_999_compress_internal
lzo1z_999_compress_level
lzo1z_decompress
lzo1z_decompress_dict_safe
lzo1z_decompress_safe
lzo2a_999_compress
lzo2a_999_compress_callback
lzo2a_decompress
lzo2a_decompress_safe
lzo_adler32
lzo_copyright
lzo_crc32
lzo_get_crc32_table
lzo_memcmp
lzo_memcpy
lzo_memmove
lzo_memset
lzo_version
lzo_version_date
lzo_version_string

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libpkcs11-helper-1.dll
.dll windows:4 windows x64 arch:x64

0568c3f85cc20362da994ed98901dee7

Code Sign

04:d5:4d:c0:a2:01:6b:26:3e:ee:b2:55:d3:21:05:6e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-08-2013 00:00

Not After

02-09-2016 12:00

Subject

CN=OpenVPN Technologies\, Inc.,O=OpenVPN Technologies\, Inc.,L=Pleasanton,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-05-2014 00:00

Not After

03-06-2015 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:12:7b:4e:96:32:50:62:e3:a6:b1:36:4a:00:34:ba:5a:c6:56:d6
Signer

Actual PE Digest

48:12:7b:4e:96:32:50:62:e3:a6:b1:36:4a:00:34:ba:5a:c6:56:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libeay32

BN_bin2bn
DSA_SIG_free
DSA_SIG_new
DSA_free
DSA_get_default_method
DSA_get_ex_data
DSA_get_ex_new_index
DSA_set_ex_data
DSA_set_method
EVP_PKEY_free
EVP_PKEY_get1_DSA
EVP_PKEY_get1_RSA
OpenSSL_add_all_digests
RSA_free
RSA_get_default_method
RSA_get_ex_data
RSA_get_ex_new_index
RSA_set_ex_data
RSA_set_method
RSA_size
X509_NAME_cmp
X509_NAME_oneline
X509_cmp_current_time
X509_dup
X509_free
X509_get_issuer_name
X509_get_pubkey
X509_get_subject_name
X509_new
X509_verify
d2i_X509

kernel32

CloseHandle
CreateEventA
CreateMutexA
DeleteCriticalSection
EnterCriticalSection
FileTimeToSystemTime
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
ReleaseMutex
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEvent
SetUnhandledExceptionFilter
Sleep
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__dllonexit
__iob_func
_amsg_exit
_beginthreadex
_exit
_gmtime64
_initterm
_localtime64
_lock
_mktime64
_onexit
_time64
_unlock
abort
asctime
calloc
fprintf
free
fwrite
getenv
isgraph
isxdigit
malloc
memcpy
memmove
memset
raise
signal
sprintf
sscanf
strchr
strcmp
strlen
strncat
strncmp
strncpy
strrchr
vfprintf

user32

MessageBoxA

Exports

Exports

pkcs11h_addProvider
pkcs11h_certificate_create
pkcs11h_certificate_decrypt
pkcs11h_certificate_decryptAny
pkcs11h_certificate_deserializeCertificateId
pkcs11h_certificate_duplicateCertificateId
pkcs11h_certificate_ensureCertificateAccess
pkcs11h_certificate_ensureKeyAccess
pkcs11h_certificate_enumCertificateIds
pkcs11h_certificate_enumTokenCertificateIds
pkcs11h_certificate_freeCertificate
pkcs11h_certificate_freeCertificateId
pkcs11h_certificate_freeCertificateIdList
pkcs11h_certificate_getCertificateBlob
pkcs11h_certificate_getCertificateId
pkcs11h_certificate_getPromptMask
pkcs11h_certificate_getUserData
pkcs11h_certificate_lockSession
pkcs11h_certificate_releaseSession
pkcs11h_certificate_serializeCertificateId
pkcs11h_certificate_setCertificateIdCertificateBlob
pkcs11h_certificate_setPromptMask
pkcs11h_certificate_setUserData
pkcs11h_certificate_sign
pkcs11h_certificate_signAny
pkcs11h_certificate_signRecover
pkcs11h_certificate_unwrap
pkcs11h_data_del
pkcs11h_data_enumDataObjects
pkcs11h_data_freeDataIdList
pkcs11h_data_get
pkcs11h_data_put
pkcs11h_engine_setCrypto
pkcs11h_engine_setSystem
pkcs11h_forkFixup
pkcs11h_getFeatures
pkcs11h_getLogLevel
pkcs11h_getMessage
pkcs11h_getVersion
pkcs11h_initialize
pkcs11h_logout
pkcs11h_openssl_createSession
pkcs11h_openssl_freeSession
pkcs11h_openssl_getCleanupHook
pkcs11h_openssl_getX509
pkcs11h_openssl_session_getEVP
pkcs11h_openssl_session_getRSA
pkcs11h_openssl_session_getX509
pkcs11h_openssl_setCleanupHook
pkcs11h_plugAndPlay
pkcs11h_removeProvider
pkcs11h_setForkMode
pkcs11h_setLogHook
pkcs11h_setLogLevel
pkcs11h_setMaxLoginRetries
pkcs11h_setPINCachePeriod
pkcs11h_setPINPromptHook
pkcs11h_setProtectedAuthentication
pkcs11h_setSlotEventHook
pkcs11h_setTokenPromptHook
pkcs11h_terminate
pkcs11h_token_deserializeTokenId
pkcs11h_token_duplicateTokenId
pkcs11h_token_ensureAccess
pkcs11h_token_enumTokenIds
pkcs11h_token_freeTokenId
pkcs11h_token_freeTokenIdList
pkcs11h_token_login
pkcs11h_token_logout
pkcs11h_token_sameTokenId
pkcs11h_token_serializeTokenId

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ssleay32.dll
.dll windows:4 windows x64 arch:x64

f23ff6dbdcc04bcf6ba720483eae851f

Code Sign

04:d5:4d:c0:a2:01:6b:26:3e:ee:b2:55:d3:21:05:6e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-08-2013 00:00

Not After

02-09-2016 12:00

Subject

CN=OpenVPN Technologies\, Inc.,O=OpenVPN Technologies\, Inc.,L=Pleasanton,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20-05-2014 00:00

Not After

03-06-2015 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:ed:30:20:8f:8d:bb:c0:5f:01:52:d7:6c:d6:4a:7b:5c:aa:ba:57
Signer

Actual PE Digest

0c:ed:30:20:8f:8d:bb:c0:5f:01:52:d7:6c:d6:4a:7b:5c:aa:ba:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libeay32

ASN1_INTEGER_get
ASN1_INTEGER_set
ASN1_const_check_infinite_end
ASN1_get_object
ASN1_object_size
ASN1_put_object
BIO_callback_ctrl
BIO_clear_flags
BIO_copy_next_retry
BIO_ctrl
BIO_dump_indent
BIO_f_buffer
BIO_find_type
BIO_free
BIO_free_all
BIO_get_retry_reason
BIO_int_ctrl
BIO_method_type
BIO_new
BIO_pop
BIO_printf
BIO_push
BIO_puts
BIO_read
BIO_s_connect
BIO_s_file
BIO_s_mem
BIO_s_socket
BIO_set_flags
BIO_snprintf
BIO_test_flags
BIO_write
BN_CTX_free
BN_CTX_new
BN_bin2bn
BN_bn2bin
BN_clear_free
BN_copy
BN_dup
BN_free
BN_num_bits
BN_ucmp
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_memdup
BUF_strdup
BUF_strndup
COMP_CTX_free
COMP_CTX_new
COMP_compress_block
COMP_expand_block
COMP_zlib
CRYPTO_add_lock
CRYPTO_dup_ex_data
CRYPTO_free
CRYPTO_free_ex_data
CRYPTO_get_ex_data
CRYPTO_get_ex_new_index
CRYPTO_lock
CRYPTO_malloc
CRYPTO_mem_ctrl
CRYPTO_memcmp
CRYPTO_new_ex_data
CRYPTO_set_ex_data
DH_compute_key
DH_free
DH_generate_key
DH_new
DH_size
DHparams_dup
DSA_sign
DSA_verify
ECDH_compute_key
ECDSA_sign
ECDSA_verify
EC_GROUP_free
EC_GROUP_get_curve_name
EC_GROUP_get_degree
EC_GROUP_new_by_curve_name
EC_KEY_dup
EC_KEY_free
EC_KEY_generate_key
EC_KEY_get0_group
EC_KEY_get0_private_key
EC_KEY_get0_public_key
EC_KEY_new
EC_KEY_set_group
EC_KEY_set_private_key
EC_KEY_set_public_key
EC_KEY_up_ref
EC_METHOD_get_field_type
EC_POINT_copy
EC_POINT_free
EC_POINT_new
EC_POINT_oct2point
EC_POINT_point2oct
ENGINE_finish
ENGINE_get_ssl_client_cert_function
ENGINE_init
ENGINE_load_ssl_client_cert
ERR_add_error_data
ERR_clear_error
ERR_func_error_string
ERR_load_crypto_strings
ERR_load_strings
ERR_peek_error
ERR_peek_last_error
ERR_put_error
EVP_CIPHER_CTX_block_size
EVP_CIPHER_CTX_cipher
EVP_CIPHER_CTX_cleanup
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_flags
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_init
EVP_CIPHER_CTX_iv_length
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_new
EVP_CIPHER_block_size
EVP_CIPHER_flags
EVP_CIPHER_iv_length
EVP_CIPHER_key_length
EVP_Cipher
EVP_CipherInit_ex
EVP_DecryptFinal
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_Digest
EVP_DigestFinal
EVP_DigestFinal_ex
EVP_DigestInit
EVP_DigestInit_ex
EVP_DigestSignFinal
EVP_DigestSignInit
EVP_DigestUpdate
EVP_EncryptFinal
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_MD_CTX_cleanup
EVP_MD_CTX_copy
EVP_MD_CTX_copy_ex
EVP_MD_CTX_create
EVP_MD_CTX_destroy
EVP_MD_CTX_init
EVP_MD_CTX_md
EVP_MD_CTX_set_flags
EVP_MD_size
EVP_MD_type
EVP_PKEY_CTX_ctrl
EVP_PKEY_CTX_free
EVP_PKEY_CTX_new
EVP_PKEY_asn1_find_str
EVP_PKEY_asn1_get0_info
EVP_PKEY_assign
EVP_PKEY_bits
EVP_PKEY_copy_parameters
EVP_PKEY_decrypt
EVP_PKEY_decrypt_init
EVP_PKEY_derive_set_peer
EVP_PKEY_encrypt
EVP_PKEY_encrypt_init
EVP_PKEY_free
EVP_PKEY_missing_parameters
EVP_PKEY_new
EVP_PKEY_new_mac_key
EVP_PKEY_sign
EVP_PKEY_sign_init
EVP_PKEY_size
EVP_PKEY_verify
EVP_PKEY_verify_init
EVP_SignFinal
EVP_VerifyFinal
EVP_add_cipher
EVP_add_digest
EVP_aes_128_cbc
EVP_aes_128_cbc_hmac_sha1
EVP_aes_128_gcm
EVP_aes_192_cbc
EVP_aes_256_cbc
EVP_aes_256_cbc_hmac_sha1
EVP_aes_256_gcm
EVP_camellia_128_cbc
EVP_camellia_256_cbc
EVP_des_cbc
EVP_des_ede3_cbc
EVP_dss1
EVP_ecdsa
EVP_enc_null
EVP_get_cipherbyname
EVP_get_digestbyname
EVP_idea_cbc
EVP_md5
EVP_rc2_40_cbc
EVP_rc2_cbc
EVP_rc4
EVP_rc4_hmac_md5
EVP_seed_cbc
EVP_sha1
EVP_sha224
EVP_sha256
EVP_sha384
EVP_sha512
HMAC_CTX_cleanup
HMAC_CTX_init
HMAC_Final
HMAC_Init_ex
HMAC_Update
MD5_Init
MD5_Transform
OBJ_NAME_add
OBJ_bsearch_
OBJ_find_sigid_algs
OBJ_nid2sn
OBJ_obj2nid
OCSP_RESPID_free
OPENSSL_DIR_end
OPENSSL_DIR_read
OPENSSL_cleanse
OpenSSLDie
PEM_ASN1_read
PEM_ASN1_read_bio
PEM_ASN1_write
PEM_ASN1_write_bio
PEM_read_bio_PrivateKey
PEM_read_bio_RSAPrivateKey
PEM_read_bio_X509
PEM_read_bio_X509_AUX
RAND_add
RAND_bytes
RAND_pseudo_bytes
RSAPrivateKey_dup
RSA_flags
RSA_free
RSA_new
RSA_private_decrypt
RSA_public_encrypt
RSA_sign
RSA_size
RSA_up_ref
RSA_verify
SHA1_Init
SHA1_Transform
SHA224_Init
SHA256_Init
SHA256_Transform
SHA384_Init
SHA512_Init
SHA512_Transform
SRP_Calc_A
SRP_Calc_B
SRP_Calc_client_key
SRP_Calc_server_key
SRP_Calc_u
SRP_Calc_x
SRP_Verify_A_mod_N
SRP_Verify_B_mod_N
SRP_check_known_gN_param
SRP_create_verifier_BN
SRP_get_default_gN
X509_EXTENSION_free
X509_NAME_cmp
X509_NAME_dup
X509_NAME_free
X509_STORE_CTX_cleanup
X509_STORE_CTX_get0_param
X509_STORE_CTX_get_ex_new_index
X509_STORE_CTX_init
X509_STORE_CTX_set_default
X509_STORE_CTX_set_ex_data
X509_STORE_CTX_set_verify_cb
X509_STORE_free
X509_STORE_load_locations
X509_STORE_new
X509_STORE_set_default_paths
X509_VERIFY_PARAM_free
X509_VERIFY_PARAM_get_depth
X509_VERIFY_PARAM_inherit
X509_VERIFY_PARAM_new
X509_VERIFY_PARAM_set1
X509_VERIFY_PARAM_set_depth
X509_VERIFY_PARAM_set_purpose
X509_VERIFY_PARAM_set_trust
X509_certificate_type
X509_check_private_key
X509_check_purpose
X509_free
X509_get_pubkey
X509_get_subject_name
X509_verify_cert
X509_verify_cert_error_string
asn1_GetSequence
asn1_add_error
asn1_const_Finish
d2i_ASN1_INTEGER
d2i_ASN1_OCTET_STRING
d2i_OCSP_RESPID
d2i_PrivateKey
d2i_PrivateKey_bio
d2i_RSAPrivateKey
d2i_RSAPrivateKey_bio
d2i_X509
d2i_X509_EXTENSIONS
d2i_X509_NAME
d2i_X509_bio
i2d_ASN1_INTEGER
i2d_ASN1_OCTET_STRING
i2d_OCSP_RESPID
i2d_X509
i2d_X509_EXTENSIONS
i2d_X509_NAME
lh_delete
lh_doall_arg
lh_free
lh_insert
lh_new
lh_num_items
lh_retrieve
pitem_free
pitem_new
pqueue_find
pqueue_free
pqueue_insert
pqueue_iterator
pqueue_new
pqueue_next
pqueue_peek
pqueue_pop
pqueue_size
sk_delete
sk_dup
sk_find
sk_free
sk_new
sk_new_null
sk_num
sk_pop_free
sk_push
sk_set
sk_set_cmp_func
sk_shift
sk_sort
sk_value
sk_zero

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__iob_func
_amsg_exit
_errno
_ftime
_initterm
_lock
_onexit
_time64
_unlock
abort
calloc
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
signal
strchr
strcpy
strlen
strncmp
strncpy
vfprintf

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
ERR_load_SSL_strings
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
SRP_Calc_A_param
SRP_generate_client_master_secret
SRP_generate_server_master_secret
SSL_CIPHER_description
SSL_CIPHER_get_bits
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_CTX_SRP_CTX_free
SSL_CTX_SRP_CTX_init
SSL_CTX_add_client_CA
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set1_param
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_psk_client_callback
SSL_CTX_set_psk_server_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_srp_cb_arg
SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password
SSL_CTX_set_srp_strength
SSL_CTX_set_srp_username
SSL_CTX_set_srp_username_callback
SSL_CTX_set_srp_verify_param_callback
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_psk_identity_hint
SSL_SESSION_free
SSL_SESSION_get0_peer
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set1_id_context
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_SRP_CTX_free
SSL_SRP_CTX_init
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_cache_hit
SSL_callback_ctrl
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_export_keying_material
SSL_free
SSL_get0_next_proto_negotiated
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_psk_identity
SSL_get_psk_identity_hint
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_selected_srtp_profile
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shutdown
SSL_get_srp_N
SSL_get_srp_g
SSL_get_srp_userinfo
SSL_get_srp_username
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_bio
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_debug
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_psk_client_callback
SSL_set_psk_server_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_srp_server_param
SSL_set_srp_server_param_pw
SSL_set_ssl_method
SSL_set_state
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_srp_server_param_with_username
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_use_psk_identity_hint
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_1_client_method
TLSv1_1_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION

Sections

.text
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2eabe9054cad5152567f0699947a2c5b

Headers

File Characteristics

Imports

kernel32

Sections

Size: 50KB - Virtual size: 124KB

.rsrc Size: 10KB - Virtual size: 68KB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 8.2MB

ptfhatcm Size: 6.8MB - Virtual size: 6.8MB

bhhidjpa Size: 1024B - Virtual size: 4KB

.taggant Size: 8KB - Virtual size: 12KB

dae02f32a21e03ce65412f6e56942daa

Code Sign

57:6d:e7:2e:cd:6c:a2:1e:96:3c:cc:a1:5f:38:69:48Certificate

Extended Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

08:7d:c5:6d:a2:70:0c:90:05:4c:87:00:91:10:a8:4f:5b:32:d9:e7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 171KB - Virtual size: 170KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

57:6d:e7:2e:cd:6c:a2:1e:96:3c:cc:a1:5f:38:69:48Certificate

Extended Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

85:16:b9:cf:a7:4e:e9:28:13:38:c9:47:63:63:b2:99:05:29:eb:1fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 385KB - Virtual size: 385KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

b685a60d3f35917b5b75262167909cde

Code Sign

04:d5:4d:c0:a2:01:6b:26:3e:ee:b2:55:d3:21:05:6eCertificate

Extended Key Usages

Key Usages

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58Certificate

Extended Key Usages

Key Usages

34:a1:c3:4d:6e:b9:25:8b:80:2a:7e:fa:a8:f2:b7:7c:61:f5:37:37Signer

Headers

File Characteristics

Imports

.rsrc
Size: 10KB - Virtual size: 68KB

.idata
Size: 512B - Virtual size: 4KB

ptfhatcm
Size: 6.8MB - Virtual size: 6.8MB

bhhidjpa
Size: 1024B - Virtual size: 4KB

.taggant
Size: 8KB - Virtual size: 12KB

57:6d:e7:2e:cd:6c:a2:1e:96:3c:cc:a1:5f:38:69:48
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

08:7d:c5:6d:a2:70:0c:90:05:4c:87:00:91:10:a8:4f:5b:32:d9:e7
Signer

.text
Size: 171KB - Virtual size: 170KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 512B - Virtual size: 12B

57:6d:e7:2e:cd:6c:a2:1e:96:3c:cc:a1:5f:38:69:48
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

85:16:b9:cf:a7:4e:e9:28:13:38:c9:47:63:63:b2:99:05:29:eb:1f
Signer

.text
Size: 385KB - Virtual size: 385KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

04:d5:4d:c0:a2:01:6b:26:3e:ee:b2:55:d3:21:05:6e
Certificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58
Certificate

34:a1:c3:4d:6e:b9:25:8b:80:2a:7e:fa:a8:f2:b7:7c:61:f5:37:37
Signer

.text
Size: 165KB - Virtual size: 164KB

.data
Size: 1024B - Virtual size: 624B

.rdata
Size: 3KB - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 3KB

.xdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 3KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 72B

.reloc
Size: 512B - Virtual size: 124B

04:d5:4d:c0:a2:01:6b:26:3e:ee:b2:55:d3:21:05:6e
Certificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58
Certificate

48:12:7b:4e:96:32:50:62:e3:a6:b1:36:4a:00:34:ba:5a:c6:56:d6
Signer

.text
Size: 68KB - Virtual size: 67KB

.data
Size: 512B - Virtual size: 352B

.rdata
Size: 21KB - Virtual size: 21KB

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 3KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 72B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 88B

04:d5:4d:c0:a2:01:6b:26:3e:ee:b2:55:d3:21:05:6e
Certificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

06:64:01:46:e9:80:e0:0e:60:a1:4d:8f:44:4a:59:58
Certificate