2329da97b303a63fb055cd4349cff479fed2f69fea7475097838133e51601af6

Sharing

Copy URL Twitter E-mail

General

Target

2329da97b303a63fb055cd4349cff479fed2f69fea7475097838133e51601af6
Size

1.3MB
MD5

edf67dba94f925a5c78c616563ce1816
SHA1

a409aa0e8afeb39d9f7b957a2d784f89f2d4b498
SHA256

2329da97b303a63fb055cd4349cff479fed2f69fea7475097838133e51601af6
SHA512

7e37fb98daac86ce08f3d74976a6eb2bde92065de73887f1d0133c7767c640b62750cae1a6f5d76d2ae677099adb636f9c21ae4a6cd05a3abe31fbd2d00a5d37
SSDEEP

6144:ZCS1t7S4QUSnl83natVUOERaGZ52gRd0L5bzMa9lKHXiAdRkRUjZeWR3Yxv+CDFi:MSPk83naiZUg+

Score

1^/10

Malware Config

Signatures

Files

2329da97b303a63fb055cd4349cff479fed2f69fea7475097838133e51601af6
.exe windows:4 windows x86 arch:x86

1ae70f55d0c19b5eaa02b32c58723e83

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:eb
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/04/2021, 00:00

Not After

20/04/2022, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:05:62:1b:38:8a:e5:bf:c8:3d:11:99:1c:37:03:85:b9:b2:68:e2:a7:12:db:e8:3e:e1:90:31:71:0f:30:77
Signer

Actual PE Digest

d7:05:62:1b:38:8a:e5:bf:c8:3d:11:99:1c:37:03:85:b9:b2:68:e2:a7:12:db:e8:3e:e1:90:31:71:0f:30:77

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\drivergenius_main\dgmain_1615_20201201_fb\product\win32\sysopt.pdb

Imports

duilib

?SetResourceDll@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?MessageLoop@CPaintManagerUI@DuiLib@@SAXXZ
?GetHWND@CWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
??1CDuiString@DuiLib@@QAE@XZ
??0CDelegateBase@DuiLib@@QAE@ABV01@@Z
?GetObjectW@CDelegateBase@DuiLib@@IAEPAXXZ
??0CDelegateBase@DuiLib@@QAE@PAX0@Z
?PostMessageW@CWindowWnd@DuiLib@@QAEJIIJ@Z
?Close@CWindowWnd@DuiLib@@QAEXI@Z
??8CDuiString@DuiLib@@QBE_NPB_W@Z
?GetData@CDuiString@DuiLib@@QBEPB_WXZ
?IsSelected@COptionUI@DuiLib@@QBE_NXZ
??0CDialogBuilder@DuiLib@@QAE@XZ
?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PB_WPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z
??1CDialogBuilder@DuiLib@@QAE@XZ
?FindSubControl@CContainerUI@DuiLib@@QAEPAVCControlUI@2@PB_W@Z
?SetShowHtml@CLabelUI@DuiLib@@QAEX_N@Z
?SetBkImage@CControlUI@DuiLib@@QAEXPB_W@Z
?GetSizeBox@CPaintManagerUI@DuiLib@@QAEAAUtagRECT@@XZ
?ShowWindow@CWindowWnd@DuiLib@@QAEX_N0@Z
?messageMap@WindowImplBase@DuiLib@@1UDUI_MSGMAP@2@B
??1CDelegateBase@DuiLib@@UAE@XZ
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z
??YCEventSource@DuiLib@@QAEXABVCDelegateBase@1@@Z
?GetPaintWindow@CPaintManagerUI@DuiLib@@QBEPAUHWND__@@XZ
?GetPlugins@CPaintManagerUI@DuiLib@@SAPAVCStdPtrArray@2@XZ
?GetAt@CStdPtrArray@DuiLib@@QBEPAXH@Z
??0CDuiString@DuiLib@@QAE@PB_WH@Z
?Create@CShadowUI@DuiLib@@QAEXPAUHWND__@@PAVCPaintManagerUI@2@@Z
?OnCreate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetShadow@CPaintManagerUI@DuiLib@@QAEPAVCShadowUI@2@XZ
?CopyShadow@CShadowUI@DuiLib@@QAE_NPAV12@@Z
??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ
?ParentProc@CShadowUI@DuiLib@@QAGJPAUHWND__@@IIJ@Z
?HandleMessage@WindowImplBase@DuiLib@@UAEJIIJ@Z
??1CShadowUI@DuiLib@@UAE@XZ
?CreateControl@WindowImplBase@DuiLib@@UAEPAVCControlUI@2@PB_W@Z
?MessageHandler@WindowImplBase@DuiLib@@UAEJIIJAA_N@Z
?Notify@WindowImplBase@DuiLib@@UAEXAAUtagTNotifyUI@2@@Z
?GetMessageMap@WindowImplBase@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ
?GetStyle@WindowImplBase@DuiLib@@UAEJXZ
?HandleCustomMessage@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseMove@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonUp@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSetFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKillFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSysCommand@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnChar@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseHover@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseWheel@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnGetMinMaxInfo@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcHitTest@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcPaint@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcCalcSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcActivate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnDestroy@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnClose@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetResourceID@WindowImplBase@DuiLib@@UBEPB_WXZ
?GetZIPFileName@WindowImplBase@DuiLib@@UBE?AVCDuiString@2@XZ
?GetResourceType@WindowImplBase@DuiLib@@UBE?AW4UILIB_RESOURCETYPE@2@XZ
?ResponseDefaultKeyEvent@WindowImplBase@DuiLib@@MAEJI@Z
?OnClick@WindowImplBase@DuiLib@@MAEXAAUtagTNotifyUI@2@@Z
?InitWindow@WindowImplBase@DuiLib@@UAEXXZ
?OnFinalMessage@WindowImplBase@DuiLib@@UAEXPAUHWND__@@@Z
?GetClassStyle@WindowImplBase@DuiLib@@UBEIXZ
?GetSuperClassName@CWindowWnd@DuiLib@@MBEPB_WXZ
??0WindowImplBase@DuiLib@@QAE@XZ
??0CShadowUI@DuiLib@@QAE@XZ
??1WindowImplBase@DuiLib@@UAE@XZ
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z
?SetIcon@CWindowWnd@DuiLib@@QAEXI@Z
?LoadPlugin@CPaintManagerUI@DuiLib@@SA_NPB_W@Z

dgctrl

?StartAnimator@CSystemHelperListUI@@QAEXXZ
?Scale@CDGScaleButtonUI@@QAEXXZ
?SetState@CSystemHelperContainerUI@@QAEXH@Z
?Rotate@CDGRotateImgUI@@QAEX_N@Z
?StartAnimator@CSystemHelperContainerUI@@QAEXXZ
?AddData@CSysHelperRcmdItemData@@QAEXW4RcmdItemType@@URcmdItemDataInfo@@@Z
?EnumSubCtrls@CSysHelperRcmdItemData@@QAEXXZ
?InitPos@CSystemHelperContainerUI@@QAEXXZ

patchcore

ord340

kernel32

GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
FindResourceExW
CloseHandle
Sleep
GetProcAddress
InterlockedIncrement
InterlockedDecrement
MapViewOfFile
OpenFileMappingW
MapViewOfFileEx
GetLastError
CreateFileMappingW
SetEvent
TerminateProcess
UnmapViewOfFile
GetCommandLineW
WritePrivateProfileStringW
GetModuleHandleW
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
FreeLibrary
GetPrivateProfileIntW
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetPrivateProfileStringW
HeapFree
GetProcessHeap
HeapAlloc
lstrlenW
GetCurrentProcess
LocalFree
OpenProcess
OpenEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
TlsAlloc
ReleaseSemaphore
TlsFree
TlsGetValue
WaitForSingleObject
OpenEventA
ResetEvent
TlsSetValue
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
FormatMessageA
LoadResource
LockResource
SizeofResource
CreateEventA
LoadLibraryW
FindResourceW

user32

DefWindowProcW
UpdateLayeredWindow
LoadCursorW
RegisterClassW
CreateWindowExW
GetDC
ReleaseDC
IntersectRect
SetWindowLongW
ShowWindow
FindWindowW
MessageBoxW
DestroyWindow
KillTimer
ScreenToClient
GetClientRect
IsZoomed
UnregisterClassA
UpdateWindow
PtInRect
PostQuitMessage
IsWindow
PostMessageW
SetTimer
GetWindowLongW
GetWindowRect
SetWindowPos
SendMessageW
SetForegroundWindow

gdi32

GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
CreateDIBSection
GetStockObject
DeleteObject
GetObjectW

advapi32

ChangeServiceConfigW
StartServiceW
ControlService
OpenProcessToken
GetTokenInformation
IsValidSid
RegSetValueExW
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
QueryServiceConfigW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

ole32

CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance

shlwapi

PathFileExistsW
StrFormatByteSizeW

msvcp80

?max@?$numeric_limits@_J@std@@SA_JXZ
?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?max@?$numeric_limits@I@std@@SAIXZ
?eq@?$char_traits@_W@std@@SA_NAB_W0@Z
?max@?$numeric_limits@H@std@@SAHXZ
?length@?$char_traits@_W@std@@SAIPB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?to_char_type@?$char_traits@_W@std@@SA_WABG@Z
??0_Lockit@std@@QAE@H@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$numpunct@_W@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?max@?$numeric_limits@_K@std@@SA_KXZ
?classic@locale@std@@SAABV12@XZ
??8locale@std@@QBE_NABV01@@Z
??1locale@std@@QAE@XZ
?grouping@?$numpunct@_W@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?thousands_sep@?$numpunct@_W@std@@QBE_WXZ
?to_int_type@?$char_traits@_W@std@@SAGAB_W@Z
?assign@?$char_traits@_W@std@@SAXAA_WAB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?max_size@?$allocator@_W@std@@QBEIXZ
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
??0?$allocator@_W@std@@QAE@ABV01@@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??0?$allocator@_W@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?length@?$char_traits@D@std@@SAIPBD@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0locale@std@@QAE@XZ

msvcr80

wcspbrk
wcslen
_wcslwr_s
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
memcpy_s
wcscmp
memmove_s
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
_swprintf
_beginthreadex
memset
??_V@YAXPAX@Z
memcpy
wcsncpy_s
_purecall
??0exception@std@@QAE@ABQBDH@Z
wcsrchr
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
_waccess
_time64
__RTDynamicCast
_wcsicmp
_vscwprintf
vswprintf_s
??8type_info@@QBE_NABV0@@Z
free
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
strerror
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
??3@YAXPAX@Z
_gmtime64
wcschr

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ae70f55d0c19b5eaa02b32c58723e83

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:ebCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

d7:05:62:1b:38:8a:e5:bf:c8:3d:11:99:1c:37:03:85:b9:b2:68:e2:a7:12:db:e8:3e:e1:90:31:71:0f:30:77Signer

Headers

File Characteristics

PDB Paths

Imports

duilib

dgctrl

patchcore

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

msvcp80

msvcr80

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 8KB - Virtual size: 8KB

.tls Size: 4KB - Virtual size: 2B

Size: 1.0MB - Virtual size: 1.0MB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:eb
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

d7:05:62:1b:38:8a:e5:bf:c8:3d:11:99:1c:37:03:85:b9:b2:68:e2:a7:12:db:e8:3e:e1:90:31:71:0f:30:77
Signer

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 8KB - Virtual size: 8KB

.tls
Size: 4KB - Virtual size: 2B