4fd0990f878fc580d135ffe1edf823fd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4fd0990f878fc580d135ffe1edf823fd_JaffaCakes118
Size

2.1MB
MD5

4fd0990f878fc580d135ffe1edf823fd
SHA1

d3d9880da4aec724bf912a30cb7468ef1943361d
SHA256

a696676f1e11d7e6591f30d8a787561970ed145d58ffb912f3ae1403ff951022
SHA512

cb1bef0a3f1eb2e07f33b6eed0c4d5d4219ae5ba0f648a272212c7b91b8699730ce43fd25cc48162acb8aa8a67c68afa12f5d716fc00323f554b1578169e451b
SSDEEP

49152:Y4xWL2PcV3cvBDzYMQrY5NcsFprxK2qsK3pah8m0JM4KNiMCL1TeyaVjvuxB:gL2PcFcvBDzYMQrYncsFF/+085a

Score

1^/10

Malware Config

Signatures

Files

4fd0990f878fc580d135ffe1edf823fd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

369aaf0758f30175df9f744b82e3c317

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:bf:4c:1f:f8:df:d5:48:47:0d:97:31:d3:5c:ba:28
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/06/2018, 00:00

Not After

19/09/2021, 23:59

Subject

CN=北京博睿宏远数据科技股份有限公司,O=北京博睿宏远数据科技股份有限公司,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:bf:4c:1f:f8:df:d5:48:47:0d:97:31:d3:5c:ba:28
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/06/2018, 00:00

Not After

19/09/2021, 23:59

Subject

CN=北京博睿宏远数据科技股份有限公司,O=北京博睿宏远数据科技股份有限公司,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:7c:ad:fe:2e:ce:db:c8:9f:49:92:0a:8b:77:57:2c:72:08:4c:bf:d2:ec:13:5a:15:08:e6:31:ca:e9:6b:3f
Signer

Actual PE Digest

01:7c:ad:fe:2e:ce:db:c8:9f:49:92:0a:8b:77:57:2c:72:08:4c:bf:d2:ec:13:5a:15:08:e6:31:ca:e9:6b:3f

Digest Algorithm

sha256

PE Digest Matches

true

ab:fb:17:e4:50:0b:c9:f4:66:ee:ae:26:77:18:a5:d9:6a:8e:7d:c6
Signer

Actual PE Digest

ab:fb:17:e4:50:0b:c9:f4:66:ee:ae:26:77:18:a5:d9:6a:8e:7d:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Integration\Jenkins\workspace\Net\brbuild\Release\PDB\BonreeKingKong.pdb

Imports

brbase

?CreateDoubleValue@Value@base@@SAPAVFundamentalValue@2@N@Z
?CreateIntegerValue@Value@base@@SAPAVFundamentalValue@2@H@Z
?CreateStringValue@Value@base@@SAPAVStringValue@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SplitStringUsingSubstr@base@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0PAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@@Z
?CopyDirectory@file_util@@YA_NABVFilePath@base@@0_N@Z
?Delete@file_util@@YA_NABVFilePath@base@@_N@Z
?GenerateGUID@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?KillProcess@base@@YA_NPAXH_N@Z
??0ProcessIterator@base@@QAE@PBVProcessFilter@1@@Z
??1ProcessIterator@base@@UAE@XZ
?Snapshot@ProcessIterator@base@@QAE?AV?$list@UProcessEntry@base@@V?$allocator@UProcessEntry@base@@@std@@@std@@XZ
?StringToUint@base@@YA_NABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PAI@Z
?WaitForIOCompletion@MessageLoopForIO@base@@QAE_NKPAVIOHandler@MessagePumpForIO@2@@Z
?SplitStringUsingSubstr@base@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@3@@Z
??1AtExitManager@base@@QAE@XZ
??0AtExitManager@base@@QAE@XZ
?EnableTerminationOnOutOfMemory@base@@YAXXZ
?EnableTerminationOnHeapCorruption@base@@YAXXZ
?Init@CommandLine@@SA_NHPBQBD@Z
?DirName@FilePath@base@@QBE?AV12@XZ
?BaseName@FilePath@base@@QBE?AV12@XZ
??0LogMessage@logging@@QAE@PBDHH@Z
??0PickleIterator@@QAE@ABVPickle@@@Z
?ReadInt@PickleIterator@@QAE_NPAH@Z
?ReadString@PickleIterator@@QAE_NPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0LogMessage@logging@@QAE@PBDHHPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ForCurrentProcess@CommandLine@@SAPAV1@XZ
?WriteString@Pickle@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetInstance@TraceLog@debug@base@@SAPAV123@XZ
??1Pickle@@UAE@XZ
??0Pickle@@QAE@PBDH@Z
??0Pickle@@QAE@ABV0@@Z
??0Pickle@@QAE@H@Z
?ReadBool@PickleIterator@@QAE_NPA_N@Z
?ReadUInt32@PickleIterator@@QAE_NPAI@Z
?ParseFromString@CommandLine@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?HasSwitch@CommandLine@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0CommandLine@@QAE@ABVFilePath@base@@@Z
?AppendArg@CommandLine@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?LaunchProcess@base@@YA_NABVCommandLine@@ABULaunchOptions@1@PAPAX@Z
?GetProcId@base@@YAKPAX@Z
?StartWithOptions@Thread@base@@QAE_NABUOptions@12@@Z
?HasKey@DictionaryValue@base@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetInteger@DictionaryValue@base@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAH@Z
?GetDouble@DictionaryValue@base@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAN@Z
?GetString@DictionaryValue@base@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV34@@Z
?GetDictionary@ListValue@base@@QAE_NIPAPAVDictionaryValue@2@@Z
?GetString@ListValue@base@@QBE_NIPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetDictionary@DictionaryValue@base@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAPAV12@@Z
??1WeakPtrBase@internal@base@@QAE@XZ
?SetIOAllowed@ThreadRestrictions@base@@SA_N_N@Z
?SetSingletonAllowed@ThreadRestrictions@base@@SA_N_N@Z
?StringToInt@base@@YA_NABV?$BasicStringPiece@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@1@PAH@Z
?Uint64ToString16@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_K@Z
?UintToString16@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@I@Z
??0WeakReferenceOwner@internal@base@@QAE@XZ
??1WeakReferenceOwner@internal@base@@QAE@XZ
?GetRef@WeakReferenceOwner@internal@base@@QBE?AVWeakReference@23@XZ
??1WeakReference@internal@base@@QAE@XZ
??0WeakPtrBase@internal@base@@IAE@ABVWeakReference@12@@Z
?is_valid@WeakReference@internal@base@@QBE_NXZ
?StringToInt@base@@YA_NABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PAH@Z
?WriteStringNoSize@Pickle@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?WriteSplit@Pickle@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?WriteIntString@Pickle@@QAE_NH@Z
?WriteChars@Pickle@@QAE_NPBXH@Z
??0Pickle@@QAE@XZ
?ReadFileToString@file_util@@YA_NABVFilePath@base@@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ReadUInt64@PickleIterator@@QAE_NPA_K@Z
?ReadFloat@PickleIterator@@QAE_NPAM@Z
??0ListValue@base@@QAE@XZ
?Insert@ListValue@base@@QAE_NIPAVValue@2@@Z
?Base64Decode@base@@YA_NABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?IntToString16@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?PostNonNestableDelayedTask@MessageLoop@base@@QAEXABVLocation@tracked_objects@@ABV?$Callback@$$A6AXXZ@2@VTimeDelta@2@@Z
?CreateProcessMetrics@ProcessMetrics@base@@SAPAV12@PAX@Z
?GetWorkingSetSize@ProcessMetrics@base@@QBEIXZ
??1ProcessMetrics@base@@QAE@XZ
?GetSwitchValueASCII@CommandLine@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?SysWideToUTF8@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?SysMultiByteToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@I@Z
??1LogMessage@logging@@QAE@XZ
?SysWideToMultiByte@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@I@Z
?Now@Time@base@@SA?AV12@XZ
?GetCategoryGroupEnabled@TraceLog@debug@base@@SAPBEPBD@Z
?RegisterIOHandler@MessageLoopForIO@base@@QAEXPAXPAVIOHandler@MessagePumpForIO@2@@Z
?AddTraceEvent@TraceLog@debug@base@@QAEXDPBEPBD_KHPAPBD0PB_KE@Z
?FindNext@Pickle@@KAPBDIPBD0@Z
?ReadWString@PickleIterator@@QAE_NPAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?WriteWString@Pickle@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?CalledOnValidThread@ThreadCheckerImpl@base@@QBE_NXZ
?GetMinLogLevel@logging@@YAHXZ
??6@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV01@PB_W@Z
??1ThreadCheckerImpl@base@@QAE@XZ
??0ThreadCheckerImpl@base@@QAE@XZ
?CurrentId@PlatformThread@base@@SAKXZ
?NowFromSystemTraceTime@TimeTicks@base@@SA?AV12@XZ
?AddTraceEventWithThreadIdAndTimestamp@TraceLog@debug@base@@QAEXDPBEPBD_KHABVTimeTicks@3@HPAPBD0PB_KE@Z
?WriteBytes@Pickle@@QAE_NPBXH@Z
?current@MessageLoop@base@@SAPAV12@XZ
?IntToString@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?UintToString@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
??0FilePath@base@@QAE@XZ
?Get@PathService@@SA_NHPAVFilePath@base@@@Z
?ReplaceSubstringsAfterOffset@@YAXPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IABV12@1@Z
?ReplaceSubstringsAfterOffset@@YAXPAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IABV12@1@Z
?WriteFile@file_util@@YAHABVFilePath@base@@PBDH@Z
?AppendToFile@file_util@@YAHABVFilePath@base@@PBDH@Z
?Append@FilePath@base@@QBE?AV12@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??4FilePath@base@@QAEAAV01@ABV01@@Z
?DirectoryExists@file_util@@YA_NABVFilePath@base@@@Z
?CreateDirectoryW@file_util@@YA_NABVFilePath@base@@@Z
??0CommandLine@@QAE@W4NoProgram@0@@Z
?AppendSwitchASCII@CommandLine@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?GetCommandLineString@CommandLine@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?SysWideToNativeMB@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
??1CommandLine@@QAE@XZ
?GetVersion@win@base@@YA?AW4Version@12@XZ
??0DictionaryValue@base@@QAE@XZ
?Set@DictionaryValue@base@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAVValue@2@@Z
?Write@JSONWriter@base@@SAXQBVValue@2@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SysUTF8ToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
?Unlock@LockImpl@internal@base@@QAEXXZ
?Lock@LockImpl@internal@base@@QAEXXZ
??1LockImpl@internal@base@@QAE@XZ
??0LockImpl@internal@base@@QAE@XZ
?PostDelayedTask@MessageLoop@base@@QAEXABVLocation@tracked_objects@@ABV?$Callback@$$A6AXXZ@2@VTimeDelta@2@@Z
?Uint64ToString@base@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K@Z
?SysNativeMBToWide@base@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@@Z
?PathExists@file_util@@YA_NABVFilePath@base@@@Z
?SplitString@base@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@DPAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@3@@Z
?StringToUint64@base@@YA_NABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@1@PA_K@Z
?Start@Thread@base@@QAE_NXZ
?GetProgramCounter@tracked_objects@@YAPBXXZ
??0Location@tracked_objects@@QAE@PBD0HPBX@Z
?PostTask@MessageLoop@base@@QAEXABVLocation@tracked_objects@@ABV?$Callback@$$A6AXXZ@2@@Z
??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z
?Release@RefCountedThreadSafeBase@subtle@base@@IBE_NXZ
?Read@JSONReader@base@@SAPAVValue@2@ABV?$BasicStringPiece@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@Z
?GetList@DictionaryValue@base@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAPAVListValue@2@@Z
??0Thread@base@@QAE@PBD@Z
?IsRunning@Thread@base@@QBE_NXZ
?Stop@Thread@base@@QAEXXZ
?AddRef@RefCountedThreadSafeBase@subtle@base@@IBEXXZ
??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ
?GetProcessCount@base@@YAHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBVProcessFilter@1@@Z
??1RefCountedThreadSafeBase@subtle@base@@IAE@XZ
??1CallbackBase@internal@base@@IAE@XZ
??0FilePath@base@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0ScopedNativeLibrary@base@@QAE@ABVFilePath@1@@Z
?GetFunctionPointer@ScopedNativeLibrary@base@@QBEPAXPBD@Z
??1FilePath@base@@QAE@XZ
??1ScopedNativeLibrary@base@@QAE@XZ

ws2_32

recvfrom
getsockopt
WSAIoctl
__WSAFDIsSet
WSASetLastError
sendto
WSAGetLastError
getsockname
getpeername
ntohs
WSAStringToAddressA
WSAAddressToStringA
freeaddrinfo
getaddrinfo
gethostname
ioctlsocket
connect
select
WSACleanup
WSAStartup
listen
closesocket
bind
htons
htonl
socket
send
recv
accept
inet_ntoa
gethostbyname
inet_addr
ntohl
setsockopt

ssleay32

ord96
ord58
ord48
ord126
ord49
ord75
ord24
ord6
ord3
ord5
ord22
ord78
ord31
ord180
ord60
ord45
ord164
ord87
ord83
ord121
ord90
ord21
ord141
ord15
ord387
ord28
ord30
ord222
ord17
ord235
ord183
ord74
ord407
ord8
ord361
ord266
ord12
ord116
ord110
ord385
ord130
ord127
ord157
ord43
ord61
ord242
ord77
ord108
ord86

libeay32

ord1
ord464
ord340
ord342
ord341
ord3712
ord3765
ord3479
ord808
ord809
ord784
ord2435
ord2436
ord2437
ord391
ord2454
ord869
ord653
ord7
ord86
ord656
ord88
ord816
ord151
ord421
ord544
ord1180
ord543
ord18
ord154
ord979
ord680
ord248
ord556
ord625
ord958
ord2596
ord3020
ord2561
ord2598
ord3164
ord3048
ord3025
ord2593
ord2989
ord2971
ord2647
ord2844
ord2838
ord3173
ord1958
ord1653
ord2075
ord2023
ord1216
ord657
ord579
ord578
ord566
ord1951
ord188
ord2442
ord181
ord222
ord298
ord224
ord4445
ord3226
ord3214
ord3182
ord3212
ord95
ord78
ord2431
ord52
ord66
ord227
ord1309
ord1301
ord1304
ord1291
ord1654
ord908
ord281
ord641
ord909
ord654
ord280
ord2034
ord956
ord484
ord467
ord2201
ord466
ord2254
ord2291
ord1161

kernel32

VirtualProtect
LocalAlloc
LocalFree
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
ResumeThread
GetThreadContext
SuspendThread
FormatMessageW
GetSystemTimes
GetProcessTimes
ConnectNamedPipe
CancelIo
CreateNamedPipeW
GetNamedPipeInfo
SetThreadContext
VirtualQuery
VirtualFree
FlushInstructionCache
GetModuleHandleA
VerSetConditionMask
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
PeekNamedPipe
FormatMessageA
SetLastError
SleepEx
OpenEventA
CreateEventW
ResetEvent
CreateEventA
SetEvent
MulDiv
DuplicateHandle
GetFileType
DosDateTimeToFileTime
ExitProcess
FreeResource
GetACP
UnmapViewOfFile
GetFileInformationByHandle
WriteFile
GetCurrentDirectoryW
ReadFile
SetFilePointer
CreateFileW
SetThreadAffinityMask
lstrcmpiA
IsWow64Process
GetVersionExW
SystemTimeToFileTime
GetProcessHeap
FileTimeToSystemTime
HeapFree
HeapAlloc
DeleteFileW
CreateProcessW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFileSize
RemoveDirectoryA
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceExW
GetSystemInfo
GlobalMemoryStatusEx
GetPrivateProfileStringA
lstrlenW
GetSystemDirectoryA
GetPrivateProfileIntA
GetLogicalDriveStringsW
InterlockedDecrement
GetDriveTypeW
CreateFileA
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
FindResourceExW
WinExec
GetCurrentThreadId
QueryPerformanceFrequency
CreateToolhelp32Snapshot
Process32NextW
GetModuleFileNameA
Process32FirstW
LoadLibraryA
GetStartupInfoA
SetCurrentDirectoryA
GetModuleFileNameW
TerminateProcess
CreateProcessA
GetModuleHandleW
WaitForSingleObject
QueryPerformanceCounter
GetNativeSystemInfo
lstrcmpA
InterlockedExchangeAdd
lstrcatA
OpenProcess
GetCurrentProcess
CopyFileA
WaitForMultipleObjects
GetTempPathA
CreateDirectoryA
OpenThread
TerminateThread
GetTickCount
Sleep
lstrcpyA
LoadLibraryW
GetProcAddress
FreeLibrary
InterlockedExchange
InterlockedIncrement
FindFirstFileA
GetLocalTime
FileTimeToLocalFileTime
DeleteFileA
FindNextFileA
GetCurrentThread
FindClose
SetErrorMode
SetUnhandledExceptionFilter
GetCurrentProcessId
CreateMutexW
lstrlenA
MultiByteToWideChar
CloseHandle
GetLastError

user32

GetPropW
SetPropW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
RegisterClassW
LoadCursorW
LoadImageW
MonitorFromWindow
GetMonitorInfoW
EnableWindow
ShowWindow
DefWindowProcW
PtInRect
ReleaseCapture
SetCapture
KillTimer
GetFocus
DispatchMessageW
TranslateMessage
GetCursorPos
CreateWindowExW
MapWindowPoints
GetWindowRect
InvalidateRect
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
SetFocus
GetWindow
SetWindowPos
GetClientRect
GetDC
ReleaseDC
GetKeyState
GetDesktopWindow
GetParent
GetSystemMetrics
MoveWindow
EnumWindows
GetWindowThreadProcessId
SendMessageTimeoutA
FindWindowExA
GetDlgCtrlID
IsWindow
DestroyWindow
FindWindowA
SendMessageW
SetTimer
PostThreadMessageW
PostMessageW
GetMessageW
GetWindowLongW
SetWindowLongW
PostQuitMessage
OffsetRect
InflateRect
wvsprintfW
SetCursor
IsIconic
IsZoomed
SetWindowRgn
MessageBoxW
IntersectRect
CharNextW
CreateCaret
ShowCaret
HideCaret
SetCaretPos
ClientToScreen
GetSysColor
FillRect
DrawTextW
SetRect
CharPrevW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
UpdateWindow
ScreenToClient

gdi32

Rectangle
GetObjectW
GetStockObject
CreateFontIndirectW
CreatePen
GetObjectA
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
SetTextColor
SetBkMode
RoundRect
LineTo
MoveToEx
CreatePenIndirect
CreateSolidBrush
ExtTextOutW
SetBkColor
SetStretchBltMode
StretchBlt
CreateDIBSection
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
GetDeviceCaps
CreateRoundRectRgn
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
RestoreDC
GetTextMetricsW
BitBlt
SaveDC
SetWindowOrgEx

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyExA
StartServiceA
RegQueryValueExA
GetTokenInformation
OpenSCManagerW
CloseServiceHandle
OpenServiceA
AdjustTokenPrivileges

shell32

ShellExecuteW
SHGetFolderPathA
ShellExecuteA

ole32

CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocStringLen
VarBstrCat
VariantInit
SafeArrayAccessData
SafeArrayGetLBound
SysStringLen
SysFreeString
VariantClear
SysAllocString

shlwapi

PathFileExistsA
StrStrIA
PathAppendA
PathIsDirectoryA
StrToIntA

msvcp100

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_BADOFF@std@@3_JB
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Lockit@std@@QAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?toupper@?$ctype@_W@std@@QBE_W_W@Z
?max@?$numeric_limits@I@std@@SAIXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?toupper@?$ctype@D@std@@QBEDD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
??1facet@locale@std@@UAE@XZ
??0facet@locale@std@@IAE@I@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?id@?$numpunct@D@std@@2V0locale@2@A
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?classic@locale@std@@SAABV12@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??1_Container_base12@std@@QAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
??0_Container_base12@std@@QAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipDrawString
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdiplusShutdown
GdiplusStartup

msvcr100

_vswprintf
_open
_close
_write
_read
_strdup
??3@YAXPAX@Z
memcpy
memmove
_CxxThrowException
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_purecall
free
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
calloc
_recalloc
__CxxFrameHandler3
abort
memchr
memset
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??_V@YAXPAX@Z
??0bad_cast@std@@QAE@ABV01@@Z
fgetc
fputc
ungetc
_lock_file
_unlock_file
fflush
setvbuf
??8type_info@@QBE_NABV0@@Z
fwrite
memcpy_s
fgetpos
_fseeki64
fsetpos
fclose
_itoa_s
isdigit
_time64
exit
isspace
_beginthreadex
sprintf_s
_access
??0exception@std@@QAE@XZ
wcsrtombs_s
strstr
sprintf
getenv
fread
fopen
memmove_s
strnlen
vsprintf_s
_vscprintf
sscanf_s
rand
srand
atoi
_fileno
_filelength
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_atoi64
_wcsicmp
_vsnprintf_s
_localtime64_s
tolower
_access_s
strftime
_mbsstr
strtol
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
malloc
_snprintf
printf
strcpy_s
_mbsrchr
ftell
fseek
isxdigit
_waccess_s
wmemcpy_s
_mktime64
wcsftime
_wfsopen
ferror
toupper
_wfindfirst64i32
_wfindnext64i32
_findclose
fgets
??9type_info@@QBE_NABV0@@Z
wcsncpy
wcsstr
strncpy
wcscpy_s
wcstol
realloc
_wcslwr
wcschr
wcsrchr
_wtoi
_gmtime64
wcstoul
wcsncmp
iswalnum
swprintf_s
_errno
strncmp
sscanf
__iob_func
strchr
isalpha
strtoul
strpbrk
strrchr
fputs
qsort
strerror
__sys_nerr
_getpid
_fstat64
_lseeki64
_stat64
isalnum
_strtoi64
_mbspbrk
isupper
islower
isprint
isgraph
__RTDynamicCast
??0exception@std@@QAE@ABQBDH@Z
_aligned_free
_aligned_malloc
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_itoa

wininet

HttpQueryInfoA
InternetQueryOptionW
DetectAutoProxyUrl
InternetQueryDataAvailable
FtpPutFileA
InternetGetLastResponseInfoA
InternetSetOptionW
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExW
InternetOpenA
InternetConnectA
InternetReadFile
FtpCreateDirectoryA
InternetSetStatusCallbackA
FtpSetCurrentDirectoryA
InternetWriteFile
HttpEndRequestW
InternetCloseHandle

psapi

EnumProcessModules
GetModuleFileNameExA
GetProcessMemoryInfo

winmm

waveOutOpen
waveOutClose
waveOutGetNumDevs

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

iphlpapi

Icmp6CreateFile
Icmp6SendEcho2
IcmpCloseHandle

wldap32

ord60
ord46
ord41
ord27
ord301
ord33
ord35
ord32
ord200
ord30
ord26
ord50
ord143
ord211
ord22
ord79

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

369aaf0758f30175df9f744b82e3c317

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

13:bf:4c:1f:f8:df:d5:48:47:0d:97:31:d3:5c:ba:28Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

13:bf:4c:1f:f8:df:d5:48:47:0d:97:31:d3:5c:ba:28Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

01:7c:ad:fe:2e:ce:db:c8:9f:49:92:0a:8b:77:57:2c:72:08:4c:bf:d2:ec:13:5a:15:08:e6:31:ca:e9:6b:3fSigner

ab:fb:17:e4:50:0b:c9:f4:66:ee:ae:26:77:18:a5:d9:6a:8e:7d:c6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

brbase

ws2_32

ssleay32

libeay32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp100

comctl32

gdiplus

msvcr100

wininet

psapi

winmm

version

iphlpapi

wldap32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 332KB - Virtual size: 332KB

.data Size: 36KB - Virtual size: 45KB

.rsrc Size: 30KB - Virtual size: 29KB

.reloc Size: 166KB - Virtual size: 165KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

13:bf:4c:1f:f8:df:d5:48:47:0d:97:31:d3:5c:ba:28
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

13:bf:4c:1f:f8:df:d5:48:47:0d:97:31:d3:5c:ba:28
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

01:7c:ad:fe:2e:ce:db:c8:9f:49:92:0a:8b:77:57:2c:72:08:4c:bf:d2:ec:13:5a:15:08:e6:31:ca:e9:6b:3f
Signer

ab:fb:17:e4:50:0b:c9:f4:66:ee:ae:26:77:18:a5:d9:6a:8e:7d:c6
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 332KB - Virtual size: 332KB

.data
Size: 36KB - Virtual size: 45KB

.rsrc
Size: 30KB - Virtual size: 29KB

.reloc
Size: 166KB - Virtual size: 165KB