d9f38d365b7710b2ce6f5110ab51b090_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d9f38d365b7710b2ce6f5110ab51b090_NeikiAnalytics.exe
Size

721KB
MD5

d9f38d365b7710b2ce6f5110ab51b090
SHA1

a99bf69be60de3a70a52863832b2a3e6a49d1da4
SHA256

2ec6ee841febd37853ac022b3b06f587cf4dd7fdbf2f5d3932122a9715218790
SHA512

66b7126e48d9fe9c1550fed04de7f57270b145790ad36240c7e37de2d2f87547497c81789f14197e5128f988fed48c739c32f37579effe53daa79dcee1db7526
SSDEEP

12288:vOqyQ8E187XHKq5+236Tv6BXXNkPwrxHDIA1964EL5wU5BXt8bjO:vOqGzXHI864nuIx969qMAO

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$_0_/XinjiangRCC.dll
unpack001/$_0_/XinjiangRCC64.dll

Files

d9f38d365b7710b2ce6f5110ab51b090_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

21/03/2019, 16:19

Not After

20/03/2022, 16:19

Subject

CN=恒银金融科技股份有限公司,O=恒银金融科技股份有限公司,L=天津市,ST=天津市,C=CN,1.2.840.113549.1.9.1=#0c15646169786a4063617368776179746563682e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:83:29:90:76:67:38:01:7a:8a:f3:60:d2:e8:7e:97:c3:28:73:fb:15:27:d4:3f:74:3e:cb:3a:14:23:5f:33
Signer

Actual PE Digest

76:83:29:90:76:67:38:01:7a:8a:f3:60:d2:e8:7e:97:c3:28:73:fb:15:27:d4:3f:74:3e:cb:3a:14:23:5f:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 564KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/Balloon.dll
.dll windows:4 windows x86 arch:x86

fe7b8c856f730a0011541b01a952ac16

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

21/03/2019, 16:19

Not After

20/03/2022, 16:19

Subject

CN=恒银金融科技股份有限公司,O=恒银金融科技股份有限公司,L=天津市,ST=天津市,C=CN,1.2.840.113549.1.9.1=#0c15646169786a4063617368776179746563682e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:a0:50:ad:c8:c5:61:b7:34:9e:f1:1b:cf:93:ee:0b:0d:7d:03:07:37:4f:2a:5f:ff:a7:34:5e:f0:62:bc:c3
Signer

Actual PE Digest

52:a0:50:ad:c8:c5:61:b7:34:9e:f1:1b:cf:93:ee:0b:0d:7d:03:07:37:4f:2a:5f:ff:a7:34:5e:f0:62:bc:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4424
ord3738
ord561
ord825
ord815
ord800
ord537
ord2864
ord2818
ord540
ord6467
ord823
ord6055
ord4078
ord1776
ord4407
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord3742
ord3706
ord818
ord384
ord567
ord3626
ord3663
ord686
ord2414
ord2408
ord4622
ord3136
ord1641
ord2860
ord2096
ord858
ord3619
ord6442
ord2243
ord3744
ord3573
ord5781
ord2754
ord2714
ord6880
ord2764
ord5875
ord3874
ord816
ord562
ord2452
ord4299
ord1168
ord1153
ord6215
ord4275
ord755
ord470
ord2379
ord2859
ord613
ord289
ord6453
ord5241
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord1255
ord1578
ord600
ord826
ord269
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1116

msvcrt

__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
__CxxFrameHandler

kernel32

LocalFree
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrcpynA
GetModuleHandleA
GetProcAddress
GetVersionExA
LocalAlloc

user32

RegisterClassExA
UnregisterClassA
SetWindowRgn
RedrawWindow
SetRectEmpty
DrawFrameControl
GetClientRect
EnableWindow
CopyRect
ClientToScreen
GetCursorPos
GetCapture
SetCapture
InvalidateRect
CallNextHookEx
KillTimer
IsRectEmpty
PostMessageA
GetIconInfo
GetSysColor
OffsetRect
SystemParametersInfoA
GetWindowRect
GetSystemMetrics
InflateRect
EqualRect
PtInRect
SendMessageA
UnhookWindowsHookEx
SetWindowsHookExA
ReleaseCapture
LoadCursorA
SetTimer
GetSysColorBrush

gdi32

OffsetRgn
CreateSolidBrush
EqualRgn
FrameRgn
CreateRectRgn
CreateRoundRectRgn
CreatePolygonRgn
CreateFontIndirectA
GetObjectA
DeleteObject
CombineRgn

shell32

ShellExecuteA

comctl32

ImageList_SetBkColor
ImageList_Draw
ImageList_Add
ImageList_GetIconSize

Exports

Exports

Create
HideBalloon
SetAgroundColor
SetBackgroundColor
SetForegroundColor
SetLientgroundColor
SetTitleFont
ShowBalloon

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/HELP_CN.chm
.chm
$_0_/Laguage.ini
$_0_/XJRCC_CTRL.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3505c03032a894b139f49ad47d74c7ab

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

21/03/2019, 16:19

Not After

20/03/2022, 16:19

Subject

CN=恒银金融科技股份有限公司,O=恒银金融科技股份有限公司,L=天津市,ST=天津市,C=CN,1.2.840.113549.1.9.1=#0c15646169786a4063617368776179746563682e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:c1:c0:6d:60:b7:85:36:36:f6:9a:9e:dc:97:b8:40:29:d0:1f:f6:4f:87:87:44:94:3f:8f:17:0a:fe:50:bc
Signer

Actual PE Digest

7c:c1:c0:6d:60:b7:85:36:36:f6:9a:9e:dc:97:b8:40:29:d0:1f:f6:4f:87:87:44:94:3f:8f:17:0a:fe:50:bc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1176
ord1575
ord1168
ord1577
ord1182
ord5714
ord3081
ord1197
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2982
ord2985
ord3262
ord3136
ord4465
ord3259
ord1116
ord700
ord398
ord800
ord537
ord823
ord6467
ord1131
ord2725
ord3953
ord860
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord1570
ord2976
ord3147
ord1243
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord342
ord825

msvcrt

__dllonexit
memset
memcpy
_purecall
__CxxFrameHandler
memcmp
sprintf
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
malloc
free

kernel32

LocalFree
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc

user32

CreateWindowExA
RegisterClassA
DefWindowProcA

advapi32

CryptAcquireContextA
CryptGetProvParam
CryptReleaseContext

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
LoadRegTypeLi

atl

ord32
ord57
ord18
ord15
ord23
ord21
ord58
ord30
ord16

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/XJRCC_CTRL_BANK.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9214c40a60ece4c526193ab6b3def4cb

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

21/03/2019, 16:19

Not After

20/03/2022, 16:19

Subject

CN=恒银金融科技股份有限公司,O=恒银金融科技股份有限公司,L=天津市,ST=天津市,C=CN,1.2.840.113549.1.9.1=#0c15646169786a4063617368776179746563682e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:c2:b6:53:dc:9c:78:07:2d:de:c1:47:24:2d:fe:be:0d:57:98:26:47:2d:f4:f8:c9:79:0e:62:5b:63:9c:32
Signer

Actual PE Digest

62:c2:b6:53:dc:9c:78:07:2d:de:c1:47:24:2d:fe:be:0d:57:98:26:47:2d:f4:f8:c9:79:0e:62:5b:63:9c:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord700
ord398
ord800
ord825
ord537
ord823
ord6467
ord1131
ord2725
ord3953
ord860
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord1243
ord1116

msvcrt

memset
memcpy
_purecall
__CxxFrameHandler
memcmp
sprintf
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
malloc
free

kernel32

lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
lstrlenA
LocalFree
LocalAlloc

user32

CreateWindowExA
RegisterClassA
DefWindowProcA

advapi32

CryptAcquireContextA
CryptGetProvParam
CryptSetProvParam
CryptReleaseContext

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen
LoadRegTypeLi

atl

ord57
ord18
ord15
ord21
ord23
ord32
ord16
ord58
ord30

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/XinjiangRCC.dll
.dll regsvr32 windows:4 windows x86 arch:x86

72596bbca1b25c47aba1d0dfba468d07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceA
GetLastError
GetModuleFileNameA
GetVersionExA
LoadLibraryA
FreeLibrary
CreateFileA
GetFileSize
CloseHandle
ReadFile
GetProcAddress

user32

GetActiveWindow
MessageBoxA

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA

msvcrt

memcpy
strcpy
memset
strlen
_mbsrchr
sprintf
strcat
strstr
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPDuplicateHash
CPDuplicateKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/XinjiangRCC.sig
$_0_/XinjiangRCC64.dll
.dll regsvr32 windows:4 windows x64 arch:x64

7082ba4e22c1b1706b0f44361773c563

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindResourceA
GetLastError
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetVersionExA
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
CreateFileA
GetFileSize
ReadFile
GetCurrentProcessId
CloseHandle

user32

GetActiveWindow
MessageBoxA

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA

msvcrt

strcpy
memset
strlen
memcpy
strstr
sprintf
_mbsrchr
_initterm
free
malloc
strcat

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPDuplicateHash
CPDuplicateKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/XinjiangRCC64.sig
$_0_/XinjiangRCC64Ex.dll
.dll windows:4 windows x64 arch:x64

5e0728b167936b0b2bc805e01b7afc10

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

21/03/2019, 16:19

Not After

20/03/2022, 16:19

Subject

CN=恒银金融科技股份有限公司,O=恒银金融科技股份有限公司,L=天津市,ST=天津市,C=CN,1.2.840.113549.1.9.1=#0c15646169786a4063617368776179746563682e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:62:9a:3d:12:02:91:7c:5d:bd:91:20:fa:f2:b4:ec:bd:0b:19:2f:ba:a5:ed:29:77:27:98:22:6e:19:88:ca
Signer

Actual PE Digest

05:62:9a:3d:12:02:91:7c:5d:bd:91:20:fa:f2:b4:ec:bd:0b:19:2f:ba:a5:ed:29:77:27:98:22:6e:19:88:ca

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetEndOfFile
VirtualAlloc
VirtualProtect
CreateFileW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateFileA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadWritePtr
FreeLibrary
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteFile
LCMapStringW
LCMapStringA
HeapSize
GetPrivateProfileIntW
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ReadFile
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
HeapDestroy
HeapCreate
HeapSetInformation
GetVersionExA
GetCommandLineA
RtlPcToFileHeader
RaiseException
HeapReAlloc
RtlUnwindEx
IsBadReadPtr
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcmpiW
GetModuleHandleW
GetVersionExW
GetSystemDirectoryW
GetShortPathNameW
lstrcmpW
CloseHandle
VirtualQuery
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcmpA
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcatA
lstrcatW
lstrcpyA
Sleep
lstrcpyW
lstrlenW
WideCharToMultiByte
FileTimeToSystemTime
LocalAlloc
lstrlenA
lstrcpynA
OpenEventW
GetCurrentThread
SetEvent
GetStartupInfoW
CreateProcessW
WaitForMultipleObjects
LoadLibraryA
MultiByteToWideChar
GetUserDefaultUILanguage
GetPrivateProfileStringW
GetModuleHandleA
GetSystemInfo
FormatMessageA
OutputDebugStringA
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetCurrentProcess
LoadLibraryW
ExitProcess
GetProcAddress
GetLastError
LocalFree
HeapFree
GetProcessHeap
HeapAlloc
GetCPInfo
SetLastError

user32

SetForegroundWindow
AttachThreadInput
EnumWindows
GetForegroundWindow
GetWindowThreadProcessId
CreateDialogIndirectParamW
GetMessageW
IsDialogMessageW
GetClassNameW
GetDlgCtrlID
IsWindowEnabled
TranslateMessage
DispatchMessageW
MessageBoxA
MessageBoxW
wsprintfW
keybd_event
MapVirtualKeyExW
PostMessageW
SetFocus
RemovePropW
GetDesktopWindow
SetWindowPos
ShowWindow
PtInRect
GetSysColor
DrawFocusRect
DrawTextW
GetKeyState
FindWindowExW
IsWindowVisible
SetTimer
SetWindowsHookExW
GetFocus
GetAsyncKeyState
GetKeyboardState
ToAscii
CallNextHookEx
GetWindowLongPtrW
KillTimer
UnhookWindowsHookEx
GetWindowTextLengthW
wsprintfA
GetWindowTextW
DestroyWindow
SetWindowTextW
SetDlgItemTextW
FrameRect
InflateRect
GetActiveWindow
DialogBoxParamW
SetPropW
GetPropW
GetWindowRect
IsWindow
SetActiveWindow
EnableWindow
GetDlgItemTextA
FillRect
GetClientRect
LoadIconW
CallWindowProcW
GetWindowLongW
GetParent
SendMessageW
InvalidateRect
GetDC
ValidateRect
DrawFrameControl
DrawIcon
ReleaseDC
BeginPaint
EndPaint
EndDialog
GetDlgItem
SetWindowLongPtrW
GetWindow

gdi32

DeleteObject
CreateFontA
GetCurrentObject
GetObjectW
GetTextExtentPoint32W
SetBkColor
ExtTextOutW
SelectClipRgn
CreateSolidBrush
CreateFontIndirectW
SelectObject
SetTextColor
SetBkMode
SetTextAlign
TextOutW
CreateRectRgnIndirect
GetStockObject

advapi32

RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CloseServiceHandle
StartServiceW
DeleteService
OpenServiceW
CreateServiceW
OpenSCManagerW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegQueryValueExW
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExW

crypt32

CertOpenStore
CertCreateCertificateContext
CertCloseStore
CertGetNameStringA
CertFreeCertificateContext
CryptVerifyCertificateSignature

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

comctl32

_TrackMouseEvent

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPDuplicateHash
CPDuplicateKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
GetCspName
SKF_ServiceW

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/XinjiangRCCEx.dll
.dll windows:4 windows x86 arch:x86

f3d2928cc4acb094eaabdd89513ed448

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

21/03/2019, 16:19

Not After

20/03/2022, 16:19

Subject

CN=恒银金融科技股份有限公司,O=恒银金融科技股份有限公司,L=天津市,ST=天津市,C=CN,1.2.840.113549.1.9.1=#0c15646169786a4063617368776179746563682e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:f4:3b:d9:8a:d3:45:13:66:39:23:a1:90:67:84:be:72:2c:ac:01:76:81:a5:61:70:a5:8b:26:81:9f:3f:56
Signer

Actual PE Digest

c7:f4:3b:d9:8a:d3:45:13:66:39:23:a1:90:67:84:be:72:2c:ac:01:76:81:a5:61:70:a5:8b:26:81:9f:3f:56

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetLocalTime
GetCurrentProcessId
GetPrivateProfileIntW
OutputDebugStringW
GetCurrentProcess
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
GetShortPathNameW
lstrcmpW
CloseHandle
VirtualQuery
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcmpA
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcatA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
lstrcmpiW
GetModuleHandleW
GetCurrentThread
SetLastError
SetEvent
OpenEventW
GetStartupInfoW
CreateProcessW
WaitForMultipleObjects
LoadLibraryA
MultiByteToWideChar
GetUserDefaultUILanguage
GetPrivateProfileStringW
GetModuleHandleA
GetSystemInfo
FormatMessageA
GetSystemDirectoryW
OutputDebugStringA
lstrcatW
WideCharToMultiByte
FileTimeToSystemTime
lstrcpyA
Sleep
lstrcpyW
lstrlenA
lstrlenW
HeapAlloc
LocalAlloc
LocalFree
GetProcessHeap
HeapFree
lstrcpynA
GetLastError

user32

SetForegroundWindow
AttachThreadInput
EnumWindows
GetForegroundWindow
GetWindowThreadProcessId
GetWindow
GetKeyState
GetSysColor
DrawFocusRect
DrawTextW
FindWindowExW
PtInRect
GetDesktopWindow
SetWindowPos
IsWindowVisible
ShowWindow
CreateDialogIndirectParamW
GetMessageW
IsDialogMessageW
GetClassNameW
GetDlgCtrlID
IsWindowEnabled
TranslateMessage
DispatchMessageW
KillTimer
SetTimer
SetWindowsHookExW
UnhookWindowsHookEx
GetFocus
GetAsyncKeyState
GetKeyboardState
ToAscii
CallNextHookEx
GetWindowTextLengthW
wsprintfA
GetWindowTextW
DestroyWindow
SetWindowTextW
SetDlgItemTextW
FrameRect
InflateRect
GetActiveWindow
GetDlgItemTextA
FillRect
GetClientRect
LoadIconW
CallWindowProcW
GetWindowLongW
GetParent
SendMessageW
InvalidateRect
GetDC
ValidateRect
DrawFrameControl
DrawIcon
ReleaseDC
BeginPaint
EndPaint
IsWindow
SetActiveWindow
EnableWindow
EndDialog
RemovePropW
GetDlgItem
SetWindowLongW
SetFocus
PostMessageW
MessageBoxW
MessageBoxA
wsprintfW
DialogBoxParamW
GetPropW
SetPropW
GetWindowRect
keybd_event
MapVirtualKeyExW

gdi32

TextOutW
SetBkMode
SetTextColor
SelectObject
CreateFontIndirectW
CreateSolidBrush
GetStockObject
ExtTextOutW
SetBkColor
GetTextExtentPoint32W
SelectClipRgn
CreateRectRgnIndirect
GetObjectW
GetCurrentObject
CreateFontA
DeleteObject
SetTextAlign

advapi32

OpenThreadToken
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenSCManagerW
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegQueryValueExW
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CloseServiceHandle
StartServiceW
DeleteService
OpenServiceW
CreateServiceW
OpenProcessToken

crypt32

CryptVerifyCertificateSignature
CertCreateCertificateContext
CertGetNameStringA
CertCloseStore
CertOpenStore
CertFreeCertificateContext

msvcrt

strcmp
strstr
strchr
strcpy
memcpy
strrchr
free
malloc
memmove
__CxxFrameHandler
memcmp
fclose
??2@YAPAXI@Z
ftell
_strupr
fseek
fopen
_CxxThrowException
??0exception@@QAE@ABV0@@Z
strncpy
??0exception@@QAE@XZ
??1exception@@UAE@XZ
wcstoul
wcslen
wcscpy
_wcsicmp
rand
srand
time
realloc
strlen
vswprintf
vfwprintf
fwprintf
_vsnprintf
sprintf
vfprintf
wcsstr
_wfopen
strtoul
abs
_ftol
_snprintf
_purecall
isalpha
isalnum
strncmp
tolower
isspace
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
memset
strcat
_wcsupr
_stricmp
fprintf

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

comctl32

_TrackMouseEvent

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPDuplicateHash
CPDuplicateKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
GetCspName
SKF_ServiceW

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/XinjiangRCCEx.exe
.exe windows:4 windows x86 arch:x86

80c2e8126f340e76ed1e9287b4dfdc43

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

21/03/2019, 16:19

Not After

20/03/2022, 16:19

Subject

CN=恒银金融科技股份有限公司,O=恒银金融科技股份有限公司,L=天津市,ST=天津市,C=CN,1.2.840.113549.1.9.1=#0c15646169786a4063617368776179746563682e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:00:ff:74:f6:84:1e:ce:23:18:c9:5e:b3:94:83:4e:3e:83:0d:29:f8:e8:47:6d:b0:a0:db:40:84:d7:fc:ed
Signer

Actual PE Digest

62:00:ff:74:f6:84:1e:ce:23:18:c9:5e:b3:94:83:4e:3e:83:0d:29:f8:e8:47:6d:b0:a0:db:40:84:d7:fc:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
GetUserDefaultUILanguage
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
GetPrivateProfileIntW
CreateEventW
OpenEventW
GetCurrentThread
CompareStringW
CompareStringA
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
CreateFileW
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
CreateFileA
FlushFileBuffers
SetStdHandle
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
GetSystemInfo
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
WriteFile
TlsAlloc
HeapSize
HeapReAlloc
RaiseException
ExitProcess
GetCommandLineA
GetStartupInfoA
InterlockedIncrement
InterlockedDecrement
HeapAlloc
HeapFree
ExitThread
TlsGetValue
TlsSetValue
RtlUnwind
GetSystemTime
GetTimeZoneInformation
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSection
EnterCriticalSection
FormatMessageA
GetLocalTime
GetCurrentProcess
GetVersionExW
SetEvent
WaitForMultipleObjects
TerminateProcess
CreateProcessW
WaitForSingleObject
lstrcmpiA
lstrcmpW
lstrcmpiW
OutputDebugStringW
FindResourceW
LoadResource
LockResource
lstrcatW
CloseHandle
CreateMutexA
CreateThread
TerminateThread
Sleep
ReleaseMutex
LoadLibraryA
SetEnvironmentVariableA
GetModuleFileNameA
GetLongPathNameA
lstrcatA
GetSystemTimeAsFileTime
CompareFileTime
lstrlenW
LocalAlloc
MultiByteToWideChar
LocalFree
GetModuleFileNameW
OutputDebugStringA
GetVersion
GetFileAttributesW
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
GetLastError
SetLastError
GetProcAddress
FreeLibrary
FileTimeToSystemTime
lstrcpyW
lstrcmpA
lstrcpyA
lstrlenA
GetCurrentThreadId
FreeEnvironmentStringsW
GetCurrentProcessId

user32

UnhookWindowsHookEx
GetAsyncKeyState
GetKeyboardState
ToAscii
GetWindowTextLengthW
GetSysColor
DrawFocusRect
GetClassNameW
GetFocus
SetWindowsHookExW
PtInRect
IsWindowVisible
PostMessageA
GetMenuItemCount
CallWindowProcW
EndPaint
AttachThreadInput
IsDialogMessageW
IsWindowEnabled
GetKeyState
GetDlgCtrlID
GetMessageW
GetWindow
GetWindowThreadProcessId
DrawTextW
CheckMenuRadioItem
LoadBitmapW
SendDlgItemMessageW
EnumThreadWindows
SendMessageA
ShowWindow
GetCursorPos
TrackPopupMenu
GetDesktopWindow
SetForegroundWindow
GetForegroundWindow
CreateDialogIndirectParamW
GetWindowTextW
DestroyWindow
DefWindowProcA
ReleaseDC
DrawIcon
DrawFrameControl
ValidateRect
BeginPaint
GetDC
InvalidateRect
SendMessageW
GetParent
GetWindowLongA
SetWindowLongA
SetWindowPos
FindWindowExW
PeekMessageW
TranslateMessage
DispatchMessageW
wsprintfA
MessageBoxA
CharUpperA
DefWindowProcW
DestroyMenu
IsDlgButtonChecked
LoadMenuW
GetSubMenu
CheckDlgButton
CheckRadioButton
GetDlgItemTextA
FillRect
GetWindowRect
IsWindow
SetActiveWindow
GetDlgItemTextW
SetWindowTextA
SetDlgItemTextA
EnumWindows
EnableWindow
EndDialog
KillTimer
RemovePropW
GetDlgItem
SetWindowLongW
SetWindowTextW
SetDlgItemTextW
SetTimer
FrameRect
InflateRect
SetFocus
PostMessageW
MapVirtualKeyExW
keybd_event
OpenClipboard
EmptyClipboard
CloseClipboard
SetPropW
GetPropW
DialogBoxParamW
wsprintfW
GetActiveWindow
MessageBoxW
GetClientRect
LoadIconW
GetWindowLongW
CallNextHookEx

gdi32

GetCurrentObject
GetObjectW
GetTextExtentPoint32W
GetStockObject
TextOutW
SetTextAlign
SetBkMode
SetTextColor
SelectObject
CreateFontIndirectW
CreateSolidBrush
DeleteObject
SelectClipRgn
CreateRectRgnIndirect
CreateFontA
SetBkColor
ExtTextOutW

shell32

Shell_NotifyIconW

advapi32

RegOpenKeyExA
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenThreadToken
OpenProcessToken

comctl32

_TrackMouseEvent

ole32

OleInitialize

oleaut32

VariantClear

crypt32

CertFreeCertificateContext
CertCreateCertificateContext
CertOpenStore
CertGetNameStringW
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertCloseStore
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertCompareCertificate
CertEnumCertificatesInStore
CertRegisterSystemStore
CertOpenSystemStoreA

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_0_/XinjiangRCCExM.exe
.exe windows:4 windows x86 arch:x86

e24a4bd302698fadda6d74bda4d6ad79

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

21/03/2019, 16:19

Not After

20/03/2022, 16:19

Subject

CN=恒银金融科技股份有限公司,O=恒银金融科技股份有限公司,L=天津市,ST=天津市,C=CN,1.2.840.113549.1.9.1=#0c15646169786a4063617368776179746563682e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:33:4b:2d:15:68:25:f3:d0:bc:a6:40:49:6f:7f:08:0c:77:6d:94:b5:9f:09:bc:9d:87:f0:1f:e6:28:ff:30
Signer

Actual PE Digest

1f:33:4b:2d:15:68:25:f3:d0:bc:a6:40:49:6f:7f:08:0c:77:6d:94:b5:9f:09:bc:9d:87:f0:1f:e6:28:ff:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
GetVersionExA
LocalFree
OutputDebugStringA
GetCurrentThreadId
GetLocalTime
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetStartupInfoA
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
CloseHandle
WaitForMultipleObjects
GetModuleFileNameA
GetLastError
Sleep
GetStringTypeA
CreateFileA
FlushFileBuffers
SetStdHandle
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
HeapAlloc
LCMapStringA
LCMapStringW
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
GetStringTypeW

user32

RegisterDeviceNotificationA

advapi32

RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserA
StartServiceA
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
RegisterServiceCtrlHandlerExA
SetServiceStatus
StartServiceCtrlDispatcherA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_0_/XinjiangRCCI64.dll
.dll windows:4 windows x64 arch:x64

c66f7f9c0f2e31532b484f7877163cff

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

21/03/2019, 16:19

Not After

20/03/2022, 16:19

Subject

CN=恒银金融科技股份有限公司,O=恒银金融科技股份有限公司,L=天津市,ST=天津市,C=CN,1.2.840.113549.1.9.1=#0c15646169786a4063617368776179746563682e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:cc:c2:b6:56:7c:fd:d8:fa:fe:33:f5:24:e6:b3:8d:79:5e:83:e4:22:65:23:a3:3d:c8:a9:e1:d2:c5:89:32
Signer

Actual PE Digest

ce:cc:c2:b6:56:7c:fd:d8:fa:fe:33:f5:24:e6:b3:8d:79:5e:83:e4:22:65:23:a3:3d:c8:a9:e1:d2:c5:89:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
GetLastError
GetSystemInfo
GetModuleHandleA
GetUserDefaultUILanguage
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiA
HeapFree
HeapAlloc
GetProcessHeap
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleFileNameA
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
lstrcatA
LocalAlloc
GetPrivateProfileStringA
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentThread
OpenMutexA
DeviceIoControl
WriteFile
ReadFile
CreateFileA
FindFirstFileA
FindClose
FindNextFileA
ReleaseMutex
CreateMutexA
OutputDebugStringA
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
TerminateThread
lstrlenA
Sleep
lstrcpyA
SetLastError
FindResourceA
LoadResource
SizeofResource
LockResource
FreeResource
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
CreateEventA
ResumeThread
GlobalAlloc
SetEvent
WaitForSingleObject
CloseHandle
SetUnhandledExceptionFilter
ResetEvent

user32

EnumWindows
IsWindow
GetWindowThreadProcessId
GetWindowTextA
ScreenToClient
GetWindowRect
AttachThreadInput
SetActiveWindow
GetParent
GetDC
FillRect
GetSysColor
ReleaseDC
SetWindowPos
SetForegroundWindow
InvalidateRect
SetRect
SetWindowTextA
SetDlgItemTextA
wsprintfA
GetDlgItem
EndDialog
GetWindowLongA
EndPaint
BeginPaint
PostMessageA
KillTimer
GetPropA
SetPropA
DialogBoxParamA
SendDlgItemMessageA
SetFocus
GetClassNameA
GetDlgCtrlID
GetWindow
LoadBitmapA
MessageBoxA
GetForegroundWindow
GetActiveWindow
MoveWindow
SetTimer

gdi32

GetObjectA
CreateFontIndirectA
SetTextColor
SetBkColor
BitBlt
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
CreateSolidBrush
GetStockObject
GetDeviceCaps

advapi32

RegOpenKeyExA
OpenProcessToken
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueExA
OpenThreadToken
RegSetValueExA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

msvcrt

malloc
_initterm
strtoul
fseek
ftell
memmove
memchr
wcsstr
_onexit
__dllonexit
fprintf
vfprintf
_vsnprintf
fopen
fwprintf
fclose
strcmp
strrchr
strcat
sprintf
strcpy
strstr
strlen
memset
memcmp
__CxxFrameHandler
_beginthreadex
??2@YAPEAX_K@Z
memcpy
??3@YAXPEAX@Z
?terminate@@YAXXZ
__C_specific_handler
free
strtol
strncpy
_purecall
strncmp
_CxxThrowException
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
_strupr
??1type_info@@UEAA@XZ

msimg32

TransparentBlt

hid

HidD_GetAttributes
HidD_SetFeature
HidP_GetCaps
HidD_GetPreparsedData
HidD_GetFeature

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

Exports

Exports

SKF_ChangePIN
SKF_ClearSecureState
SKF_CloseApplication
SKF_CloseContainer
SKF_CloseHandle
SKF_ConnectDev
SKF_CreateContainer
SKF_DeleteContainer
SKF_DigestFinal
SKF_DigestInit
SKF_DigestUpdate
SKF_DisConnectDev
SKF_EnumApplication
SKF_EnumContainer
SKF_EnumDev
SKF_ExportCertificate
SKF_ExportPublicKey
SKF_GenRSAKeyPair
SKF_GenRandom
SKF_GetContianerType
SKF_GetDevInfo
SKF_GetDllVersion
SKF_GetPINInfo
SKF_GetSecureState
SKF_GetWebSite
SKF_ImportCertificate
SKF_ImportPriKey
SKF_Initialize
SKF_LockDev
SKF_OpenApplication
SKF_OpenContainer
SKF_RSASignData
SKF_RSASignHash
SKF_ResumeKeyDesktope
SKF_SetHashParam
SKF_SetLCDLanguage
SKF_SetLabel
SKF_Setlanguage
SKF_Uninstall
SKF_UnlockDev
SKF_UpdateWebSite
SKF_VerifyPIN
TSP_Apdu
TSP_Close
TSP_GetDllVersion
TSP_GetProperty
TSP_ListUK
TSP_Open
TSP_Reset
TSP_SetProperty

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/XinjiangRCCI86.dll
.dll windows:4 windows x86 arch:x86

41969e168fea22f244e51cfb4e7ab588

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

21/03/2019, 16:19

Not After

20/03/2022, 16:19

Subject

CN=恒银金融科技股份有限公司,O=恒银金融科技股份有限公司,L=天津市,ST=天津市,C=CN,1.2.840.113549.1.9.1=#0c15646169786a4063617368776179746563682e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0a:18:5c:76:1f:1a:bd:f0:8e:a6:f5:78:f7:12:77:02:b6:b8:7d:a4:83:c6:09:35:98:1c:9d:8e:99:92:71
Signer

Actual PE Digest

06:0a:18:5c:76:1f:1a:bd:f0:8e:a6:f5:78:f7:12:77:02:b6:b8:7d:a4:83:c6:09:35:98:1c:9d:8e:99:92:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetSystemInfo
GetModuleHandleA
lstrlenW
GetPrivateProfileStringW
GetUserDefaultUILanguage
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetPrivateProfileIntW
GetModuleFileNameW
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
ResumeThread
FreeResource
LockResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetEndOfFile
SetConsoleCtrlHandler
GetOEMCP
GetACP
FormatMessageA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileW
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
InterlockedIncrement
InterlockedDecrement
SetFilePointer
GetStartupInfoA
GetFileType
LocalFree
GetModuleFileNameA
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
GetLocalTime
OutputDebugStringW
GetCurrentProcess
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
GetPrivateProfileStringA
lstrlenA
lstrcatW
lstrcpyA
SetLastError
SetEvent
ResetEvent
WaitForSingleObject
FindResourceW
LoadResource
SizeofResource
GlobalAlloc
CreateEventW
GetStdHandle
SetHandleCount
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
TerminateThread
CreateThread
Sleep
LocalAlloc
GetCPInfo
lstrcpyW
DeleteCriticalSection
InitializeCriticalSection
HeapSize
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
TlsFree
TlsAlloc
CreateMutexA
ReleaseMutex
FindNextFileA
FindClose
FindFirstFileA
CreateFileA
ReadFile
WriteFile
DeviceIoControl
GetVersionExA
LoadLibraryA
OpenMutexA
CreateEventA
OpenEventA
WaitForMultipleObjects
GetCurrentThread
RtlUnwind
TlsSetValue
TlsGetValue
ExitThread
RaiseException
GetTimeZoneInformation
GetSystemTime
HeapReAlloc
GetCommandLineA
GetVersion

user32

MoveWindow
GetDC
GetForegroundWindow
ScreenToClient
SetRect
SetFocus
SetForegroundWindow
SetActiveWindow
AttachThreadInput
EnumWindows
GetWindowThreadProcessId
IsWindow
SetWindowTextW
GetWindow
GetDlgCtrlID
GetClassNameW
wsprintfA
GetWindowTextW
GetActiveWindow
MessageBoxA
GetWindowRect
MessageBoxW
SendDlgItemMessageW
LoadBitmapW
ShowWindow
KillTimer
PostMessageW
BeginPaint
EndPaint
GetWindowLongW
GetDlgItem
wsprintfW
SetDlgItemTextW
SetTimer
EndDialog
SetPropW
GetPropW
DialogBoxParamW
CopyRect
SetWindowPos
GetSysColor
FillRect
InvalidateRect
GetParent
ReleaseDC

gdi32

SetBkColor
DeleteObject
DeleteDC
SelectObject
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
SetTextColor
GetDeviceCaps
GetStockObject
CreateSolidBrush
BitBlt
CreateCompatibleDC

advapi32

RegCloseKey
OpenProcessToken
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
AllocateAndInitializeSid
FreeSid
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW
OpenThreadToken

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

msimg32

TransparentBlt

hid

HidD_GetFeature
HidD_SetFeature
HidP_GetCaps
HidD_GetAttributes
HidD_GetPreparsedData

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

wtsapi32

WTSQuerySessionInformationA
WTSEnumerateSessionsA
WTSFreeMemory

Exports

Exports

SKF_ChangePIN
SKF_ClearSecureState
SKF_CloseApplication
SKF_CloseContainer
SKF_CloseHandle
SKF_ConnectDev
SKF_CreateContainer
SKF_DeleteContainer
SKF_DigestFinal
SKF_DigestInit
SKF_DigestUpdate
SKF_DisConnectDev
SKF_EnumApplication
SKF_EnumContainer
SKF_EnumDev
SKF_ExportCertificate
SKF_ExportPublicKey
SKF_GenRSAKeyPair
SKF_GenRandom
SKF_GetContianerType
SKF_GetDevInfo
SKF_GetDllVersion
SKF_GetPINInfo
SKF_GetSecureState
SKF_GetWebSite
SKF_ImportCertificate
SKF_ImportPriKey
SKF_Initialize
SKF_LockDev
SKF_OpenApplication
SKF_OpenContainer
SKF_RSASignData
SKF_RSASignHash
SKF_ResumeKeyDesktope
SKF_SetHashParam
SKF_SetLCDLanguage
SKF_SetLabel
SKF_Setlanguage
SKF_Uninstall
SKF_UnlockDev
SKF_UpdateWebSite
SKF_VerifyPIN
TSP_Apdu
TSP_Close
TSP_GetDllVersion
TSP_GetProperty
TSP_ListUK
TSP_Open
TSP_Reset
TSP_SetProperty

Sections

.text
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/XinjiangRCCs.ini
$_0_/main.ico
cfca/CMCA.cer
cfca/CMCAEnterpriseCA.cer
cfca/CMCAIndividualCA.cer
cfca/CMCARootCA.cer
cfca/ROOTCA.cer
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

04:44:c0Certificate

Key Usages

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:afCertificate

Extended Key Usages

Key Usages

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

76:83:29:90:76:67:38:01:7a:8a:f3:60:d2:e8:7e:97:c3:28:73:fb:15:27:d4:3f:74:3e:cb:3a:14:23:5f:33Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 564KB

.rsrc Size: 5KB - Virtual size: 5KB

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 899B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 574B

fe7b8c856f730a0011541b01a952ac16

Code Sign

04:44:c0Certificate

Key Usages

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:afCertificate

Extended Key Usages

Key Usages

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

52:a0:50:ad:c8:c5:61:b7:34:9e:f1:1b:cf:93:ee:0b:0d:7d:03:07:37:4f:2a:5f:ff:a7:34:5e:f0:62:bc:c3Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

04:44:c0
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

76:83:29:90:76:67:38:01:7a:8a:f3:60:d2:e8:7e:97:c3:28:73:fb:15:27:d4:3f:74:3e:cb:3a:14:23:5f:33
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 564KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

04:44:c0
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

52:a0:50:ad:c8:c5:61:b7:34:9e:f1:1b:cf:93:ee:0b:0d:7d:03:07:37:4f:2a:5f:ff:a7:34:5e:f0:62:bc:c3
Signer

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 4KB - Virtual size: 1KB

04:44:c0
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7c:c1:c0:6d:60:b7:85:36:36:f6:9a:9e:dc:97:b8:40:29:d0:1f:f6:4f:87:87:44:94:3f:8f:17:0a:fe:50:bc
Signer

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

04:44:c0
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

58:c5:1f:95:12:68:8f:e4:cd:17:0a:3e:a9:72:24:b5
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

62:c2:b6:53:dc:9c:78:07:2d:de:c1:47:24:2d:fe:be:0d:57:98:26:47:2d:f4:f8:c9:79:0e:62:5b:63:9c:32
Signer