0dea6a62382b409496d75bdedd96dc10_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0dea6a62382b409496d75bdedd96dc10_NeikiAnalytics.exe
Size

109KB
MD5

0dea6a62382b409496d75bdedd96dc10
SHA1

dff6e19180fc678dd275773fbd1c92b775ff757c
SHA256

0e61a207bfbc19086f901b8af5381e1f3d46be29bfd6d5ea03585dc643c241d9
SHA512

7d6fe4ec4f445399255fdc02f4e54d68e4933d5534c8e5df71e2d411bd9c3bc00e1faccf8720cd304dedf6c784276aa1af767f328ed441d2a95238c97a32162f
SSDEEP

3072:NbvNVc37q4ouKlQg+KQ1jI4ZdO/FVqY9Ql:NLNVcu4cdMXO/F8Yul

Score

1^/10

Malware Config

Signatures

Files

0dea6a62382b409496d75bdedd96dc10_NeikiAnalytics.exe
.dll windows:5 windows x64 arch:x64

7cf4f6981566dd7d27fa1f028bdfeed4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6e:68:18:be:19:a8:48:9b:79:38:ce:fa:d9:50:92:66
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/04/2014, 00:00

Not After

22/05/2017, 23:59

Subject

CN=Shenyang GeneralSoft Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenyang GeneralSoft Co.\, Ltd,L=Shenyang,ST=Liaoning,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e5:ad:6f:17:48:6f:1a:66:3f:4b:76:c9:4d:ef:8e:5a:15:57:f0
Signer

Actual PE Digest

0d:e5:ad:6f:17:48:6f:1a:66:3f:4b:76:c9:4d:ef:8e:5a:15:57:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime

msvcp100

?_Xlength_error@std@@YAXPEBD@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z

msvcr100

??_V@YAXPEAX@Z
free
_purecall
?terminate@@YAXXZ
_ultoa
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__clean_type_info_names_internal
_atoi64
ftell
fread
strtoul
printf
fopen
fclose
fwrite
_mbsnbicmp
_mbsnbcmp
sprintf
??0exception@std@@QEAA@AEBV01@@Z
_CxxThrowException
??2@YAPEAX_K@Z
memset
__CxxFrameHandler3
memmove
memcpy
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBQEBD@Z
_mbslwr
_mbsicmp
_mbsnbcpy
strtod
memcmp
fseek
_i64toa
__C_specific_handler

user32

PostThreadMessageA

Exports

Exports

??0CSCObject@@QEAA@AEBV0@@Z
??0CSCObject@@QEAA@XZ
??0CSCStruct@@QEAA@AEBV0@@Z
??0CSCStruct@@QEAA@XZ
??0CSCType@@QEAA@AEBV0@@Z
??0CSCType@@QEAA@KPEAD@Z
??0CSCType@@QEAA@NPEAD@Z
??0CSCType@@QEAA@PEAD0H@Z
??0CSCType@@QEAA@PEAEKPEADH@Z
??0CSCType@@QEAA@W4D_TYPE@@PEADK1@Z
??0CSCType@@QEAA@XZ
??0CSCType@@QEAA@_KPEAD@Z
??0CScriptBuffer@@QEAA@AEBV0@@Z
??0CScriptBuffer@@QEAA@PEADH@Z
??0CScriptBuffer@@QEAA@PEADKH@Z
??0CScriptBuffer@@QEAA@XZ
??0CXmlLib@@QEAA@AEBV0@@Z
??0CXmlLib@@QEAA@PEAVCScriptBuffer@@@Z
??0CXmlLib@@QEAA@XZ
??0CXmlNode@@QEAA@AEBV0@@Z
??0CXmlNode@@QEAA@XZ
??0CXmlTree@@QEAA@AEBV0@@Z
??0CXmlTree@@QEAA@XZ
??1CSCObject@@QEAA@XZ
??1CSCStruct@@QEAA@XZ
??1CSCType@@QEAA@XZ
??1CScriptBuffer@@QEAA@XZ
??1CXmlLib@@QEAA@XZ
??1CXmlNode@@QEAA@XZ
??1CXmlTree@@QEAA@XZ
??4CSCObject@@QEAAPEAV0@AEBV0@@Z
??4CSCStruct@@QEAAXAEBV0@@Z
??4CSCType@@QEAAXAEBV0@@Z
??4CSCType@@QEAAXK@Z
??4CSCType@@QEAAXN@Z
??4CSCType@@QEAAXPEAD@Z
??4CSCType@@QEAAX_K@Z
??4CScriptBuffer@@QEAAPEAV0@AEBV0@@Z
??4CXmlLib@@QEAAAEAV0@AEBV0@@Z
??4CXmlNode@@QEAAAEAV0@AEBV0@@Z
??4CXmlTree@@QEAAAEAV0@AEBV0@@Z
??8CSCType@@QEAAHAEBV0@@Z
?AllocateBuffer@CScriptBuffer@@AEAAPEAEK@Z
?CalcBufferLength@CXmlTree@@CAXPEAVCXmlNode@@HPEAX@Z
?ClearScriptBufferData@CSCObject@@QEAAXXZ
?Clone@CScriptBuffer@@QEAAPEAV1@AEBV1@@Z
?Clone@CScriptBuffer@@QEAAPEAV1@XZ
?Combine@CScriptBuffer@@AEAAHPEAXKH@Z
?Combine@CScriptBuffer@@QEAAHPEADH@Z
?Combine@CScriptBuffer@@QEAAHPEAV1@H@Z
?Copy2Buffer@CXmlTree@@CAXPEAVCXmlNode@@HPEAX@Z
?CreateScriptXmlTree@CXmlLib@@QEAAHXZ
?CurrentLayerMatchVarName@CXmlLib@@CAPEAVCXmlNode@@PEAV2@PEAVCScriptBuffer@@@Z
?Decrypt@CSCType@@AEAAPEAEPEAEKPEAK@Z
?DelData@CSCObject@@QEAAHPEAVCSCStruct@@@Z
?DeleteData@CSCObject@@QEAAXAEAVCSCType@@H@Z
?DeleteData@CSCObject@@QEAAXK@Z
?DeleteData@CSCObject@@QEAAXP6AHAEAVCSCStruct@@PEAX@Z1H@Z
?DeleteData@CSCStruct@@QEAAXPEAD@Z
?DistallMemberData@CXmlLib@@CAHPEADKPEAVCScriptBuffer@@H@Z
?DistallNodeHeaderTail@CXmlNode@@AEAAXXZ
?DistallSubVarName2List@CXmlLib@@CAXPEAVCScriptBuffer@@PEAV?$list@VCScriptBuffer@@V?$allocator@VCScriptBuffer@@@std@@@std@@@Z
?EString2String@CSCType@@SAXPEBDKPEAD@Z
?Encrypt@CSCType@@AEAAPEAEPEAEKPEAK@Z
?Equal@CScriptBuffer@@QEAAHPEADH@Z
?Equal@CScriptBuffer@@QEAAHPEADKH@Z
?Equal@CScriptBuffer@@QEAAHPEAV1@H@Z
?Filter@CSCObject@@QEAAXPEAVCScriptBuffer@@@Z
?Filter@CSCStruct@@QEAAXAEAV?$list@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?FreeBuffer@CScriptBuffer@@AEAAXPEAX@Z
?FreeObjectResources@CSCObject@@QEAAXXZ
?FreeXmlTree@CXmlTree@@AEAAXPEAVCXmlNode@@@Z
?GetAtomData@CSCObject@@QEAAPEAVCSCType@@KK@Z
?GetAtomData@CSCObject@@QEAAPEAVCSCType@@KPEAD@Z
?GetBinData@CSCType@@QEAAPEAEPEAK@Z
?GetBrotherNode@CXmlNode@@QEAAPEAV1@XZ
?GetChildByFieldData@CXmlLib@@SAPEAVCXmlNode@@PEAV2@PEADPEAVCScriptBuffer@@@Z
?GetChildNode@CXmlNode@@QEAAPEAV1@XZ
?GetCount@CSCObject@@QEAAKXZ
?GetCount@CSCStruct@@QEAAKXZ
?GetDBObjDataPtr@CSCObject@@QEAAPEAU_DBObjData@@XZ
?GetData@CSCObject@@QEAAPEAVCSCStruct@@K@Z
?GetData@CSCObject@@QEAAPEAVCSCStruct@@P6AHAEAV2@PEAX@Z1@Z
?GetData@CSCStruct@@QEAAPEAVCSCType@@K@Z
?GetData@CSCStruct@@QEAAPEAVCSCType@@PEBD@Z
?GetDataFromRootDataNode@CXmlLib@@SAHPEAVCScriptBuffer@@PEAVCXmlNode@@0@Z
?GetDataSection@CXmlLib@@QEAAPEAVCXmlNode@@XZ
?GetDataType@CSCObject@@AEAAKPEAVCScriptBuffer@@@Z
?GetDoubleValue@CSCType@@QEAANXZ
?GetFieldFinallyData@CXmlLib@@QEAAHPEAVCXmlNode@@PEADPEAV?$list@PEAVCSCObject@@V?$allocator@PEAVCSCObject@@@std@@@std@@0KPEAVCScriptBuffer@@@Z
?GetFieldFinallyData@CXmlLib@@QEAAHPEAVCXmlNode@@PEAVCScriptBuffer@@PEAV?$list@PEAVCSCObject@@V?$allocator@PEAVCSCObject@@@std@@@std@@0K1@Z
?GetFlowSection@CXmlLib@@QEAAPEAVCXmlNode@@XZ
?GetInt64Value@CSCType@@QEAA_KXZ
?GetIntValue@CSCType@@QEAAKXZ
?GetLastChildNode@CXmlNode@@QEAAPEAV1@XZ
?GetLength@CScriptBuffer@@QEAAKXZ
?GetNodeHeaderScriptBuffer@CXmlNode@@QEAAPEAVCScriptBuffer@@XZ
?GetNodeScriptBuffer@CXmlNode@@QEAAPEAVCScriptBuffer@@XZ
?GetNodeTailScriptBuffer@CXmlNode@@QEAAPEAVCScriptBuffer@@XZ
?GetObjectHostId@CSCObject@@QEAAKXZ
?GetObjectName@CSCObject@@QEAAPEADXZ
?GetObjectStatus@CSCObject@@QEAAHPEAK@Z
?GetObjectTaskId@CSCObject@@QEAAPEADXZ
?GetObjectType@CSCObject@@QEAAPEADXZ
?GetParentNode@CXmlNode@@QEAAPEAV1@XZ
?GetResultSection@CXmlLib@@QEAAPEAVCXmlNode@@XZ
?GetRootDataNode@CXmlLib@@QEAAPEAVCXmlNode@@PEAVCScriptBuffer@@PEAV?$list@PEAVCSCObject@@V?$allocator@PEAVCSCObject@@@std@@@std@@PEAV2@K@Z
?GetRootNode@CXmlLib@@QEAAPEAVCXmlNode@@XZ
?GetRootNode@CXmlTree@@QEAAPEAVCXmlNode@@XZ
?GetRootVarName@CXmlLib@@SAHPEAVCScriptBuffer@@0@Z
?GetSCObjectScriptBuffer@CSCObject@@AEAAXXZ
?GetScriptBuffer@CScriptBuffer@@QEAAPEADH@Z
?GetScriptBufferData@CSCObject@@QEAAPEAVCScriptBuffer@@XZ
?GetScriptBufferData@CSCStruct@@QEAAPEAVCScriptBuffer@@XZ
?GetScriptBufferData@CSCType@@QEAAPEAVCScriptBuffer@@XZ
?GetScriptBufferData@CXmlTree@@QEAAPEAVCScriptBuffer@@XZ
?GetSectionFieldData@CXmlLib@@SAHPEAVCScriptBuffer@@00H@Z
?GetSectionFieldData@CXmlLib@@SAHPEAVCScriptBuffer@@PEAD0H@Z
?GetSectionFieldData@CXmlLib@@SAHPEAVCXmlNode@@PEADPEAVCScriptBuffer@@H@Z
?GetSectionFieldData@CXmlLib@@SAHPEAVCXmlNode@@PEAVCScriptBuffer@@1H@Z
?GetSectionName@CXmlLib@@SAHPEAVCScriptBuffer@@0@Z
?GetStringValue@CSCType@@QEAAPEADXZ
?GetStructName@CSCStruct@@QEAAPEADXZ
?GetStructType@CSCStruct@@QEAAPEADXZ
?GetSubSectionByName@CXmlLib@@QEAAPEAVCXmlNode@@PEAV2@PEAVCScriptBuffer@@@Z
?GetSubTaskSection@CXmlLib@@QEAAPEAVCXmlNode@@XZ
?GetValueName@CSCType@@QEAAPEADXZ
?GetValueType@CSCType@@QEAAKXZ
?GetValueTypeString@CSCType@@QEAAPEADXZ
?GetXmlTree@CSCObject@@QEAAPEAXXZ
?IdentifyBaseSection@CXmlLib@@AEAAHPEAVCXmlNode@@@Z
?InitMember@CScriptBuffer@@AEAAXH@Z
?InitObject@CSCObject@@QEAAHPEAV1@@Z
?InitObject@CSCObject@@QEAAHPEAVCScriptBuffer@@@Z
?InitObjectByArray@CSCObject@@AEAAHPEAVCScriptBuffer@@@Z
?InitObjectByBinType@CSCObject@@QEAAHPEAVCSCType@@@Z
?InitObjectByString@CSCObject@@AEAAHPEAVCScriptBuffer@@@Z
?InitObjectByStruct@CSCObject@@AEAAHPEAVCScriptBuffer@@@Z
?InitObjectByStruct@CSCObject@@QEAAHPEAVCSCStruct@@PEAD@Z
?InitObjectByType@CSCObject@@AEAAHPEAVCScriptBuffer@@@Z
?InitObjectByType@CSCObject@@QEAAHPEAVCSCType@@PEAD1@Z
?InitObjectResources@CSCObject@@AEAAXH@Z
?InitScriptBuffer@CScriptBuffer@@QEAAXXZ
?InitScriptBufferFromFile@CScriptBuffer@@QEAAHPEBDPEAK@Z
?InitStruct@CSCStruct@@QEAAHPEAVCScriptBuffer@@@Z
?InitStruct@CSCStruct@@QEAAHPEAX@Z
?InitStructResources@CSCStruct@@AEAAXXZ
?InitValue@CSCType@@AEAAXH@Z
?InitValue@CSCType@@AEAAXW4D_TYPE@@PEAD1@Z
?InitXmlTree@CXmlTree@@QEAAHPEAVCScriptBuffer@@H@Z
?InitXmlTree@CXmlTree@@QEAAHPEAVCXmlNode@@@Z
?IsAppointedSection@@YAHPEAVCScriptBuffer@@0@Z
?IsAppointedSection@@YAHPEAVCScriptBuffer@@PEAD@Z
?IsResult@@YAHPEAVCScriptBuffer@@@Z
?IsValidAddress@CScriptBuffer@@QEAAHPEAD@Z
?IsValidScript@CXmlLib@@QEAAHXZ
?IsValidType@CSCType@@AEAAHK@Z
?IsVariableData@@YAHPEAVCScriptBuffer@@@Z
?IsVariableMember@@YAHPEAVCScriptBuffer@@@Z
?LoopFindSubVarName@CXmlLib@@CAPEAVCXmlNode@@PEAV2@PEAV?$list@VCScriptBuffer@@V?$allocator@VCScriptBuffer@@@std@@@std@@@Z
?Printf@CScriptBuffer@@QEAAHPEAU_iobuf@@@Z
?Printf@CScriptBuffer@@QEAAHPEBDPEAK@Z
?Printf@CScriptBuffer@@QEAAXXZ
?Release@CScriptBuffer@@AEAAXXZ
?ReleaseBuffer@CScriptBuffer@@AEAAXXZ
?Replace@CScriptBuffer@@QEAAHPEAD0@Z
?ScriptBufferData2ScObject@CXmlLib@@SAHPEAVCScriptBuffer@@PEAVCSCObject@@@Z
?ScriptBufferData2ScType@CXmlLib@@SAHPEAVCScriptBuffer@@PEAVCSCType@@@Z
?Search@CScriptBuffer@@QEAAPEADPEAD0H@Z
?Search@CScriptBuffer@@QEAAPEADPEAD0KH@Z
?Search@CScriptBuffer@@QEAAPEADPEADH@Z
?Search@CScriptBuffer@@QEAAPEADPEADPEAV1@H@Z
?Search@CScriptBuffer@@QEAAPEADPEAV1@H@Z
?SetAtomData@CSCObject@@QEAAXKKPEAVCSCType@@@Z
?SetAtomData@CSCObject@@QEAAXKPEADPEAVCSCType@@@Z
?SetBrotherNode@CXmlNode@@QEAAXPEAV1@@Z
?SetChildNode@CXmlNode@@QEAAXPEAV1@@Z
?SetData@CSCObject@@QEAAXAEAVCSCStruct@@H@Z
?SetData@CSCStruct@@QEAAXVCSCType@@H@Z
?SetDataForUpdate@CSCObject@@QEAAHPEAVCSCStruct@@@Z
?SetExternScriptBuffer@CScriptBuffer@@QEAAXPEADK@Z
?SetLastChildNode@CXmlNode@@QEAAXPEAV1@@Z
?SetLength@CScriptBuffer@@QEAAXK@Z
?SetNodeScriptBuffer@CXmlNode@@QEAAXPEAD@Z
?SetNodeScriptBuffer@CXmlNode@@QEAAXPEAVCScriptBuffer@@@Z
?SetNodeScriptBufferLength@CXmlNode@@QEAAXK@Z
?SetObjectHostId@CSCObject@@QEAAXK@Z
?SetObjectName@CSCObject@@QEAAXPEAD@Z
?SetObjectName@CSCObject@@QEAAXPEAVCScriptBuffer@@@Z
?SetObjectStatus@CSCObject@@QEAAXHK@Z
?SetObjectTaskId@CSCObject@@QEAAXPEAD@Z
?SetObjectTaskId@CSCObject@@QEAAXPEAVCScriptBuffer@@@Z
?SetObjectType@CSCObject@@QEAAXPEAD@Z
?SetObjectType@CSCObject@@QEAAXPEAVCScriptBuffer@@@Z
?SetParentNode@CXmlNode@@QEAAXPEAV1@@Z
?SetScriptBuffer@CScriptBuffer@@QEAAXPEAD@Z
?SetScriptBuffer@CScriptBuffer@@QEAAXPEADKH@Z
?SetStructName@CSCStruct@@QEAAXPEAD@Z
?SetStructType@CSCStruct@@QEAAXPEAD@Z
?SetValue@CSCType@@QEAAHPEAEKPEADH@Z
?SetValue@CSCType@@QEAAHPEAVCScriptBuffer@@@Z
?SetValue@CSCType@@QEAAXKPEAD@Z
?SetValue@CSCType@@QEAAXNPEAD@Z
?SetValue@CSCType@@QEAAXPEAD0H@Z
?SetValue@CSCType@@QEAAXW4D_TYPE@@PEADK1@Z
?SetValue@CSCType@@QEAAX_KPEAD@Z
?SetValue@CScriptBuffer@@AEAAHPEADH@Z
?SetValue@CScriptBuffer@@AEAAHPEADKH@Z
?SetValueName@CSCType@@QEAAXPEAD@Z
?String2EString@CSCType@@SAXPEBDKPEAD@Z
?ToIntData@CScriptBuffer@@QEAAKXZ
?Trans2DwordType@CSCType@@SAKPEAD@Z
?Trans2ScriptBuffer@CSCObject@@AEAAXXZ
?Trans2ScriptBuffer@CSCStruct@@AEAAXXZ
?Trans2ScriptBuffer@CSCType@@AEAAXXZ
?Trans2ScriptBuffer@CXmlTree@@AEAAXXZ
?Trans2StringType@CSCType@@SAPEADK@Z
?Trans2StringValue@CSCType@@QEAAPEADXZ
?Trans2TypeData@CSCObject@@QEAAHPEAVCSCType@@PEAD@Z
?TranslateScript2XmlTree@CXmlLib@@QEAAHPEAVCScriptBuffer@@@Z
?UpdateData@CSCObject@@QEAAXAEAVCSCType@@AEAV1@@Z
?UpdateData@CSCObject@@QEAAXAEAVCSCType@@AEAVCSCStruct@@@Z
?UpdateData@CSCObject@@QEAAXKAEAVCSCStruct@@@Z
?UpdateData@CSCObject@@QEAAXPEADAEAV1@@Z
?UpdateData@CSCObject@@QEAAXPEADAEAVCSCStruct@@@Z
?UseDBObjData@CSCObject@@QEAAXXZ
?WalkData@CSCObject@@QEAAXP6AHAEAVCSCStruct@@PEAX@Z1@Z
?WalkScriptBuffer@CXmlTree@@AEAAHPEADK@Z
?WalkTree@CXmlTree@@AEAAXPEAVCXmlNode@@P6AX0HPEAX@Z1@Z

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 338B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cf4f6981566dd7d27fa1f028bdfeed4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

6e:68:18:be:19:a8:48:9b:79:38:ce:fa:d9:50:92:66Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0d:e5:ad:6f:17:48:6f:1a:66:3f:4b:76:c9:4d:ef:8e:5a:15:57:f0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp100

msvcr100

user32

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 338B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

6e:68:18:be:19:a8:48:9b:79:38:ce:fa:d9:50:92:66
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0d:e5:ad:6f:17:48:6f:1a:66:3f:4b:76:c9:4d:ef:8e:5a:15:57:f0
Signer

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 338B