27411b8ee02359cf055c4a19518699022e7a0643d20d99f6e25e3506865786eb_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

27411b8ee02359cf055c4a19518699022e7a0643d20d99f6e25e3506865786eb_NeikiAnalytics.exe
Size

2.9MB
MD5

4837c1307afc9bead32cee735cb9a5c0
SHA1

80a1ad1a920009ec96bdc4bbd6bab3ecb910539f
SHA256

27411b8ee02359cf055c4a19518699022e7a0643d20d99f6e25e3506865786eb
SHA512

2a41f2a920fb2d9fa732ff0835a6bfb8020dfbc7c02cf7637b031e0ba757c8e41326f6d39a17614f97cc8c93ea9fd8943ba03c3ba1d14cee91266e2b9fe2cb3a
SSDEEP

49152:8Tc1TqFzgF7rUeiqtxMts7QeeZA1kCDetCZlh5z2+ZK3gaebjUFqUr:8KlU41VDt2+ZOgatF5r

Score

1^/10

Malware Config

Signatures

Files

27411b8ee02359cf055c4a19518699022e7a0643d20d99f6e25e3506865786eb_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

1120ccc4e16b0d44893a51b135969c39

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:03:ec:13:10:54:92:5d:15:4c:c0:ad:ac:83:c7:9a
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

21/04/2023, 11:18

Not After

21/04/2026, 11:18

Subject

SERIALNUMBER=91440300576351268T,CN=Shenzhen Huion Trend Technology Co.\,LTD,O=Shenzhen Huion Trend Technology Co.\,LTD,L=Shenzhen,ST=Guangdong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:03:ec:13:10:54:92:5d:15:4c:c0:ad:ac:83:c7:9a
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

21/04/2023, 11:18

Not After

21/04/2026, 11:18

Subject

SERIALNUMBER=91440300576351268T,CN=Shenzhen Huion Trend Technology Co.\,LTD,O=Shenzhen Huion Trend Technology Co.\,LTD,L=Shenzhen,ST=Guangdong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:6c:b6:7e:43:94:10:c6:cb:b4:22:47:75:7e:7d:9b:57:30:72:ab:10:8d:de:bc:0e:11:3d:de:73:3c:bb:12
Signer

Actual PE Digest

a0:6c:b6:7e:43:94:10:c6:cb:b4:22:47:75:7e:7d:9b:57:30:72:ab:10:8d:de:bc:0e:11:3d:de:73:3c:bb:12

Digest Algorithm

sha256

PE Digest Matches

true

de:cb:44:61:94:3b:72:17:77:ee:02:74:74:49:97:99:80:f4:55:5b
Signer

Actual PE Digest

de:cb:44:61:94:3b:72:17:77:ee:02:74:74:49:97:99:80:f4:55:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\work_bak\projWin\DriverUI\src\UpDownManager\bin\release\x64\UpDownManager64.pdb

Imports

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStdHandle
GetACP
GetModuleFileNameA
SetEnvironmentVariableA
InitializeSListHead
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetFileType
SetStdHandle
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
GetStringTypeW
LCMapStringW
OutputDebugStringW
ExitProcess
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
SearchPathW
GetProfileIntW
GetTickCount
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
FindResourceExW
lstrcpyW
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFindAtomW
FreeResource
GetSystemDirectoryW
EncodePointer
GlobalGetAtomNameW
SetErrorMode
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpW
GlobalDeleteAtom
GetVersionExW
GetCurrentThread
GetCurrentProcessId
LocalAlloc
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetThreadPriority
GetCurrentThreadId
lstrcmpA
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
lstrcmpiW
LoadLibraryExW
GetModuleHandleExW
GetCurrentProcess
DuplicateHandle
OutputDebugStringA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetProcAddress
GetModuleHandleW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
SetLastError
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetProcessHeap
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
ResetEvent
WaitForSingleObject
SetEvent
ReleaseSemaphore
WaitForMultipleObjects
ResumeThread
SuspendThread
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreW
QueryPerformanceCounter
CreateEventW
EnterCriticalSection
LeaveCriticalSection
ReadFile
GetFileSize
SetCurrentDirectoryW
GetCurrentDirectoryW
LocalFree
FormatMessageW
CloseHandle
CreateFileW
CreateDirectoryW
DeleteFileW
CopyFileW
WideCharToMultiByte
MultiByteToWideChar
FindClose
GetLastError
FindFirstFileW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
QueryPerformanceFrequency
WriteConsoleW

user32

DrawIconEx
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
LoadImageW
TrackMouseEvent
IntersectRect
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
InflateRect
GetMenuItemInfoW
DestroyMenu
DestroyIcon
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
ClientToScreen
DeleteMenu
SystemParametersInfoW
CopyImage
IsDialogMessageW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetIconInfo
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
GetClientRect
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
SetForegroundWindow
BringWindowToTop
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
SetCursorPos
CopyIcon
FrameRect
SetWindowTextW
PostMessageW
UnregisterClassW
GetMenuStringW
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
LoadCursorW
GetSysColorBrush
GetSysColor
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongPtrW
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
PtInRect
GetSystemMenu
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
CharUpperW
GetSystemMetrics
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
GetDesktopWindow
EnableWindow
IsWindowEnabled
GetComboBoxInfo
MessageBoxW
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetLastActivePopup
PostQuitMessage
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
ShowOwnedPopups
SetCursor
UnhookWindowsHookEx
GetWindowTextW
GetWindowTextLengthW
GetDC
ReleaseDC
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetForegroundWindow

gdi32

CreateSolidBrush
DeleteDC
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
CreateRectRgn
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
DeleteObject
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
GetDeviceCaps
CreateDCW
CreateRectRgnIndirect
RectVisible
CopyMetaFileW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

DragFinish
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHAppBarMessage
SHGetSpecialFolderLocation
DragQueryFileW
SHGetDesktopFolder
ShellExecuteW

shlwapi

PathStripToRootW
UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
StrFormatKBSizeW

uxtheme

DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize

ole32

OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoDisconnectObject
CoInitialize
CoCreateInstance
CoUninitialize
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
OleCreateMenuDescriptor
ReleaseStgMedium

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantCopy
VariantChangeType
VarBstrFromDate
LoadTypeLi
VariantInit
SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString

winmm

PlaySoundW

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpReadData

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryDataAvailable
HttpOpenRequestW
InternetWriteFile
InternetSetFilePointer
InternetReadFile
HttpAddRequestHeadersW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetOpenW
InternetCloseHandle
InternetConnectW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipCreateBitmapFromHBITMAP
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipBitmapLockBits
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Exports

Exports

??0DownFileInfo@@QEAA@AEBV0@@Z
??0DownFileInfo@@QEAA@XZ
??0IDownLoader@@QEAA@XZ
??0ISynDownObj@@QEAA@XZ
??0IUpLoader@@QEAA@XZ
??0ZDownLoadNotify@@QEAA@AEBV0@@Z
??0ZDownLoadNotify@@QEAA@XZ
??0ZUpLoadNotify@@QEAA@AEBV0@@Z
??0ZUpLoadNotify@@QEAA@XZ
??1DownFileInfo@@QEAA@XZ
??1IDownLoader@@QEAA@XZ
??1ISynDownObj@@QEAA@XZ
??1IUpLoader@@QEAA@XZ
??1ZDownLoadNotify@@QEAA@XZ
??1ZUpLoadNotify@@QEAA@XZ
??4DownFileInfo@@QEAAXAEAV0@@Z
??4IDownLoader@@QEAAAEAV0@AEBV0@@Z
??4ISynDownObj@@QEAAAEAV0@AEBV0@@Z
??4IUpLoader@@QEAAAEAV0@AEBV0@@Z
??4ZDownLoadNotify@@QEAAAEAV0@AEBV0@@Z
??4ZUpLoadNotify@@QEAAAEAV0@AEBV0@@Z
??_7ZDownLoadNotify@@6B@
??_7ZUpLoadNotify@@6B@
?Continue@IDownLoader@@QEAAH_J@Z
?Delete@IDownLoader@@QEAAH_J@Z
?DownInfoByGUID@IDownLoader@@QEAAH_JAEAVDownFileInfo@@@Z
?DownUrl@ISynDownObj@@QEAA?AW4errCode@1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0H@Z
?GetRespond@IUpLoader@@QEAAH_JAEAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?IsWorking@IDownLoader@@QEAAHXZ
?LoadFrom@DownFileInfo@@QEAAXAEAVCFile@@@Z
?Pause@IDownLoader@@QEAAH_J@Z
?RegisterNotify@IDownLoader@@QEAAHPEAVZDownLoadNotify@@@Z
?RegisterNotify@IUpLoader@@QEAAHPEAVZUpLoadNotify@@@Z
?SaveTo@DownFileInfo@@QEAAXAEAVCFile@@@Z
?SetCancel@ISynDownObj@@QEAAXXZ
?SetContinue@ISynDownObj@@QEAA?AW4errCode@1@XZ
?SetDownNotify@ISynDownObj@@QEAAXPEAUHWND__@@PEAVZDownLoadNotify@@@Z
?SetNotifyWnd@IDownLoader@@QEAAXPEAUHWND__@@@Z
?SetNotifyWnd@IUpLoader@@QEAAXPEAUHWND__@@@Z
?SetPause@ISynDownObj@@QEAAXXZ
?StartDown@IDownLoader@@QEAA_JV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AEAV23@H@Z
?StartDown@IDownLoader@@QEAA_JV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?StartWork@IDownLoader@@QEAAXH@Z
?StartWork@IUpLoader@@QEAAXXZ
?Stop@IUpLoader@@QEAAH_J@Z
?UnRegisterNotify@IDownLoader@@QEAAXPEAVZDownLoadNotify@@@Z
?UnRegisterNotify@IUpLoader@@QEAAXPEAVZUpLoadNotify@@@Z
?UploadFileToURL@IUpLoader@@QEAA_JV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
?m_nGUIDBaseNumber@DownFileInfo@@1JA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1120ccc4e16b0d44893a51b135969c39

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

6d:03:ec:13:10:54:92:5d:15:4c:c0:ad:ac:83:c7:9aCertificate

Extended Key Usages

Key Usages

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

6d:03:ec:13:10:54:92:5d:15:4c:c0:ad:ac:83:c7:9aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a0:6c:b6:7e:43:94:10:c6:cb:b4:22:47:75:7e:7d:9b:57:30:72:ab:10:8d:de:bc:0e:11:3d:de:73:3c:bb:12Signer

de:cb:44:61:94:3b:72:17:77:ee:02:74:74:49:97:99:80:f4:55:5bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

winmm

winhttp

wininet

oleacc

gdiplus

imm32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 675KB - Virtual size: 675KB

.data Size: 29KB - Virtual size: 75KB

.pdata Size: 88KB - Virtual size: 88KB

.gfids Size: 104KB - Virtual size: 104KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 60KB - Virtual size: 59KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

6d:03:ec:13:10:54:92:5d:15:4c:c0:ad:ac:83:c7:9a
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

6d:03:ec:13:10:54:92:5d:15:4c:c0:ad:ac:83:c7:9a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a0:6c:b6:7e:43:94:10:c6:cb:b4:22:47:75:7e:7d:9b:57:30:72:ab:10:8d:de:bc:0e:11:3d:de:73:3c:bb:12
Signer

de:cb:44:61:94:3b:72:17:77:ee:02:74:74:49:97:99:80:f4:55:5b
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 675KB - Virtual size: 675KB

.data
Size: 29KB - Virtual size: 75KB

.pdata
Size: 88KB - Virtual size: 88KB

.gfids
Size: 104KB - Virtual size: 104KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 60KB - Virtual size: 59KB