2024-06-26_539c2aabbe489dd022c820c95a765cb6_icedid

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-26_539c2aabbe489dd022c820c95a765cb6_icedid
Size

1.2MB
MD5

539c2aabbe489dd022c820c95a765cb6
SHA1

73b2810460f8e8fa7d4f7a8e81c70908647d3003
SHA256

b8346ab9f07965d92ffd994cdebbc6fcec969578d039670b12fd05aaec8fa7ac
SHA512

47b30927ff992c2f70bc92da1aeb62ac8bf674c14aa817d4a17266e80e88a84968e44afd8462127298c3da733249b7ff54b55ab80cf1560c7d476a12fe5ed5b5
SSDEEP

12288:9EXWvbe5NA1XmRl6Lz9qqDEhqNta1GPDMXfDGIaiHuFX/wqJc23Px2tUeXLY:9aibe5N0A6/ghqNs1G7AafFX/wCd3/

Score

1^/10

Malware Config

Signatures

Files

2024-06-26_539c2aabbe489dd022c820c95a765cb6_icedid
.exe windows:5 windows x86 arch:x86

b3d801adb3963ca59be32e00ffbf9b2f

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:52:b1:16:55:fc:83:bd:29:68:75:72
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

30/07/2021, 07:04

Not After

04/05/2024, 11:48

Subject

SERIALNUMBER=91110108746729965F,CN=北京亿赛通科技发展有限责任公司,O=北京亿赛通科技发展有限责任公司,STREET=海淀区西二旗大街39号4层401,L=北京,ST=北京,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ce:db:c0:32:53:35:5d:d5:fe:53:bc:7e:c4:e8:75:53:1d:7f:a7:79:f8:88:8d:5e:26:a2:f6:bc:7c:c0:b1:4f
Signer

Actual PE Digest

ce:db:c0:32:53:35:5d:d5:fe:53:bc:7e:c4:e8:75:53:1d:7f:a7:79:f8:88:8d:5e:26:a2:f6:bc:7c:c0:b1:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\code\升级工具\Output\UpdatePatch\UpdatePatch.pdb

Imports

wtsapi32

WTSQueryUserToken

kernel32

GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
CreateFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
UnmapViewOfFile
FreeEnvironmentStringsW
OutputDebugStringW
SetHandleCount
SetEvent
OpenEventW
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
FindResourceW
SizeofResource
LockResource
LoadResource
GetPrivateProfileIntW
Sleep
GetPrivateProfileStringW
WinExec
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
CreateEventW
WaitForSingleObject
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
CreateToolhelp32Snapshot
Process32NextW
GetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
CreateThread
ExitThread
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
RaiseException
GetSystemTimeAsFileTime
RtlUnwind
GetStartupInfoW
GetTickCount
GetFileTime
CloseHandle
GetEnvironmentStringsW
Process32FirstW
GetCurrentProcessId
GetProcAddress
GetModuleHandleW
DeleteFileW
GetWindowsDirectoryW
GetLastError
CreateMutexW
GetFileSizeEx
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExW
SetErrorMode
GetCurrentDirectoryW
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedIncrement
GetAtomNameW
GetFullPathNameW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GlobalGetAtomNameW
lstrlenA
FileTimeToLocalFileTime
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
InterlockedDecrement
SuspendThread
ResumeThread
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeResource
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
MoveFileExW
GetModuleFileNameW
GetCommandLineW
GetCurrentProcess
CreateProcessW
GlobalUnlock
FormatMessageW
MulDiv
DeleteFileA
CreateDirectoryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringA
DeleteCriticalSection
WTSGetActiveConsoleSessionId
GetFileSize
SetFilePointer
SetUnhandledExceptionFilter
GetCurrentThreadId
ReleaseMutex
OpenMutexW
ExitProcess
GetLogicalDriveStringsW
GetComputerNameW
GetVolumeInformationW
LocalFree
GetProcessHeap
HeapAlloc
HeapFree
SetLastError
FileTimeToSystemTime
GetLocalTime
GetVersionExW
SystemTimeToFileTime
GetEnvironmentVariableA
GetModuleFileNameA
LoadLibraryW
FreeLibrary
WaitNamedPipeW
CreateFileW
WriteFile
GetExitCodeProcess
WritePrivateProfileStringW
OpenProcess
TerminateProcess
FindFirstFileW
FindNextFileW
FindClose
GetShortPathNameW
lstrcpyW
lstrcatW
SetPriorityClass
GetCurrentThread
SetThreadPriority
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesW
MoveFileW
GetEnvironmentVariableW
SetFileAttributesW
CopyFileW
GetSystemDirectoryW
GetNativeSystemInfo
GetVersion

user32

InsertMenuItemW
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorW
SetRectEmpty
IsZoomed
MapVirtualKeyW
GetKeyNameTextW
DestroyMenu
GetMenuItemInfoW
InflateRect
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
FillRect
LoadMenuW
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
LoadAcceleratorsW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
ReleaseCapture
GetMenuBarInfo
ReuseDDElParam
UnpackDDElParam
CharUpperW
GetSysColorBrush
GetDialogBaseUnits
UnregisterClassW
DeleteMenu
SetCapture
WindowFromPoint
WaitMessage
DestroyIcon
CharNextW
IsRectEmpty
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetParent
UnionRect
RegisterClipboardFormatW
GetDCEx
LockWindowUpdate
PostThreadMessageW
CallNextHookEx
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
SystemParametersInfoW
IsWindowVisible
EqualRect
IsWindow
GetParent
LoadCursorW
SetRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RedrawWindow
InvalidateRect
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuW
LoadIconW
wsprintfW
ExitWindowsEx
FindWindowW
PeekMessageW
PostQuitMessage
MessageBoxW
PostMessageW
LoadBitmapW
EnableWindow
KillTimer
SendMessageW
GetWindowRect
SetTimer
GetCapture
ValidateRect

gdi32

ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
GetCurrentPositionEx
CreatePen
ExtCreatePen
CreateHatchBrush
CreateFontIndirectW
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
GetTextMetricsW
GetTextColor
GetRgnBox
GetCharWidthW
StretchDIBits
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
StartDocW
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateFontW
StrokeAndFillPath
EndPath
BeginPath
CreateSolidBrush
GetBkColor
DPtoLP
GetMapMode
CreateCompatibleBitmap
LPtoDP
CreateCompatibleDC
BitBlt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetPixel
GetPixel
StretchBlt
GetObjectW
CreateBitmapIndirect
GetBitmapBits
DeleteObject
CreateDIBitmap
GetDeviceCaps
GetTextExtentPoint32W
PlayMetaFile
CreateDCW
CopyMetaFileW

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

GetAclInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegCreateKeyW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegSetValueW
GetUserNameA
GetTokenInformation
ConvertSidToStringSidW
RegQueryInfoKeyW
RegEnumKeyExW
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
LookupAccountNameW
GetFileSecurityW
GetSecurityDescriptorDacl
RegSetValueExW
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
GetSecurityDescriptorControl
SetFileSecurityW
RegFlushKey
ImpersonateLoggedOnUser
GetUserNameW
RevertToSelf
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueW

shell32

SHGetFileInfoW
SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteA
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExA
DragFinish
ExtractIconW
ShellExecuteW
DragQueryFileW

shlwapi

PathIsDirectoryEmptyW
PathFileExistsW
PathIsDirectoryW
PathCombineW
PathFileExistsA
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRun
CoInitializeEx
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
StringFromGUID2
OleFlushClipboard
CLSIDFromProgID
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoRegisterMessageFilter
CLSIDFromString
CoUninitialize
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SysAllocString
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayCreate
SystemTimeToVariantTime
SafeArrayGetDim
VarDateFromStr

filelock

ResetWatchDog
KillWatchDog
StartRelate
EnterPassFilter
EnterOldFilter
StopFilter
StopLog
GetFilterStatus
GetLogStatus
AddPassProc
StartFilter
StartLog
LeavePassFilter
StopRelate
InstallDeviceDriver
ord355

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dbghelp

MiniDumpWriteDump

sqlite

sqlite3_free
sqlite3_exec
sqlite3_close
sqlite3_open16

ws2_32

inet_ntoa
WSACleanup
gethostbyname
WSAStartup
gethostname

Exports

Exports

??0CCdgExchg@@QAE@ABV0@@Z
??0CCdgExchg@@QAE@XZ
??1CCdgExchg@@UAE@XZ
??4CCdgExchg@@QAEAAV0@ABV0@@Z
??_7CCdgExchg@@6B@
?AddDy@CCdgExchg@@QAEHK@Z
?AddInfo@CCdgExchg@@QAEHAAU_CDG_EXCHG_INFO@@@Z
?AddNewProcess@CCdgExchg@@QAEXK@Z
?DelDy@CCdgExchg@@QAEHK@Z
?DeleteInfo@CCdgExchg@@QAEHK@Z
?GetAllInfo@CCdgExchg@@QAEHPAU_CDG_EXCHG_INFO@@@Z
?GetCDGKey@CCdgExchg@@QAEXPAD@Z
?GetConnectSer@CCdgExchg@@QAEHXZ
?GetContentSafe@CCdgExchg@@QAEXAAU_SHARE_CONTENTSECURITY@@@Z
?GetCount@CCdgExchg@@QAEHXZ
?GetCurrentIpPort@CCdgExchg@@QAEXPAD0@Z
?GetDefaultUserNameAndPsw@CCdgExchg@@QAEXPAD00@Z
?GetDy@CCdgExchg@@QAEHK@Z
?GetDyAll@CCdgExchg@@QAEHPAK@Z
?GetDyCount@CCdgExchg@@QAEHXZ
?GetDyKey@CCdgExchg@@QAEXPAD@Z
?GetDyKeyname@@YAXPAD@Z
?GetDyMailWhite@CCdgExchg@@QAEXPAD@Z
?GetInfo@CCdgExchg@@QAEHKAAU_CDG_EXCHG_INFO@@@Z
?GetInfo_doc@CCdgExchg@@QAEHK@Z
?GetInfo_doc@CCdgExchg@@QAEHKAAU_CDG_EXCHG_INFO@@@Z
?GetLogRecordType@CCdgExchg@@QAEXAAULogRecordType@@@Z
?GetMultiKeyListInfo@CCdgExchg@@QAEHPAU_MultiKey_Policy@@@Z
?GetNewProcess@CCdgExchg@@QAEHPAK@Z
?GetPolicy@CCdgExchg@@QAEHPAU_Encrypt_Policy@@@Z
?GetPrintPolicy@CCdgExchg@@QAEXAAU_PRINT_EXCHG_INFO@@@Z
?GetSetupType@CCdgExchg@@QAEKXZ
?GetSignatureExe@CCdgExchg@@QAEHPAD@Z
?GetSignaturePro@CCdgExchg@@QAEHPAU_Signature_Pro@@@Z
?GetTerminalInfo@CCdgExchg@@QAEXAAUCLIENTTERMINAL@@@Z
?GetUserNameAndPsw@@YAXPAD0@Z
?GetUserOperate@CCdgExchg@@QAEXAAUUserOperate@@@Z
?GetWaterMarkFlag@CCdgExchg@@QAE_NAAH@Z
?GethookWhiteList@CCdgExchg@@QAEXPAD@Z
?GetprotectScreen@CCdgExchg@@QAEXPAD@Z
?SetCDGKey@CCdgExchg@@QAEXPAD@Z
?SetConnectSer@CCdgExchg@@QAEXH@Z
?SetContentSafe@CCdgExchg@@QAEXU_SHARE_CONTENTSECURITY@@@Z
?SetCurrentIpPort@CCdgExchg@@QAEXPBD0@Z
?SetDefaultUserNameAndPsw@CCdgExchg@@QAEXPBD00@Z
?SetDyKey@CCdgExchg@@QAEXPAD@Z
?SetDyMailWhite@CCdgExchg@@QAEXPAD@Z
?SetInfo_doc@CCdgExchg@@QAEHKAAU_CDG_EXCHG_INFO@@@Z
?SetLogRecordType@CCdgExchg@@QAEXULogRecordType@@@Z
?SetMultiKeyListInfo@CCdgExchg@@QAEXPAU_MultiKey_Policy@@H@Z
?SetPolicy@CCdgExchg@@QAEXPAU_Encrypt_Policy@@H@Z
?SetPrintPolicy@CCdgExchg@@QAEXAAU_PRINT_EXCHG_INFO@@@Z
?SetSetupType@CCdgExchg@@QAEXK@Z
?SetSignatureExe@CCdgExchg@@QAEXPAD@Z
?SetSignaturePro@CCdgExchg@@QAEXPAU_Signature_Pro@@H@Z
?SetTerminalInfo@CCdgExchg@@QAEXUCLIENTTERMINAL@@@Z
?SetUserOperate@CCdgExchg@@QAEXUUserOperate@@@Z
?SetWaterMarkFlag@CCdgExchg@@QAE_NH@Z
?SethookWhietList@CCdgExchg@@QAEXPAD@Z
?SetprotectScreen@CCdgExchg@@QAEXPAD@Z
?SignatureAddFakeID@CCdgExchg@@QAEXK@Z
?SignatureAddHookID@CCdgExchg@@QAEXK@Z
?SignatureDelFakeID@CCdgExchg@@QAEXK@Z
?SignatureDelHookID@CCdgExchg@@QAEXK@Z
?SignatureFindFakeID@CCdgExchg@@QAEHK@Z
?SignatureFindHookID@CCdgExchg@@QAEHK@Z

Sections

.text
Size: 786KB - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3d801adb3963ca59be32e00ffbf9b2f

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

42:52:b1:16:55:fc:83:bd:29:68:75:72Certificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

ce:db:c0:32:53:35:5d:d5:fe:53:bc:7e:c4:e8:75:53:1d:7f:a7:79:f8:88:8d:5e:26:a2:f6:bc:7c:c0:b1:4fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

filelock

iphlpapi

version

dbghelp

sqlite

ws2_32

Exports

Exports

Sections

.text Size: 786KB - Virtual size: 786KB

.rdata Size: 191KB - Virtual size: 190KB

.data Size: 20KB - Virtual size: 38KB

.rsrc Size: 174KB - Virtual size: 174KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

42:52:b1:16:55:fc:83:bd:29:68:75:72
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

ce:db:c0:32:53:35:5d:d5:fe:53:bc:7e:c4:e8:75:53:1d:7f:a7:79:f8:88:8d:5e:26:a2:f6:bc:7c:c0:b1:4f
Signer

.text
Size: 786KB - Virtual size: 786KB

.rdata
Size: 191KB - Virtual size: 190KB

.data
Size: 20KB - Virtual size: 38KB

.rsrc
Size: 174KB - Virtual size: 174KB