43348d51b1977041e699dc57b3de5098e6697a2c2b2b956d63be154593640365_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

43348d51b1977041e699dc57b3de5098e6697a2c2b2b956d63be154593640365_NeikiAnalytics.exe
Size

2.3MB
MD5

d714ca13badb1853748888e09897c1c0
SHA1

53b377c9f69224e2de7daf03f2ac58e432e4c3d5
SHA256

43348d51b1977041e699dc57b3de5098e6697a2c2b2b956d63be154593640365
SHA512

e7146a868cdfed3361d86ce2142edc9e6ef4d4c60f68f1eac637a7025823f7af0979f664ad53796972257ddf911065259865a345984e5a19a13ba4b0bb9f71b7
SSDEEP

49152:5KowkxFdB27z4s8M1RckCPhxzE3bjgix4ctrJS9B4US/WeKaDIVh:5Ek67F8M1RckGxzE3bjgixRrJaB4US/6

Score

1^/10

Malware Config

Signatures

Files

43348d51b1977041e699dc57b3de5098e6697a2c2b2b956d63be154593640365_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

0ff21742b9c3c7637a8ae394aaac3b4a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18-12-2008 00:00

Not After

18-12-2011 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

98:02:fc:23:ad:13:5f:e0:76:3f:8f:a2:99:ba:bf:d5:af:58:b5:dc
Signer

Actual PE Digest

98:02:fc:23:ad:13:5f:e0:76:3f:8f:a2:99:ba:bf:d5:af:58:b5:dc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Hudson_Root\workspace\CSI_Bootstrap\csi_bootstrap\Release\Autorun.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

bootstraplibrary

?Get_Attribute_Count@XML_PARSER@@QAEHXZ
?Get_Attribute_Value@XML_PARSER@@QAEAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?Is_Having_Attribute@XML_PARSER@@QAE_NPB_W@Z
?Get_TextValue@XML_PARSER@@QAEAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?Get_CurrentName@XML_PARSER@@QAEAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?Is_Child_of@XML_PARSER@@QAE_NPB_W@Z
?Is_Tag@XML_PARSER@@QAE_NPB_W@Z
?Load_XML_Document@XML_PARSER@@QAE_NPB_W@Z
??1XML_PARSER@@UAE@XZ
??0XML_PARSER@@QAE@XZ
?LogClose@CBootstrapLog@@SAXXZ
?LogEntry@CBootstrapLog@@SA_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?LogOpen@CBootstrapLog@@SA_NXZ
?BootstrapInstallerConfigInit@CBootstrapInit@@QAE_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?BootstrapConfigInit@CBootstrapInit@@QAE?AVCBootstrapConfigItem@@XZ
?Get_Attribute_Name@XML_PARSER@@QAEAAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?SystemShutdown@RebootNow@@QAE_NXZ
?SetRebootFlag@RebootNow@@QAE_NXZ
?IsRebootFlagSet@RebootNow@@QAE_NXZ
?DeleteRebootFlag@RebootNow@@QAE_NXZ
??0RebootNow@@QAE@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?RegistrySetString@CBootstrapPrereqCheck@@QAE_NPAUHKEY__@@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@11@Z
?TestDotNetDetection@CBootstrapPrereqCheck@@QAE?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?IsDotNet35SPInstalled@CBootstrapPrereqCheck@@QAE_NH@Z
?IsWinInstallerInstalled@CBootstrapPrereqCheck@@QAE_NXZ
?isCurrentUserAdmin@ConditionChecker@@QAE_NXZ
?IsServer2008R2OrLaterServer@ConditionChecker@@QAE_NXZ
?getTotalRAM@ConditionChecker@@QAE_KXZ
?getLanguage@ConditionChecker@@QAE?AW4HPLocalizationLanguageType@@XZ
?getOSMajorVersion@ConditionChecker@@QAEHXZ
??1ConditionChecker@@QAE@XZ
??0ConditionChecker@@QAE@XZ
?InstallMSApp@CBootstrapLaunch@@QAE?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V23@@Z
??0DriverPreload@@QAE@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
?RunDPInst@DriverPreload@@QAEHXZ
??0EvaluateSystem@@QAE@XZ
??1EvaluateSystem@@QAE@XZ
?SaveSystemConditionItems@EvaluateSystem@@QAEXPAVSystemConditionItems@@@Z
?SaveSystemCheckConditions@EvaluateSystem@@QAEXPAVSystemCheckConditions@@@Z
?IsSystemBlocked@EvaluateSystem@@QAE_NPAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?IsSystemSupported@EvaluateSystem@@QAE_NPAV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
??1SystemConditionItem@@QAE@XZ
?LaunchCSI@CBootstrapLaunch@@QAE_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@00_N@Z
?WasSystemRebooted@RebootNow@@QAEHXZ

kernel32

WriteConsoleW
SetEnvironmentVariableA
IsProcessorFeaturePresent
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
CreateThread
ExitThread
GetFileType
SetStdHandle
ExitProcess
GetTimeZoneInformation
RaiseException
RtlUnwind
HeapFree
HeapAlloc
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
VirtualProtect
Sleep
GetProfileIntW
SearchPathW
GetTempPathW
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
InitializeCriticalSectionAndSpinCount
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapReAlloc
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
lstrcpyW
lstrlenA
GlobalGetAtomNameW
InterlockedIncrement
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetTickCount
CopyFileW
GlobalSize
FormatMessageW
LocalFree
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
GlobalUnlock
GlobalFree
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExW
CreateFileW
GetCurrentProcessId
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringA
GlobalLock
GlobalAlloc
InterlockedExchange
lstrlenW
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
GetModuleHandleW
GetProcAddress
CompareStringW
ActivateActCtx
DeactivateActCtx
SetLastError
lstrcmpW
MulDiv
DeleteFileW
CloseHandle
OpenEventW
SetCurrentDirectoryW
CreateEventW
LockResource
GetLocalTime
GetCurrentDirectoryW
GetLastError
MultiByteToWideChar
GetModuleFileNameW
SizeofResource
LoadLibraryW
WideCharToMultiByte
GetUserDefaultLCID
LoadResource
FreeLibrary
FindResourceW
GetStdHandle

user32

SetMenuDefaultItem
UpdateLayeredWindow
UnionRect
SetCursorPos
SetRect
DrawFrameControl
DrawEdge
DrawIconEx
GetNextDlgGroupItem
GetIconInfo
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
GetMenuDefaultItem
EmptyClipboard
CloseClipboard
SetClipboardData
CopyImage
OpenClipboard
DrawStateW
EnumChildWindows
LockWindowUpdate
IsRectEmpty
IsMenu
GetSystemMenu
MonitorFromPoint
ReuseDDElParam
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
SetClassLongW
SetParent
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableW
LoadAcceleratorsW
DestroyAcceleratorTable
GetAsyncKeyState
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
PostThreadMessageW
IntersectRect
UnregisterClassW
CharUpperW
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
DeleteMenu
LoadCursorW
GetSysColorBrush
RealChildWindowFromPoint
DestroyMenu
GetMenuItemInfoW
InflateRect
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
CheckDlgButton
SystemParametersInfoW
OffsetRect
MessageBeep
IsZoomed
RegisterClipboardFormatW
GetMenuStringW
AppendMenuW
InsertMenuW
IsCharLowerW
GetKeyNameTextW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMessageW
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
GetWindowThreadProcessId
IsWindowEnabled
ShowOwnedPopups
SetCursor
PostQuitMessage
LoadMenuW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
MapVirtualKeyExW
IsClipboardFormatAvailable
DefFrameProcW
DestroyCursor
GetWindowRgn
MapDialogRect
GetDoubleClickTime
CreateMenu
SubtractRect
CopyIcon
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
CharUpperBuffW
GetUpdateRect
FrameRect
TranslateMDISysAccel
DrawMenuBar
MapVirtualKeyW
DefMDIChildProcW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetParent
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
SetWindowLongW
SetWindowPos
GetWindow
FillRect
RedrawWindow
GetSysColor
InvalidateRect
SetTimer
KillTimer
UpdateWindow
PostMessageW
IsIconic
LoadImageW
DrawIcon
GetClientRect
GetSystemMetrics
SendMessageW
EnableWindow
FindWindowW
MessageBoxW
RemoveMenu
UnpackDDElParam

gdi32

CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
CopyMetaFileW
GetTextExtentPoint32W
CreateDIBitmap
CreateCompatibleBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
DPtoLP
OffsetRgn
GetRgnBox
CreateRoundRectRgn
Escape
GetTextColor
SetDIBColorTable
GetDIBits
RealizePalette
StretchBlt
SetPixel
CreateDIBSection
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
CreateEllipticRgn
Polyline
Ellipse
Polygon
Rectangle
EnumFontFamiliesExW
GetWindowOrgEx
LPtoDP
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
ExtTextOutW
TextOutW
RectVisible
CreatePolygonRgn
CreatePen
PtVisible
GetObjectType
SelectPalette
CreateCompatibleDC
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateDCW
GetStockObject
CreateFontIndirectW
GetObjectW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
SelectObject
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
DeleteDC
GetDeviceCaps

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumValueW

shell32

DragFinish
SHGetFolderPathW
SHGetFileInfoW
SHGetDesktopFolder
ShellExecuteW
SHAppBarMessage
DragQueryFileW
SHCreateDirectoryExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathStripToRootW
PathFindFileNameW
PathIsUNCW

ole32

OleCreateMenuDescriptor
OleGetClipboard
DoDragDrop
OleLockRunning
CoInitializeEx
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoUninitialize
CoCreateInstance
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoTaskMemFree
CoCreateGuid
IsAccelerator
OleTranslateAccelerator
CoInitialize
OleDestroyMenuDescriptor

oleaut32

VarBstrFromDate
SysFreeString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageRectI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Exports

Exports

??0CBootstrapConfigItem@@QAE@ABV0@@Z
??0CBootstrapConfigItem@@QAE@XZ
??0CBootstrapInit@@QAE@XZ
??0CBootstrapLaunch@@QAE@XZ
??0CBootstrapLog@@QAE@XZ
??0CBootstrapPrereqCheck@@QAE@ABV0@@Z
??0CBootstrapPrereqCheck@@QAE@XZ
??0CInstallerConfigItem@@QAE@ABV0@@Z
??0CInstallerConfigItem@@QAE@XZ
??0ConditionChecker@@QAE@ABV0@@Z
??0DriverPreload@@QAE@ABV0@@Z
??0InstallerConfig@@QAE@XZ
??0RebootNow@@QAE@ABV0@@Z
??0SystemChecksManager@@QAE@ABV0@@Z
??0SystemConditionItem@@QAE@ABV0@@Z
??1CBootstrapConfigItem@@QAE@XZ
??1CBootstrapInit@@QAE@XZ
??1CBootstrapPrereqCheck@@QAE@XZ
??1CInstallerConfigItem@@QAE@XZ
??1DriverPreload@@QAE@XZ
??1InstallerConfig@@QAE@XZ
??1RebootNow@@QAE@XZ
??4CBootstrapConfigItem@@QAEAAV0@ABV0@@Z
??4CBootstrapLaunch@@QAEAAV0@ABV0@@Z
??4CBootstrapLog@@QAEAAV0@ABV0@@Z
??4CBootstrapPrereqCheck@@QAEAAV0@ABV0@@Z
??4CInstallerConfigItem@@QAEAAV0@ABV0@@Z
??4ConditionChecker@@QAEAAV0@ABV0@@Z
??4DriverPreload@@QAEAAV0@ABV0@@Z
??4ExpressionEvaluator@@QAEAAV0@ABV0@@Z
??4RebootNow@@QAEAAV0@ABV0@@Z
??4SystemChecksManager@@QAEAAV0@ABV0@@Z
??4SystemConditionItem@@QAEAAV0@ABV0@@Z
?Parse@InstallerConfig@@QAE_NV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 581KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ff21742b9c3c7637a8ae394aaac3b4a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cfCertificate

Extended Key Usages

Key Usages

98:02:fc:23:ad:13:5f:e0:76:3f:8f:a2:99:ba:bf:d5:af:58:b5:dcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

bootstraplibrary

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 322KB - Virtual size: 321KB

.data Size: 24KB - Virtual size: 54KB

.rsrc Size: 581KB - Virtual size: 581KB

.reloc Size: 169KB - Virtual size: 169KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

98:02:fc:23:ad:13:5f:e0:76:3f:8f:a2:99:ba:bf:d5:af:58:b5:dc
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 322KB - Virtual size: 321KB

.data
Size: 24KB - Virtual size: 54KB

.rsrc
Size: 581KB - Virtual size: 581KB

.reloc
Size: 169KB - Virtual size: 169KB