61a08865374814728aa3e3e54ecb466aa22cdf5b47587b4e8f382c9443ea10ce

Sharing

Copy URL Twitter E-mail

General

Target

61a08865374814728aa3e3e54ecb466aa22cdf5b47587b4e8f382c9443ea10ce
Size

1.2MB
MD5

663ce3b9bc000b1cb837f76b1d114e77
SHA1

3449c7e6c651bc7c51b8f836d7f8cc5d4e4de30d
SHA256

61a08865374814728aa3e3e54ecb466aa22cdf5b47587b4e8f382c9443ea10ce
SHA512

6f4b4fab90d500f536bc38ccb14514028cd723eb56e25aeb32cf6ca1ea546bb793a80f5a515f94db1bf534117abb3dade41eeafe08e85aab829f6030a4f49126
SSDEEP

12288:DluFSS3Zz65Ls4i2BviBRW5rYrPHqKzDzpBei8Mc5J:DliSSJ6+Z2Bgq4si8Mc5J

Score

1^/10

Malware Config

Signatures

Files

61a08865374814728aa3e3e54ecb466aa22cdf5b47587b4e8f382c9443ea10ce
.exe windows:5 windows x86 arch:x86

bcb171e02c557eb62d9019eb5b1b2002

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:1a:c8:c1:a8:09:98:3f:2c:b5:14:3d:18:70:8c:7b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/04/2011, 00:00

Not After

18/04/2014, 23:59

Subject

CN=SAP AG,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=SAP Production CSA 2011,O=SAP AG,L=Walldorf/Baden,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\depot\bas\720_EXT_REL\fes_730_REL\src\opt\ntintel\saplogon.pdb

Imports

sapfewuimsg

?Cleanup_Local_Data@@YAHXZ

sapfewcb

?GetRuntimeClass@CBubble@@UBEPAUCRuntimeClass@@XZ
??0CBubble@@QAE@XZ
?Create@CBubble@@QAEHPAVCWnd@@@Z
?Track@CBubble@@QAEXVCPoint@@ABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HVCRect@@HPAVCWnd@@H@Z
??1CBubble@@UAE@XZ
?DestroyWindow@CBubble@@UAEHXZ
?GetMessageMap@CBubble@@MBEPBUAFX_MSGMAP@@XZ

sapfewrm

RmIsCorbuDesign
RmUseSMCRendering
RmIsSystemHighContrast
IsAnimatedFocus
RmIsHighContrastTheme
RmUseCorbuIcons

saplgmgr_proxy

SlgDataManSetEntryAttribute
SlgDataManGetEntryKeys
SlgDataManGetFolderAttributes
SlgDataManGetLogonParamtersByKey
SlgDataManSetFolderAttribute
SlgDataManGetEntryData
SlgDataManExit
SlgDataManInit
SlgDataManGetDataFile
SlgDataManGetFolderAttribute
SlgDataManGetEntryAttribute
SlgDataManAddEntryToFolder
SlgDataManMoveEntry
SlgDataManAddEntryLinkToFolder
SlgDataManMoveFolder
SlgDataManChangeEntry
SlgDataManGetSapLogonObject
SlgDataManAddFolder
SlgDataManRenameFolder
SlgDataManDeleteFolder
SlgDataManDeleteEntry
SlgDataManGetSubFolderKeys
SlgDataManGetLogonParamtersByProperties
SlgDataManAddVariableEntry

saplgnui

SLU_StartConnectionWizard
SLU_InitSapLogonUI
SLU_ExitSapLogonUI
SLU_StartSysPropDlg

sapthmcust

SapThemeSystemSettinsDlg

sapshlib

SetShortcutProperty
LoadShortcutFromCommandLine
CreateShortcut
GetShortcutCommandLine
InitShortcut
OperateShortcut
ExitShortcut
GetShortcutProperty
SetShortcutProperties
GetShortcutProperties
LoadShortcutFromFile
EditShortcut

sapguilib

FewGuiGetProperty
FewGuiRun
FewGuiInit
FewGuiDelete
FewGuiExit
FewGuiGetFrontProperty
FewGuiGetFrontHandles
FewGuiTerminateFront
FewGuiCreate
FewGuiSetProperty

saplgdll

?DllGetClassFactoryObject@@YAJPAPAVICSLFactory@@@Z

sapfewut

Secure_Dll_Load
Use720SapLogonAndUnifiedOptionsDlg
ShowSapguiHelp
SAPLoadLibrary
SAPFreeLibrary
IsInsideSAPDomain
InitTraceDir
ScriptingEnabledByAdmin
ScriptingEnabledByUser
getRegValBool
InitBuffer
GetTmpDir
Is_Delete_Read_Only_Files_Enabled
Empty_Folder
getRegValString
GetRegValInt

sappctxt

SapPcTxtGetInfo
SapPcTxtRead
SapPcTxtUnLoad
SapPcTxtLoad
SapPcTxtSetDefaultLanguage
SapPcTxtGetDefaultLanguage

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

sapfhook

SapHookExit
SapHookInit

sapfewed

SapRaiseGlobalEvent
SapUnregisterGlobalEvent
SapRegisterGlobalEvent

sapfdraw

SapDrw32DrawOuterFrame
SapGetIDrawing
ShowShadowBorder
SapIsThemeActive
UseSMCRendering
GetMainframeScalePercentage
SapGetFontFromIndex
BringAnimatedFocusToTop
SetAnimatedFocusScreenPos
SapDrawPushbutton
SapDrw32SetFontScale
HideAnimatedFocus
SapGetSystemMetrics
SapGetTextRect
SapDrw32DrawLogonToolBar

sapthmdrw

?CloseMsThemeDataHandles@@YAXXZ
?SapDrawThemePushbutton@@YAXPAUHDC__@@PBDPAUtagRECT@@2PAUHFONT__@@KPAUHBITMAP__@@PAU_IMAGELIST@@H@Z
?SapIsXPThemeActive@@YAHXZ
?OpenMsThemeDataHandles@@YAXXZ

gdiplus

GdiplusStartup
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipFree
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdiplusShutdown

sapfewcls

??0CMyBitmap@@QAE@XZ
??1CMyBitmap@@UAE@XZ
?GetRuntimeClass@CMyBitmap@@UBEPAUCRuntimeClass@@XZ
?Init@CSapBitmapDll@@QAEHXZ
?LoadBitmapA@CMyBitmap@@QAEHPBD@Z
?SapBitmapDll@@3VCSapBitmapDll@@A

sapfewdr

?DrawBitmap@CMyDraw@@QAEHPAVCDC@@PAVCBitmap@@HHHHKHPBD@Z
?MyDraw@@3VCMyDraw@@A

sapfewnls

?CharSetOfSapCodePage@CMyImeCall@@QBEEI@Z
myImeCall

mfc100

ord469
ord11627
ord7875
ord2611
ord1929
ord3439
ord5837
ord5774
ord6047
ord1900
ord1292
ord266
ord3839
ord265
ord300
ord6835
ord888
ord1890
ord2617
ord1985
ord4078
ord13137
ord13131
ord12720
ord6207
ord2184
ord5875
ord3746
ord7863
ord3475
ord2187
ord4344
ord4345
ord3390
ord5858
ord5302
ord8228
ord3744
ord1012
ord4343
ord10030
ord1210
ord788
ord12438
ord12344
ord12095
ord12430
ord12962
ord13095
ord12865
ord13181
ord5007
ord8554
ord7933
ord6961
ord1281
ord1267
ord869
ord12097
ord5141
ord880
ord2770
ord2769
ord457
ord12440
ord6010
ord2056
ord11274
ord13310
ord7206
ord7871
ord3404
ord11744
ord11297
ord13329
ord7042
ord7193
ord1004
ord5054
ord11512
ord4149
ord1437
ord12090
ord11487
ord1606
ord827
ord1232
ord6641
ord6293
ord4092
ord4095
ord4094
ord13518
ord322
ord918
ord5279
ord1208
ord1317
ord11281
ord10932
ord775
ord342
ord12719
ord12094
ord1440
ord1016
ord11473
ord5492
ord467
ord1315
ord7620
ord826
ord761
ord6033
ord5118
ord13243
ord13279
ord5216
ord13278
ord1201
ord1996
ord2183
ord11924
ord6117
ord2406
ord2088
ord917
ord11943
ord341
ord5208
ord11277
ord977
ord10906
ord421
ord943
ord12128
ord374
ord6836
ord6634
ord6671
ord2067
ord1941
ord6896
ord7598
ord3871
ord12096
ord5175
ord12285
ord11475
ord900
ord290
ord4499
ord968
ord2138
ord5830
ord2219
ord3988
ord6098
ord5432
ord8234
ord2841
ord2939
ord3758
ord1271
ord7622
ord12209
ord4600
ord5494
ord4464
ord5163
ord11513
ord1187
ord3604
ord741
ord3488
ord7892
ord11461
ord6314
ord6063
ord1231
ord1263
ord7832
ord1939
ord6054
ord5776
ord4341
ord10852
ord301
ord915
ord5777
ord8222
ord2742
ord6090
ord8231
ord2838
ord3755
ord8465
ord11882
ord11229
ord5821
ord6971
ord10357
ord3373
ord11431
ord751
ord5782
ord5113
ord6978
ord8106
ord1018
ord12790
ord7491
ord7927
ord11940
ord3426
ord2901
ord4782
ord7474
ord4317
ord2818
ord468
ord752
ord877
ord1276
ord1193
ord1017
ord262
ord7621
ord11439
ord4993
ord2190
ord740
ord1441
ord11408
ord11941
ord13048
ord4656
ord2872
ord11781
ord4143
ord1854
ord1894
ord6369
ord3963
ord6694
ord11413
ord7144
ord13483
ord13480
ord13485
ord13482
ord13484
ord13481
ord3409
ord5238
ord11172
ord11180
ord7355
ord9449
ord11184
ord11153
ord11787
ord5098
ord9281
ord6112
ord1288
ord4144
ord1294
ord1442
ord7311
ord2422
ord3970
ord6678
ord4553
ord4283
ord1982
ord9475
ord12868
ord4785
ord13219
ord3254
ord3842
ord946
ord11067
ord8137
ord10007
ord10360
ord3620
ord2974
ord2973
ord2752
ord5532
ord12531
ord2416
ord8235
ord11107
ord8305
ord5803
ord381
ord316
ord1316
ord1483
ord310
ord1479
ord901
ord9318
ord7859
ord3739
ord2743
ord8223
ord1495
ord4371
ord4413
ord4404
ord5278
ord5780
ord1011
ord2409
ord13280
ord3431
ord2614
ord5534
ord12535
ord2881
ord2878
ord7349
ord2417
ord14059
ord14061
ord14060
ord14058
ord14062
ord14045
ord13972
ord13973
ord11025
ord3395
ord10883
ord13294
ord8070
ord11154
ord6217
ord9994
ord8351
ord2847
ord12644
ord11190
ord11188
ord1496
ord1503
ord1509
ord1507
ord1514
ord4373
ord4410
ord4381
ord4393
ord4389
ord4385
ord4415
ord4406
ord4377
ord4419
ord4398
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord11060
ord3484
ord2945
ord2944
ord2846
ord11103
ord4622
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord5444
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8304
ord895
ord4340
ord2063
ord2061
ord5242
ord305
ord5207
ord1448
ord13045
ord2626
ord1296
ord7487
ord7876
ord7322
ord7837
ord1313
ord4498
ord7584
ord7510
ord11726
ord13767
ord4724
ord2163
ord11420
ord11421
ord13301
ord7073
ord13299
ord8486
ord3676
ord3618
ord7091
ord11806
ord1732
ord14075
ord3486
ord10922
ord906
ord2090
ord2040
ord1940
ord323
ord1297
ord6970
ord2025

msvcr100

__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
_onexit
_lock
__dllonexit
_recalloc
labs
getenv
_access
_errno
_itoa
sprintf
strcpy
memcmp
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_configthreadlocale
memcpy
_mbsnbcpy
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
_mbsrchr
fopen_s
memmove_s
vfprintf
fflush
strftime
_time64
_localtime64_s
calloc
qsort
ldiv
_ismbcprint
_vscprintf
sscanf_s
_makepath_s
_mbsicmp
swprintf_s
strcat_s
system
_resetstkoflw
free
malloc
_initterm_e
memmove
_initterm
memcpy_s
getenv_s
__iob_func
fprintf
vsprintf_s
__CxxFrameHandler3
_splitpath_s
sprintf_s
memset
strcpy_s
_mbslwr_s
_mbsnbicmp
_mbscmp
_mbsstr
_mbspbrk
_mbsnbcpy_s
_putenv
_setmbcp
_mbsnbcat_s
atoi
_itoa_s
strlen
_unlock

kernel32

TlsFree
TlsAlloc
InitializeCriticalSection
VirtualProtect
SetUnhandledExceptionFilter
DeleteCriticalSection
VirtualFree
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
VirtualQuery
GetFileInformationByHandle
FileTimeToLocalFileTime
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetTickCount
GetSystemTime
Sleep
GetCurrentThreadId
OutputDebugStringA
SetFileAttributesA
WritePrivateProfileStringA
FormatMessageA
LocalFree
GetPrivateProfileIntA
GetPrivateProfileStringA
GetUserDefaultLCID
EnterCriticalSection
LeaveCriticalSection
GlobalAlloc
GlobalFree
GetLocalTime
CreateFileA
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
lstrlenW
GetSystemDefaultLangID
GetFileTime
FileTimeToSystemTime
GetModuleFileNameA
VirtualAlloc
EncodePointer
GetCurrentProcess
GetCurrentThread
TlsSetValue
TlsGetValue
GetWindowsDirectoryA
CreateDirectoryA
GetTempPathA
InterlockedExchange
LoadResource
FindResourceA
LocalAlloc
DecodePointer
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
lstrlenA
RaiseException
MultiByteToWideChar
GetFileAttributesA
GetEnvironmentVariableA
ActivateActCtx
DeactivateActCtx
SetLastError
LoadLibraryA
lstrcpynA
InterlockedIncrement
GetVersionExA
GetProcAddress
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedDecrement
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
GetCurrentProcessId
GetCurrentDirectoryA
CreateSemaphoreA
CloseHandle
GetLastError
TerminateThread

user32

GetWindowTextA
MessageBoxA
EnumWindows
RegisterWindowMessageA
LoadIconW
GetFocus
MessageBeep
DestroyIcon
ClientToScreen
GetCursor
RemovePropA
SetFocus
ToAscii
MapVirtualKeyA
GetKeyboardState
SetPropA
GetKeyState
IsRectEmpty
PtInRect
SetRect
InflateRect
UnionRect
DrawEdge
DrawFocusRect
CheckMenuItem
GetMenuItemCount
GetSubMenu
SetForegroundWindow
LockWindowUpdate
GetActiveWindow
GetParent
SetLayeredWindowAttributes
GetClassNameA
DrawTextA
DrawIconEx
EnableWindow
DrawIcon
CreatePopupMenu
AppendMenuA
GetSysColor
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
GetWindow
GetDlgCtrlID
SetWindowTextA
IsWindowEnabled
FindWindowA
MessageBoxIndirectA
ShowScrollBar
RedrawWindow
EnumThreadWindows
UpdateLayeredWindow
OffsetRect
EndPaint
BeginPaint
PostMessageA
SendMessageTimeoutA
GetWindowDC
SendMessageA
ReleaseDC
GetDC
MonitorFromRect
GetMonitorInfoA
CopyRect
KillTimer
SetTimer
SetRectEmpty
GetDesktopWindow
SetParent
DestroyMenu
SetWindowPos
EnableMenuItem
GetSystemMenu
IsIconic
GetWindowRect
GetClientRect
ScreenToClient
UpdateWindow
InvalidateRect
IsWindowVisible
GetForegroundWindow
LoadCursorA
GetSystemMetrics
GetCursorPos
LoadIconA
IsWindow
SetWindowLongA
ShowWindow
IsZoomed
LoadBitmapW
SetCursor
SystemParametersInfoA
GetWindowLongA

gdi32

GetClipBox
SetViewportOrgEx
GetViewportOrgEx
SetDIBColorTable
DeleteDC
DeleteObject
SetLayout
CreatePen
GetStockObject
SelectObject
SetBkMode
CreateDIBitmap
BitBlt
RealizePalette
GetDeviceCaps
CreateCompatibleDC
CreatePalette
CreateDIBSection
GetTextExtentPoint32A
GetObjectA

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegSetValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenThreadToken

shell32

Shell_NotifyIconA
ShellExecuteA
DragQueryFileA

ole32

CoCreateInstance
OleDestroyMenuDescriptor
StgOpenStorage
CoRegisterClassObject
GetRunningObjectTable
CreateFileMoniker
OleRun

oleaut32

CreateErrorInfo
VariantChangeType
GetErrorInfo
SysStringLen
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
SysAllocStringLen
SysAllocString
VariantCopy
VariantClear
VariantInit
RevokeActiveObject
SysFreeString

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

Exports

Exports

??0CSplashWindow@@QAE@II@Z
??1CSplashWindow@@UAE@XZ
??_7CSplashWindow@@6B@
?Create@CSplashWindow@@QAEHXZ
?GetBitmapAndPalette@CSplashWindow@@IAEHIAAVCBitmap@@AAVCPalette@@@Z
?GetMessageMap@CSplashWindow@@MBEPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CSplashWindow@@KGPBUAFX_MSGMAP@@XZ
?OnPaint@CSplashWindow@@IAEXXZ
?OnTimer@CSplashWindow@@IAEXI@Z
?PreTranslateMessage@CSplashWindow@@UAEHPAUtagMSG@@@Z

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SapLogon
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 625KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zwt
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bcb171e02c557eb62d9019eb5b1b2002

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

43:1a:c8:c1:a8:09:98:3f:2c:b5:14:3d:18:70:8c:7bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sapfewuimsg

sapfewcb

sapfewrm

saplgmgr_proxy

saplgnui

sapthmcust

sapshlib

sapguilib

saplgdll

sapfewut

sappctxt

version

sapfhook

sapfewed

sapfdraw

sapthmdrw

gdiplus

sapfewcls

sapfewdr

sapfewnls

mfc100

msvcr100

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp100

Exports

Exports

Sections

.text Size: 266KB - Virtual size: 265KB

.rdata Size: 199KB - Virtual size: 198KB

.data Size: 86KB - Virtual size: 88KB

SapLogon Size: 8KB - Virtual size: 8KB

.rsrc Size: 625KB - Virtual size: 624KB

.reloc Size: 47KB - Virtual size: 47KB

.zwt Size: - Virtual size: 1B

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

43:1a:c8:c1:a8:09:98:3f:2c:b5:14:3d:18:70:8c:7b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 266KB - Virtual size: 265KB

.rdata
Size: 199KB - Virtual size: 198KB

.data
Size: 86KB - Virtual size: 88KB

SapLogon
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 625KB - Virtual size: 624KB

.reloc
Size: 47KB - Virtual size: 47KB

.zwt
Size: - Virtual size: 1B