59c1a90e873d94bc9bd7578c955a85aa71f069b6ac0694d7bc2856db5559dc17_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

59c1a90e873d94bc9bd7578c955a85aa71f069b6ac0694d7bc2856db5559dc17_NeikiAnalytics.exe
Size

542KB
MD5

a669df5c385156e85e70e049599e6f90
SHA1

86c34bcf7fb0f63389816bce64e85aa7fbd95fb6
SHA256

59c1a90e873d94bc9bd7578c955a85aa71f069b6ac0694d7bc2856db5559dc17
SHA512

183835d3398972077ba5396ec46e15684c854d910da91d656dc3e7e9c75f2c93bfc6821792fa4f4b10a69c257a674a4f6e4f11b27cf70bb0322affded39714bd
SSDEEP

6144:/LMTDiGS+clWAkA1WsGPj9lXSclQtojByFLrf4VKQtzWdMl4l7zlUOA18UlocQqg:jGSp3kA1CvO9f4IQFWdMituqn6dI

Score

1^/10

Malware Config

Signatures

Files

59c1a90e873d94bc9bd7578c955a85aa71f069b6ac0694d7bc2856db5559dc17_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

8ddf5377a9b5ad918cf7025a730a4006

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fd:4b:f5:82:99:f0:91:c8:27:d4:b5:1f:2b:83:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/10/2013, 00:00

Not After

25/01/2016, 23:59

Subject

CN=Trusteer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Trusteer,L=Tel-Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e2:15:ca:94:1f:45:6d:f6:c1:21:15:b1:ee:8d:f9:12:3d:a5:41:ee
Signer

Actual PE Digest

e2:15:ca:94:1f:45:6d:f6:c1:21:15:b1:ee:8d:f9:12:3d:a5:41:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

RapportNikko.pdb

Imports

rooksbas

rooks_get_base_version
?get_instance@rooks@rooksbase@@SAPAV12@XZ
?require_extension@rooks_db@rooksbase@@QAEPAVrooks_extension@2@PBD@Z
?lock@rooks_db@rooksbase@@SAPAV12@XZ
?unlock@rooks_db@rooksbase@@SAXPAV12@_N@Z
??0rook_sink@rooksbase@@QAE@PBDPAX@Z
?get_rook@rooks_db@rooksbase@@QAEPAVrook@2@PBD@Z
??1rooksdb_string@rooksbase@@QAE@XZ
??1rook_sink@rooksbase@@QAE@XZ
?rooks_get_extension@@YAPAVrooks_extension@rooksbase@@PBD@Z

trf

0238
0454
0467
0471
0455
0475
02b4
01b6
0431
0503
0236
022e
0294
0230
048b
0476
042a
0229
0223
0226
043f
0389
01c8
023a
0349
0434
04a1
049d
04a0
049c
049f
049e
04b1
04cb
04cd
04c8
045a
0025
0260
0090
043b
045c
0444
0463
03ef
0500
022f
009c
00a4
0125
03e8
03bf
0288
04d1
0436
03e9
040b
03ae
03f3
012c
03e5
04da
03d2
03d0
03d1
03ce
03d8
03cd
04d3
03e3
044f
0420
04b2
03ac
039d
03d5
03ea
0343
0422
02d5
0426
0425
041f
0424
0423
0307
04b5
04cc
04ce
0329
03c3
03a0
03d4
03a7
0502
03ed
03dc
0354
033e
035a
03b0
0323
03a2
03ad
03c1
0356
0419
0415
0418
035c
0352
010a
0053
02a6

kernel32

LocalFree
CreateProcessA
GetExitCodeProcess
GetProcessHeap
HeapFree
lstrlenW
WideCharToMultiByte
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCommandLineW
WaitForSingleObject
WriteFile
DuplicateHandle
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
SetLastError
GetSystemDirectoryA
FreeLibrary
GetModuleHandleW
UnhandledExceptionFilter
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualProtect
LocalAlloc
GetCommandLineA
TerminateProcess
IsDebuggerPresent
GetCurrentThreadId
CreateThread
GetLastError
Sleep
GetTickCount
GetModuleHandleA
OpenProcess
FlushInstructionCache
CloseHandle
GetCurrentProcess
GetCurrentProcessId
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
GetModuleFileNameA
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException

user32

SetTimer
CreateWindowExW
SendMessageW
TrackMouseEvent
InvalidateRect
ClientToScreen
GetWindowDC
ReleaseDC
SetWindowPos
GetUpdateRect
GetSysColorBrush
FillRect
ValidateRect
ScreenToClient
SetCursor
IsWindow
WindowFromDC
GetKeyboardLayout
VkKeyScanExW
MapVirtualKeyExW
ToAsciiEx
GetClassNameW
GetClassInfoExW
SetWindowsHookExW
CallNextHookEx
GetWindowRect
SetLayeredWindowAttributes
PostMessageW
UnhookWindowsHookEx
DestroyWindow
KillTimer
GetForegroundWindow
IsWindowVisible
FindWindowExA
GetParent
EnumWindows
GetWindowThreadProcessId
EnumChildWindows
GetClassNameA
GetWindowLongW
UnregisterClassW
GetDesktopWindow
DefWindowProcW
RegisterClassW
LoadCursorW
RegisterWindowMessageA
GetClientRect
UnregisterClassA

gdi32

GetDCOrgEx
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
DeleteDC

shell32

SHGetFolderPathW
SHGetFolderPathA
CommandLineToArgvW

ole32

OleRun
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString

atl80

ord64
ord23
ord61

shlwapi

PathAppendA

msvcp80

?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvcr80

__CxxFrameHandler3
_purecall
??2@YAPAXI@Z
_snprintf_s
memset
free
__RTDynamicCast
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
memmove_s
_snwprintf_s
strncmp
strcat_s
malloc
strchr
strcpy_s
calloc
strncpy_s
strtoul
sprintf_s
strstr
??_V@YAXPAX@Z
_strdup
_atoi64
atoi
_itoa_s
strtol
memcpy_s
wcsstr
_wcsicmp
atol
vswprintf_s
strtok_s
wcstok_s
realloc
_stricmp
memcpy
sscanf_s
wcscpy_s
_wcsnicmp
_strnicmp
_time64
_wgetenv_s
wcsncpy_s
_except_handler4_common
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_wcsdup
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
??3@YAXPAX@Z

rooksdol

?wndsubclass_unsubclass_window@rooksdol_extension@rooksdol@@QAEXPBDPAUHWND__@@@Z
?wndsubclass_subclass_window@rooksdol_extension@rooksdol@@QAEXPBDPAUHWND__@@PAX@Z
rooksdol_fnhook_chelper_unhook
begin_fnhook_chelper_hooking
rooksdol_fnhook_chelper_hook
end_fnhook_chelper_hooking
?set_persistent_subclassing@wndsubclass_rook@rooksdol@@QAEX_N@Z

ws2_32

inet_ntoa
htons
gethostbyaddr
gethostbyname
WSAGetLastError
getservbyname
htonl
inet_addr
WSASetLastError
ntohs
getservbyport

crypt32

CertGetNameStringA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA

psapi

GetModuleFileNameExA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

oleacc

AccessibleChildren
AccessibleObjectFromWindow

Exports

Exports

nikko_init_in_backend
nikko_shutdown_in_backend
on_resolve_sink

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tsotext
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tsodef
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tsodata
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tsocons
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ddf5377a9b5ad918cf7025a730a4006

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

fd:4b:f5:82:99:f0:91:c8:27:d4:b5:1f:2b:83:f0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e2:15:ca:94:1f:45:6d:f6:c1:21:15:b1:ee:8d:f9:12:3d:a5:41:eeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rooksbas

trf

kernel32

user32

gdi32

shell32

ole32

oleaut32

atl80

shlwapi

msvcp80

msvcr80

rooksdol

ws2_32

crypt32

wininet

psapi

advapi32

oleacc

Exports

Exports

Sections

.text Size: 280KB - Virtual size: 279KB

.tsotext Size: 12KB - Virtual size: 11KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 8KB - Virtual size: 13KB

.tsodef Size: 64KB - Virtual size: 62KB

.tsodata Size: 4KB - Virtual size: 272B

.tsocons Size: 24KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 34KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

fd:4b:f5:82:99:f0:91:c8:27:d4:b5:1f:2b:83:f0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e2:15:ca:94:1f:45:6d:f6:c1:21:15:b1:ee:8d:f9:12:3d:a5:41:ee
Signer

.text
Size: 280KB - Virtual size: 279KB

.tsotext
Size: 12KB - Virtual size: 11KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 8KB - Virtual size: 13KB

.tsodef
Size: 64KB - Virtual size: 62KB

.tsodata
Size: 4KB - Virtual size: 272B

.tsocons
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 34KB