e99f72e73cdef3c2a2869dd6b6541f8796f58599a2ea4352ca9e3207d9ed704f

Sharing

Copy URL

Twitter E-mail

General

Target

e99f72e73cdef3c2a2869dd6b6541f8796f58599a2ea4352ca9e3207d9ed704f
Size

889KB
MD5

b338e5aa4ac9b0e8092f20a664f1615f
SHA1

788872af3b5e87509db9f0eb2e84f9f8607e85eb
SHA256

e99f72e73cdef3c2a2869dd6b6541f8796f58599a2ea4352ca9e3207d9ed704f
SHA512

7d3c53744c95d636657c97b1673e30a753091f7975fc8f101b1e67b799d68379828f853a35c5c2cffacbe95b07bea836602e091773eb4e2bde6e16f988a447a2
SSDEEP

24576:PaeSHvR7SFh+5mqVVraVz0+UCF1rEH7k5:PaPREMPGVY+UCh5

Score

1^/10

Malware Config

Signatures

Files

e99f72e73cdef3c2a2869dd6b6541f8796f58599a2ea4352ca9e3207d9ed704f
.dll windows:5 windows x86 arch:x86

20fbddf52e7615fd0c912febc667797a

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2019 00:00

Not After

02-10-2022 12:00

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:09:1e:19:18:55:a7:0a:91:70:ef:18:e4:23:ea:d3
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2019 00:00

Not After

02-10-2022 12:00

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

af:57:59:65:2f:d5:e1:bb:d1:a4:87:6e:fc:ac:9c:4e:3d:05:38:16:d0:7a:56:b8:98:49:4e:9f:a3:65:94:9e
Signer

Actual PE Digest

af:57:59:65:2f:d5:e1:bb:d1:a4:87:6e:fc:ac:9c:4e:3d:05:38:16:d0:7a:56:b8:98:49:4e:9f:a3:65:94:9e

Digest Algorithm

sha256

PE Digest Matches

false

25:8d:ef:96:dc:af:4e:32:ae:da:7b:6c:3a:94:62:50:09:87:ea:37
Signer

Actual PE Digest

25:8d:ef:96:dc:af:4e:32:ae:da:7b:6c:3a:94:62:50:09:87:ea:37

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\TBNet\SecurePt\Output\Release\CmdManager.pdb

Imports

xmlwrapper

?CreateNode@CXmlNode@@QAEIAAV1@QADQAXH@Z
?GetNodeProperty@CXmlNode@@QAEIQADPADAAH@Z
?SetNodeProperty@CXmlNode@@QAEIQAD0@Z
?GetFirstElement@CXmlNode@@QAE?AV1@QAD@Z
?GetNodeContent@CXmlNode@@QAEIPADAAH@Z
?DeleteFirstElement@CXmlNode@@QAEIQAD@Z
??0CXmlNode@@QAE@ABV0@QAD@Z
?GetChildrenNode@CXmlNode@@QAE?AV1@XZ
?GetSiblingNode@CXmlNode@@QAE?AV1@XZ
?SetNodeContent@CXmlNode@@QAEIQAXH@Z
?CreateNode@CXmlNode@@QAEIAAV1@QAD111@Z
?NodeExists@CXmlNode@@QAEHQAD@Z
??0CXmlNode@@QAE@ABV0@@Z
??4CXmlNode@@QAEAAV0@ABV0@@Z
??0CXmlDocument@@QAE@XZ
??1CXmlDocument@@QAE@XZ
?OpenXmlFile@CXmlDocument@@QAEIQAD0@Z
?SaveXmlFile@CXmlDocument@@QAEIQAD0@Z
?GetRootElement@CXmlDocument@@QAE?AVCXmlNode@@XZ
??0CXmlNode@@QAE@XZ
??1CXmlNode@@QAE@XZ
?NodeValid@CXmlNode@@QBEHXZ

compressfile

DecompressFL
CompressFL
IsCompressBufFL

kernel32

SystemTimeToTzSpecificLocalTime
GetCurrentProcess
SetEvent
GetTickCount
GetPrivateProfileStringW
InitializeCriticalSection
OpenProcess
LoadLibraryW
Sleep
LeaveCriticalSection
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileIntW
GetLastError
EnterCriticalSection
GetPrivateProfileStringA
Process32FirstW
ProcessIdToSessionId
WritePrivateProfileStringA
CreateEventW
GetModuleFileNameA
Process32NextW
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
DeleteCriticalSection
CreateThread
GetComputerNameW
WideCharToMultiByte
OpenMutexW
ReleaseMutex
WinExec
CreateDirectoryW
TerminateThread
GetExitCodeThread
OutputDebugStringA
ResumeThread
MoveFileW
GetLocalTime
InterlockedIncrement
SetWaitableTimer
CancelWaitableTimer
WaitForMultipleObjects
CreateWaitableTimerW
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToLocalFileTime
ResetEvent
LocalReAlloc
LocalAlloc
LocalFree
CreateMutexW
GetFullPathNameW
MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
GetTempPathW
GetLongPathNameW
CreateFileMappingA
OpenFileMappingA
GetEnvironmentVariableW
FindFirstFileW
GetDriveTypeW
GetCurrentThread
GetVersionExW
SetLastError
FindClose
RemoveDirectoryW
FindFirstFileA
FindNextFileA
DeleteFileA
GetTempFileNameW
MoveFileExW
GetPrivateProfileIntA
CopyFileW
GetFileAttributesA
FindNextFileW
DeleteFileW
GetModuleHandleW
GetCurrentProcessId
GetLogicalDriveStringsW
SetEnvironmentVariableW
GetLogicalDrives
WriteFile
ReadFile
CreateFileW
GetDiskFreeSpaceW
QueryDosDeviceW
DeviceIoControl
FreeLibrary
GetFileAttributesExW
SetFileAttributesW
GetVolumeInformationW
GetSystemDirectoryW
InterlockedExchange
OpenFileMappingW
CloseHandle
GetModuleFileNameW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
LoadLibraryA
GetProcAddress
LocalFileTimeToFileTime
InterlockedDecrement
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
OpenEventW

user32

wsprintfW
ExitWindowsEx

advapi32

RegOpenKeyExW
RegCreateKeyExW
OpenThreadToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ControlService
StartServiceW
QueryServiceStatusEx
QueryServiceConfigW
UnlockServiceDatabase
LockServiceDatabase
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
AllocateAndInitializeSid
RegQueryValueExW
EqualSid
LogonUserW
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountSidW
GetTokenInformation
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
RegCloseKey
RegSetValueExW
FreeSid

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoInitializeEx
CoCreateGuid

msvcp90

?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?max_size@?$allocator@_W@std@@QBEIXZ
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?uncaught_exception@std@@YA_NXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE_W_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
??0?$allocator@_W@std@@QAE@ABV01@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??0?$allocator@_W@std@@QAE@XZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
?setf@ios_base@std@@QAEHHH@Z
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?eof@?$char_traits@_W@std@@SAGXZ
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?length@?$char_traits@_W@std@@SAIPB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@_W@Z

msvcr90

_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_errno
_wtof
memset
memcpy
_CxxThrowException
__RTDynamicCast
free
wcsncat
_invalid_parameter_noinfo
wcsrchr
_wcsdup
strcpy_s
_purecall
??3@YAXPAX@Z
strcat_s
wcschr
_wcsicmp
sprintf
wcsncpy_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
sscanf
_create_locale
_wcsnicmp
_localtime64_s
wcsncpy
??_V@YAXPAX@Z
_swprintf_s_l
strrchr
toupper
wcscat_s
wcsncmp
wcscpy_s
_wcstoui64
_time64
_free_locale
??2@YAPAXI@Z
atoi
strncpy
fopen
fwrite
fclose
malloc
_wcstod_l
wcsstr
_isnan
_wcstoul_l
realloc
towupper
swprintf_s
_waccess
_memicmp
memmove_s
_snwprintf
_wgetenv
_beginthread
_vswprintf
printf
wcstok
_wtoi
_wtol
fread
ftell
fseek
memmove
_wfopen
_vswprintf_c_l
setlocale
_localtime64
_itow
memcpy_s
_ltow
swscanf_s
vswprintf_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
__CxxFrameHandler3
__clean_type_info_names_internal
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

netapi32

NetApiBufferFree
NetServerEnum
NetShareEnum

powrprof

SetSuspendState

shlwapi

PathIsDirectoryW
StrRetToStrW
PathFileExistsW
PathIsNetworkPathW

ws2_32

WSAStartup

mpr

WNetAddConnection2W
WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetCancelConnection2W

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
TBCanUnloadNow
TBCreateObject

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20fbddf52e7615fd0c912febc667797a

Code Sign

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

01:09:1e:19:18:55:a7:0a:91:70:ef:18:e4:23:ea:d3Certificate

Extended Key Usages

Key Usages

af:57:59:65:2f:d5:e1:bb:d1:a4:87:6e:fc:ac:9c:4e:3d:05:38:16:d0:7a:56:b8:98:49:4e:9f:a3:65:94:9eSigner

25:8d:ef:96:dc:af:4e:32:ae:da:7b:6c:3a:94:62:50:09:87:ea:37Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

xmlwrapper

compressfile

kernel32

user32

advapi32

shell32

ole32

msvcp90

msvcr90

wtsapi32

netapi32

powrprof

shlwapi

ws2_32

mpr

Exports

Exports

Sections

.text Size: 612KB - Virtual size: 612KB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 27KB

61:1c:b2:8a:00:00:00:00:00:26
Certificate

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

01:09:1e:19:18:55:a7:0a:91:70:ef:18:e4:23:ea:d3
Certificate

af:57:59:65:2f:d5:e1:bb:d1:a4:87:6e:fc:ac:9c:4e:3d:05:38:16:d0:7a:56:b8:98:49:4e:9f:a3:65:94:9e
Signer

25:8d:ef:96:dc:af:4e:32:ae:da:7b:6c:3a:94:62:50:09:87:ea:37
Signer

.text
Size: 612KB - Virtual size: 612KB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB