795940941405e4023a572bbaf9bd4a19fd265be147f7b09789c59814b58dee73

Sharing

Copy URL Twitter E-mail

General

Target

795940941405e4023a572bbaf9bd4a19fd265be147f7b09789c59814b58dee73
Size

3.6MB
MD5

027b963adbe510690221d398b7e01352
SHA1

31a153f08bfd3b64827fd2b386594eb56a96b0d3
SHA256

795940941405e4023a572bbaf9bd4a19fd265be147f7b09789c59814b58dee73
SHA512

147f2c231f2522f87af53e0df53f83a0b4ac591b8842f3b8aa2408dde483c70c3058a1ce3fdac719149667e15eb0509a7afc19f3f539e1aa2fdc9a19545885eb
SSDEEP

98304:+WbienTJEntqJG83MwRvZrVX2yg4Ftvi7ep10o0Flk:+Wbi2mntqJGmJ3X2We7epz

Score

6^/10

pdf evasion

Malware Config

Signatures

Malformed or missing cross-reference table in PDF
Malformed or missing cross-reference tables are often used to evade detection
pdf evasion

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Chinese.dat
unpack001/x64/hash2.dll
unpack001/x64/zlib1.dll
unpack001/zlib1.dll

Files

795940941405e4023a572bbaf9bd4a19fd265be147f7b09789c59814b58dee73
.zip
Boot Sector FAT.tpl
Boot Sector FAT32.tpl
Boot Sector NTFS.tpl
Chinese.dat
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Chinese.txt
Ext Directory Entry.tpl
Ext Group Descriptor.tpl
Ext Inode.tpl
Ext Superblock.tpl
Ext4 Inode.tpl
FAT Directory Entry.tpl
FAT LFN Entry.tpl
File Type Signatures Search.txt
.pdf
GUID Partition Table.tpl
HFS+ Volume Header.tpl
Master Boot Record.tpl
NTFS FILE Record.tpl
Recently Opened.dat
Sample script.whs
Text file conversion UNIX - Windows.whs
Text file conversion Windows - UNIX.whs
WinHex.cfg
WinHex.ico
WinHex64.exe
.exe windows:5 windows x64 arch:x64

4a8a844e2d12fb1b6e7856230a7acab7

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:9d:54:af:0b:b0:ed:94
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

14/05/2020, 19:28

Not After

14/05/2023, 19:28

Subject

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:77:58:49:eb:e5:03:dc:3d:01:46:03:ae:ab:f3:bd:8a:56:d2:67:c3:1b:e0:8b:ff:4d:a7:2b:48:5b:26:07
Signer

Actual PE Digest

2a:77:58:49:eb:e5:03:dc:3d:01:46:03:ae:ab:f3:bd:8a:56:d2:67:c3:1b:e0:8b:ff:4d:a7:2b:48:5b:26:07

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen

user32

MessageBoxA
SetWindowLongPtrA
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TranslateAcceleratorA
TrackPopupMenu
SystemParametersInfoA
SystemParametersInfoW
SwitchDesktop
AnimateWindow
ShowWindow
ShowScrollBar
ShowCaret
SetWindowsHookExA
SetWindowTextA
SetWindowTextW
SetWindowPos
SetTimer
SetScrollInfo
SetParent
SetMenuItemInfoW
SetMenuItemBitmaps
SetMenuDefaultItem
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetDlgItemTextA
SetDlgItemTextW
SetCursorPos
SetCursor
SetClipboardData
SetCaretPos
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
SendInput
SendDlgItemMessageA
SendDlgItemMessageW
ScrollWindow
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageW
OpenDesktopW
OpenClipboard
OffsetRect
OemToCharBuffA
OemToCharA
MoveWindow
ModifyMenuA
ModifyMenuW
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
LoadMenuA
LoadImageA
LoadIconA
LoadCursorA
LoadCursorW
LoadBitmapA
LoadAcceleratorsA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
IsDlgButtonChecked
IsDialogMessageW
IsClipboardFormatAvailable
InvertRect
InvalidateRect
IntersectRect
InsertMenuA
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextA
GetWindowTextW
GetWindowRect
GetWindowInfo
GetWindowDC
GetSystemMetrics
GetSystemMenu
GetSysColor
GetSubMenu
GetScrollPos
GetScrollInfo
GetParent
GetWindow
GetNextDlgTabItem
GetMessageW
GetMenuStringA
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetKeyboardState
GetKeyState
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItemTextA
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetClipboardOwner
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassInfoW
GetAsyncKeyState
GetActiveWindow
FindWindowA
FindWindowW
FillRect
ExitWindowsEx
EnumClipboardFormats
EnumChildWindows
EndPaint
EndDialog
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DispatchMessageW
DialogBoxParamW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCaret
DeleteMenu
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateMDIWindowW
CreateCaret
CountClipboardFormats
CopyImage
CloseClipboard
CheckRadioButton
CheckMenuRadioItem
CheckMenuItem
CheckDlgButton
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AppendMenuA
AppendMenuW
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharUpperA
CharToOemBuffA
CharToOemA
GetMonitorInfoA
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
SetThreadLocale
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
DeleteFileW
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenW
lstrcpynW
lstrcpyA
lstrcpyW
lstrcmpiA
lstrcmpW
lstrcatW
WriteProcessMemory
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
VirtualFree
VirtualAlloc
UnlockFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SizeofResource
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadContext
SetPriorityClass
SetLastError
SetHandleInformation
SetFileTime
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetEndOfFile
SetCurrentDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReadProcessMemory
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
PeekNamedPipe
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileW
LockResource
LockFile
LocalUnlock
LocalLock
LocalFree
LocalFileTimeToFileTime
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryExW
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsBadWritePtr
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationA
GetVolumeInformationW
GetVersionExW
GetTimeZoneInformation
GetTickCount
GetThreadTimes
GetThreadLocale
GetThreadContext
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemPowerStatus
GetSystemInfo
GetShortPathNameA
GetProcessVersion
GetProcessTimes
GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoA
GetLocalTime
GetLastError
GetHandleInformation
GetFileTime
GetFileSize
GetFileInformationByHandle
GetFileAttributesA
GetFileAttributesW
GetEnvironmentVariableW
GetDriveTypeA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCommandLineW
GetACP
FreeLibrary
FormatMessageA
FormatMessageW
FlushInstructionCache
FlushFileBuffers
FindResourceA
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemCodePagesA
EnterCriticalSection
DuplicateHandle
DosDateTimeToFileTime
DeviceIoControl
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateHardLinkW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
Beep
GetLongPathNameA
GetLongPathNameW
GlobalMemoryStatusEx
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetCPInfoExW
GetCPInfoExA
RtlCaptureStackBackTrace
GetDiskFreeSpaceExW
GetProcAddress
GetComputerNameExW
SetFilePointerEx
GetVolumePathNamesForVolumeNameW
OpenThread
GetFileSizeEx
FreeUserPhysicalPages
AllocateUserPhysicalPages

gdi32

TextOutA
TextOutW
StretchDIBits
StartPage
StartDocA
StartDocW
SetWorldTransform
SetTextColor
SetTextAlign
SetPixelV
SetPixel
SetGraphicsMode
SetDIBits
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
Rectangle
PtInRegion
Polygon
MoveToEx
ModifyWorldTransform
LineTo
GetTextMetricsA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextColor
GetStockObject
GetPixel
GetObjectA
GetObjectW
GetDeviceCaps
GetCharABCWidthsFloatW
GetBkColor
GetBitmapBits
ExtTextOutA
ExtTextOutW
EndPage
EndDoc
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateFontIndirectA
CreateFontIndirectW
CreateFontA
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
AbortDoc

advapi32

SetSecurityDescriptorDacl
SetFileSecurityW
RegSetValueExA
RegSetValueExW
RegSetValueA
RegSetValueW
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegOpenKeyA
RegDeleteValueW
RegDeleteKeyA
RegDeleteKeyW
RegCreateKeyA
RegCreateKeyW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
LookupAccountNameW
IsTextUnicode
InitializeSecurityDescriptor
GetUserNameW
GetCurrentHwProfileA
AdjustTokenPrivileges

shell32

SHGetFileInfoA
SHGetFileInfoW
ShellExecuteA
ShellExecuteW
ExtractIconW
ExtractAssociatedIconW
DragQueryPoint
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW

winspool.drv

GetDefaultPrinterA
OpenPrinterA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

powrprof

SetSuspendState

comctl32

ImageList_GetIconSize
ImageList_Draw
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_Destroy
ImageList_Create

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsW

winhttp

WinHttpSetOption
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpOpen
WinHttpConnect
WinHttpCloseHandle

comdlg32

CommDlgExtendedError
ChooseFontA
ChooseColorA
GetSaveFileNameW
GetOpenFileNameW

winmm

PlaySoundA

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 165KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 686KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
language.dat
timezone.dat
user.txt
winhex.exe
.exe windows:4 windows x86 arch:x86

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:9d:54:af:0b:b0:ed:94
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

14/05/2020, 19:28

Not After

14/05/2023, 19:28

Subject

CN=X-Ways Software Technology Aktiengesellschaft,O=X-Ways Software Technology Aktiengesellschaft,L=Bünde,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a1:60:b4:46:99:2e:19:30:72:e6:32:e4:a9:81:19:ab:b9:19:c2:5e:25:58:9a:bd:bd:98:ec:71:ed:4a:df:b9
Signer

Actual PE Digest

a1:60:b4:46:99:2e:19:30:72:e6:32:e4:a9:81:19:ab:b9:19:c2:5e:25:58:9a:bd:bd:98:ec:71:ed:4a:df:b9

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 122KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 380B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x64/hash2.dll
.dll windows:5 windows x64 arch:x64

65a07e83ad2d464605bbfa043427c1b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/zlib1.dll
.dll windows:5 windows x64 arch:x64

d049ce821cc525c2e44f2c025b76a32c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

S:\source\ResIL\projects\zlib\x64\Release\zlib.pdb

Imports

kernel32

GetLastError
SetFilePointer
CloseHandle
GetFileType
CreateFileW
HeapFree
HeapAlloc
WideCharToMultiByte
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteCriticalSection
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
RtlUnwindEx
EncodePointer
DecodePointer
WriteFile
GetConsoleCP
GetConsoleMode
SetEndOfFile
GetProcessHeap
MultiByteToWideChar
ReadFile
GetProcAddress
GetModuleHandleW
ExitProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleW
LoadLibraryW
LCMapStringW
GetStringTypeW
HeapReAlloc
HeapSize
FlushFileBuffers
CreateFileA

Exports

Exports

adler32
adler32_combine
adler32_combine64
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zlib1.dll
.dll windows:4 windows x86 arch:x86

66a201125fb55b79ced6d0ecd1985e10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
Sleep
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_lseek
_open
_read
_write
__dllonexit
__lc_codepage
__mb_cur_max
_errno
_iob
abort
fflush
fputc
free
fwrite
getenv
localeconv
malloc
memchr
memcpy
sprintf
strcat
strcpy
strerror
strlen
vfprintf
wcslen

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzoffset
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
最后部分 nevin.prj

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 4KB - Virtual size: 3KB

DATA Size: 512B - Virtual size: 160B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 702B

.reloc Size: 512B - Virtual size: 424B

.rsrc Size: 14KB - Virtual size: 14KB

4a8a844e2d12fb1b6e7856230a7acab7

Code Sign

1b:e7:15Certificate

Key Usages

07Certificate

Key Usages

ee:9d:54:af:0b:b0:ed:94Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

2a:77:58:49:eb:e5:03:dc:3d:01:46:03:ae:ab:f3:bd:8a:56:d2:67:c3:1b:e0:8b:ff:4d:a7:2b:48:5b:26:07Signer

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

kernel32

gdi32

advapi32

shell32

winspool.drv

powrprof

comctl32

setupapi

winhttp

comdlg32

winmm

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.data Size: 171KB - Virtual size: 170KB

.bss Size: - Virtual size: 165KB

.idata Size: 19KB - Virtual size: 19KB

.didata Size: 512B - Virtual size: 298B

.tls Size: - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 40B

.pdata Size: 67KB - Virtual size: 66KB

.rsrc Size: 686KB - Virtual size: 686KB

Code Sign

1b:e7:15Certificate

Key Usages

07Certificate

Key Usages

ee:9d:54:af:0b:b0:ed:94Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

a1:60:b4:46:99:2e:19:30:72:e6:32:e4:a9:81:19:ab:b9:19:c2:5e:25:58:9a:bd:bd:98:ec:71:ed:4a:df:b9Signer

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 2.1MB - Virtual size: 2.1MB

DATA Size: 76KB - Virtual size: 76KB

BSS Size: - Virtual size: 122KB

.idata Size: 13KB - Virtual size: 12KB

CODE
Size: 4KB - Virtual size: 3KB

DATA
Size: 512B - Virtual size: 160B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 702B

.reloc
Size: 512B - Virtual size: 424B

.rsrc
Size: 14KB - Virtual size: 14KB

1b:e7:15
Certificate

07
Certificate

ee:9d:54:af:0b:b0:ed:94
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

2a:77:58:49:eb:e5:03:dc:3d:01:46:03:ae:ab:f3:bd:8a:56:d2:67:c3:1b:e0:8b:ff:4d:a7:2b:48:5b:26:07
Signer

.text
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 171KB - Virtual size: 170KB

.bss
Size: - Virtual size: 165KB

.idata
Size: 19KB - Virtual size: 19KB

.didata
Size: 512B - Virtual size: 298B

.tls
Size: - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 40B

.pdata
Size: 67KB - Virtual size: 66KB

.rsrc
Size: 686KB - Virtual size: 686KB

1b:e7:15
Certificate

07
Certificate

ee:9d:54:af:0b:b0:ed:94
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

a1:60:b4:46:99:2e:19:30:72:e6:32:e4:a9:81:19:ab:b9:19:c2:5e:25:58:9a:bd:bd:98:ec:71:ed:4a:df:b9
Signer

CODE
Size: 2.1MB - Virtual size: 2.1MB

DATA
Size: 76KB - Virtual size: 76KB

BSS
Size: - Virtual size: 122KB

.idata
Size: 13KB - Virtual size: 12KB

.tls
Size: - Virtual size: 380B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 103KB

.rsrc
Size: 540KB - Virtual size: 540KB

.text
Size: 143KB - Virtual size: 142KB

RT_CODE
Size: 2KB - Virtual size: 2KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 13KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 71KB - Virtual size: 71KB

.data
Size: 512B - Virtual size: 92B

.rdata
Size: 19KB - Virtual size: 18KB

.eh_fram
Size: 512B - Virtual size: 220B

.bss
Size: - Virtual size: 2KB

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 900B

.reloc
Size: 1KB - Virtual size: 1KB