aa64fa49c00cf9e16ec11ec2dd289580N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

aa64fa49c00cf9e16ec11ec2dd289580N.exe
Size

2.5MB
MD5

aa64fa49c00cf9e16ec11ec2dd289580
SHA1

dadb970fceeb5abd35bae9a54394cd05700e72be
SHA256

fdeecda64b4d4a54edf96d763cbf4a1ea0f281d3e1e152c578dc8e262926bf78
SHA512

4b8b6eb6071cd6279cc9e5d312903ce39b1ab8e3749df94303110d3f2b24d94e76d9300431d158920a912b69defaa1740d12b593f4cee3314e7b16b98f058b94
SSDEEP

49152:FHPTBTQkrRSab3szK2iose1ls7GCo1z3no7+zjLPcFTO1Ms2:FHrBTQkr1wlseLqGxtMr

Score

1^/10

Malware Config

Signatures

Files

aa64fa49c00cf9e16ec11ec2dd289580N.exe
.dll windows:5 windows x86 arch:x86

2dea39709fe7cbf83ecaa10635c0907e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:ea:0d:de:d5:5e:c1:e1:a2:9f:c5:fb:5d:ab:4f:b2
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/05/2020, 00:00

Not After

18/05/2023, 12:00

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:aa:43:30:0d:17:67:ac:12:49:43:54:21:65:bb:9e
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/05/2020, 00:00

Not After

18/05/2023, 12:00

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:f0:be:6c:17:d5:30:df:cd:49:fe:16:e6:25:0a:e0:f1:10:c2:22:d0:18:3f:0f:28:db:80:8f:b0:21:e9:f0
Signer

Actual PE Digest

db:f0:be:6c:17:d5:30:df:cd:49:fe:16:e6:25:0a:e0:f1:10:c2:22:d0:18:3f:0f:28:db:80:8f:b0:21:e9:f0

Digest Algorithm

sha256

PE Digest Matches

true

22:b4:6d:90:92:ed:cd:ae:18:8c:9d:1b:0e:ed:ba:55:af:12:6b:90
Signer

Actual PE Digest

22:b4:6d:90:92:ed:cd:ae:18:8c:9d:1b:0e:ed:ba:55:af:12:6b:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\Work\rcimage\bin\Win32\Release\pdb\2345Image.pdb

Imports

gdiplus

GdipDrawImageRectI
GdipCreateSolidFill
GdipCreateBitmapFromHBITMAP
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipDeleteBrush
GdipGetPropertyItem
GdipImageGetFrameDimensionsCount
GdipGetImageThumbnail
GdipGetImagePixelFormat
GdipGetImageType
GdipImageRotateFlip
GdipSetCompositingQuality
GdipGetImageHeight
GdipFree
GdipCloneBitmapAreaI
GdipGetImageGraphicsContext
GdipDrawImageRectRect
GdipSetPixelOffsetMode
GdipSetPageUnit
GdipSetInterpolationMode
GdipGetImagePaletteSize
GdipCreateBitmapFromScan0
GdipGetImageVerticalResolution
GdipDeleteGraphics
GdipImageSelectActiveFrame
GdipRemovePropertyItem
GdipLoadImageFromFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipBitmapLockBits
GdipImageGetFrameDimensionsList
GdipCreateFromHDC
GdipImageGetFrameCount
GdipCreateTexture
GdipSetPropertyItem
GdipGetImageRawFormat
GdipCloneBrush
GdipFillRectangleI
GdipGetImagePalette
GdipGetImageHorizontalResolution
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipSaveImageToStream
GdipGetPropertyItemSize
GdipSaveImageToFile
GdipReleaseDC
GdipCloneImage
GdipAlloc
GdipGetDC
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromGdiDib

freeimage

_FreeImage_FakeSaveToMemory@16
?APNG_IdentifyApng@@YG_NPB_WPAH@Z
_FreeImage_Allocate@24
_FreeImage_CopyICCProfile@8
_FreeImage_FIFSupportsExportType@8
_FreeImage_OpenMemory@8
_FreeImage_IsTransparent@4
_FreeImage_FIFSupportsNoPixels@4
_FreeImage_Clone@4
_FreeImage_GetTransparencyTable@4
_FreeImage_SaveToMemory@16
_FreeImage_FIFSupportsExportBPP@8
_FreeImage_FIFSupportsWriting@4
_FreeImage_Paste@24
_FreeImage_GetICCProfile@4
_FreeImage_CloseMemory@4
_FreeImage_HasPixels@4
_FreeImage_AcquireMemory@12
_FreeImage_GetScanLine@8
?LoadAPNG_from_file@@YGPAUAPNGDATA@@PB_W_NPAH@Z
?APNG_Destroy@@YGXPAUAPNGDATA@@@Z
?APNG_Clone@@YGPAUAPNGDATA@@PBU1@@Z
_FreeImage_SaveU@16
_FreeImage_AllocateT@28
_FreeImage_GetBPP@4
_FreeImage_GetWidth@4
_FreeImage_GetColorType@4
_FreeImage_GetPitch@4
_FreeImage_Unload@4
_FreeImage_GetHeight@4
_FreeImage_GetBits@4
_FreeImage_GetImageType@4

freeimageplus

?getMetadata@fipImage@@QBEHW4FREE_IMAGE_MDMODEL@@PBDAAVfipTag@@@Z
?setMetadata@fipImage@@QAEHW4FREE_IMAGE_MDMODEL@@PBDAAVfipTag@@@Z
??0fipMetadataFind@@QAE@XZ
??1fipMetadataFind@@UAE@XZ
?findFirstMetadata@fipMetadataFind@@QAEHW4FREE_IMAGE_MDMODEL@@AAVfipImage@@AAVfipTag@@@Z
??0fipWinImage@@QAE@W4FREE_IMAGE_TYPE@@III@Z
?rescale@fipImage@@QAEHIIW4FREE_IMAGE_FILTER@@@Z
?clear@fipWinImage@@UAEXXZ
?isValid@fipWinImage@@UBEHXZ
??4fipWinImage@@QAEAAV0@ABV0@@Z
?copyFromBitmap@fipWinImage@@QAEHPAUHBITMAP__@@@Z
?copyToClipboard@fipWinImage@@QBEHPAUHWND__@@@Z
?drawEx@fipWinImage@@QBEXPAUHDC__@@AAUtagRECT@@1HPAUtagRGBQUAD@@PAUFIBITMAP@@@Z
??0fipTag@@QAE@XZ
?flipVertical@fipImage@@QAEHXZ
?flipHorizontal@fipImage@@QAEHXZ
?rotate@fipImage@@QAEHNPBX@Z
?setFileBkColor@fipImage@@QAEHPAUtagRGBQUAD@@@Z
?isTransparent@fipImage@@QBEHXZ
?convertTo32Bits@fipImage@@QAEHXZ
?convertTo16Bits555@fipImage@@QAEHXZ
?accessPixels@fipImage@@QBEPAEXZ
?hasThumbnail@fipImage@@QBEHXZ
?setThumbnail@fipImage@@QAEHABV1@@Z
?getThumbnail@fipImage@@QBEHAAV1@@Z
?isGrayscale@fipImage@@QBEHXZ
?getColorType@fipImage@@QBE?AW4FREE_IMAGE_COLOR_TYPE@@XZ
?getColorsUsed@fipImage@@QBEIXZ
?getPalette@fipImage@@QBEPAUtagRGBQUAD@@XZ
?getVerticalResolution@fipImage@@QBENXZ
?getHorizontalResolution@fipImage@@QBENXZ
?getBitsPerPixel@fipImage@@QBEIXZ
?getInfo@fipImage@@QAEPAUtagBITMAPINFO@@XZ
?GetFrameDuration@fipImage@@QAEHXZ
?ActiveFrame@fipImage@@QAEHH@Z
?getScanWidth@fipImage@@QBEIXZ
?getHeight@fipImage@@QBEIXZ
?isValid@fipTag@@UBEHXZ
?getWidth@fipImage@@QBEIXZ
?getImageType@fipImage@@QBE?AW4FREE_IMAGE_TYPE@@XZ
?loadFromMemory@fipImage@@QAEHAAVfipMemoryIO@@HPAVILoadImageCallBack@@@Z
?loadU@fipImage@@QAEHPB_WHPAVILoadImageCallBack@@@Z
?identifyFIFU@fipImage@@SA?AW4FREE_IMAGE_FORMAT@@PB_W@Z
?copySubImage@fipImage@@QBEHAAV1@HHHH@Z
?getPageCount@fipMultiPage@@QBEHXZ
??1fipMemoryIO@@UAE@XZ
??0fipMemoryIO@@QAE@PAEK@Z
??1fipWinImage@@UAE@XZ
?convertTo24Bits@fipImage@@QAEHXZ
?isValid@fipImage@@UBEHXZ
??4fipImage@@QAEAAV0@PAUFIBITMAP@@@Z
?clear@fipImage@@UAEXXZ
??1fipImage@@UAE@XZ
??0fipImage@@QAE@W4FREE_IMAGE_TYPE@@III@Z
??BfipImage@@QAEPAUFIBITMAP@@XZ
?toString@fipTag@@QBEPBDW4FREE_IMAGE_MDMODEL@@PAD@Z
?setValue@fipTag@@QAEHPBX@Z
?getValue@fipTag@@QBEPBXXZ
??1fipTag@@UAE@XZ

kernel32

GetSystemTimeAsFileTime
OutputDebugStringW
GetCurrentProcessId
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventA
WaitForSingleObjectEx
GetModuleHandleExA
SetErrorMode
GetModuleFileNameA
GetNativeSystemInfo
ReadFile
SetFilePointer
CloseHandle
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
TlsGetValue
GetSystemInfo
InterlockedDecrement
GlobalSize
GlobalLock
InterlockedIncrement
GlobalUnlock
InterlockedExchangeAdd
WaitForSingleObject
ResumeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileW
GetLongPathNameW
CreateFileW
GetFileAttributesExW
CreateEventW
SetEvent
ResetEvent
GetFileSize
FindClose
GetCurrentThread
GetTempPathW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
GetWindowsDirectoryW
MoveFileExW
GetTempFileNameW
MoveFileW
GetCurrentThreadId
GlobalAlloc
GetProcAddress
GetCurrentProcess
GetModuleFileNameW
LoadLibraryW
FreeLibrary
IsBadReadPtr
ExitProcess
lstrlenA
TlsSetValue
TlsAlloc
TlsFree
QueryPerformanceCounter
LoadLibraryA
SwitchToThread
GetEnvironmentVariableA
lstrcmpA
GetProcessAffinityMask

user32

CopyRect
SetRect
ReleaseDC
OpenClipboard
CloseClipboard
SetClipboardData
GetDC

gdi32

BitBlt
SaveDC
SetStretchBltMode
StretchDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
GetObjectW
CreateDIBitmap
RestoreDC
SetDIBitsToDevice
GetDIBits
GetClipBox
CreateDIBSection

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream

msvcp140

?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

crypt32

CryptStringToBinaryA

vcruntime140

_except_handler4_common
__RTtypeid
__std_type_info_name
strrchr
__std_type_info_destroy_list
_CxxThrowException
memset
memmove
wcsrchr
longjmp
wcsstr
wcschr
strchr
strstr
_purecall
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memcpy
memchr
_setjmp3
__CxxLongjmpUnwind
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
exit
strerror
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_beginthreadex
_initialize_onexit_table
abort
_execute_onexit_table
_initterm_e
_initterm
_crt_atexit
_cexit
_invalid_parameter_noinfo
_errno

api-ms-win-crt-stdio-l1-1-0

_wfopen
fopen
fread
fseek
__stdio_common_vswprintf
fclose
ftell
_setmode
_open
_read
_write
_close
rewind
fputc
ferror
fflush
getc
fgets
fwrite
__stdio_common_vfscanf
feof
__stdio_common_vsprintf
fputs
_lseek
tmpnam
__stdio_common_vsscanf
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-convert-l1-1-0

atoi
atof
strtol
strtod

api-ms-win-crt-heap-l1-1-0

calloc
realloc
free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

isprint
_wcsicmp
strncpy
toupper
isspace
isdigit
tolower
isalpha
strtok
towlower
towupper
_strdup
_wcsdup
strncpy_s
strncmp
_wcsnicmp
isxdigit

api-ms-win-crt-utility-l1-1-0

ldiv
bsearch
rand
qsort

api-ms-win-crt-filesystem-l1-1-0

_unlink

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise
ceil
floor
_libm_sse2_log_precise
_libm_sse2_exp_precise
_libm_sse2_cos_precise
__libm_sse2_sinf
__libm_sse2_exp
_CIatan2
_libm_sse2_pow_precise
_except1
_libm_sse2_sin_precise

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

CreateImageFactory

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2dea39709fe7cbf83ecaa10635c0907e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

06:ea:0d:de:d5:5e:c1:e1:a2:9f:c5:fb:5d:ab:4f:b2Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

05:aa:43:30:0d:17:67:ac:12:49:43:54:21:65:bb:9eCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

db:f0:be:6c:17:d5:30:df:cd:49:fe:16:e6:25:0a:e0:f1:10:c2:22:d0:18:3f:0f:28:db:80:8f:b0:21:e9:f0Signer

22:b4:6d:90:92:ed:cd:ae:18:8c:9d:1b:0e:ed:ba:55:af:12:6b:90Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

freeimage

freeimageplus

kernel32

user32

gdi32

ole32

msvcp140

crypt32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 330KB - Virtual size: 329KB

.data Size: 53KB - Virtual size: 624KB

_RDATA Size: 4KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 66KB - Virtual size: 65KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

06:ea:0d:de:d5:5e:c1:e1:a2:9f:c5:fb:5d:ab:4f:b2
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

05:aa:43:30:0d:17:67:ac:12:49:43:54:21:65:bb:9e
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

db:f0:be:6c:17:d5:30:df:cd:49:fe:16:e6:25:0a:e0:f1:10:c2:22:d0:18:3f:0f:28:db:80:8f:b0:21:e9:f0
Signer

22:b4:6d:90:92:ed:cd:ae:18:8c:9d:1b:0e:ed:ba:55:af:12:6b:90
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 330KB - Virtual size: 329KB

.data
Size: 53KB - Virtual size: 624KB

_RDATA
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 66KB - Virtual size: 65KB