d3vffkd[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d3vffkd.rar
Size

5.4MB
MD5

2cb35d500a0188cb68d04181ab6b6909
SHA1

a98b0a8596def2c2da93a69f4ae6e633bac23583
SHA256

3dc37c0ebd921e5642aee4e00fa14bfc7f987c5fe45d1eb2540dad4f714b42d6
SHA512

ef8a74c415636f43234ad4f11f920c2553346dd8e9c699d5b55b2933fcf6b4bca5862be693237a558036a5bce983ff29d02330cac7416d3211e81b60b2321406
SSDEEP

98304:kXNHavq+2A4/7uvQkZOgrvQE6ZMLtm4o/OHqjt0MJT1a2NQXlcojAYKfFuSB:y6e/78PvQE60m4o/OHqjt3VQ1/jq3B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d3vffkd/CKeyboardH.dll

Files

d3vffkd.rar
.rar
d3vffkd/CKeyboardH.dll
.dll windows:5 windows x86 arch:x86

3f5b59f0dbfb90d3f5aced0534c65d91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
UnmapViewOfFile
UnlockFileEx
UnlockFile
TryEnterCriticalSection
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
SetDllDirectoryW
SearchPathW
ResumeThread
ResetEvent
ReadFile
RaiseException
QueryPerformanceCounter
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LockFileEx
LockFile
LocalFree
LoadResource
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapCompact
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExA
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathA
GetTempPathW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetSystemTimes
GetStdHandle
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameA
GetFullPathNameW
GetFileSize
GetFileAttributesExW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDllDirectoryW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetBinaryTypeW
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageA
FormatMessageW
FlushFileBuffers
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventW
CompareStringA
CompareStringW
CloseHandle
AreFileApisANSI
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shell32

Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

msvcrt

localtime
qsort
strlen
strncmp
memset
memmove
memcpy
memcmp

Exports

Exports

A69YsveDXuP2J4NLM7Z
A7hstdsq23EUIuHxei1BDUD1QVst0n
A95dOOqk8qzAGerJ18YsO9KO0wVTiL
ABVDgPgDogsOnPc4YZyyg8oUMO47
AHgTpYNTmEyMQ916JPaXd
AOUrpkSOEqPxeXRNua2EG81
AOg9oLQTXKuUhGWDexbaf9
ASJWThqaDPSDTTN69K
AUlqy6e4R35kcUdcUPPtf0hQ
AVSrsBs0CM3O4QDDH
AWZCV9J52IFKJefb
AXGoIFKpeKFfPTzZOifj
AZh4HNdgt84xrjp52e8
AfRLhwO8njEx6VEOkFQ
AfRvSM6R3fapGXezDEKV
AgSAAcOW5xK49QSUzjwU6hmMGfUL
AsZ27crKU5Wp7UK248Q0X
AsfLlMbfMqoYg6paN4AM
Aw39Eog3bY3xetm1txowqQJFqrzoTXT
AwEN2iPnMZXrg2V3kWAItkQH
AyKvH5Mifou1ffTKuC01v
AzHghfnLWlmoZzfcgUtAifqIuGG
B214gNTpflQexgRBImBGKZ
B6P7BAiYX3P47ZDzC
B78w9jZNDkDiXtFpAKsh
BANTp5CXNaGLrTATrfOOc
BQW5g7nKqjxhstEEwLnoXoxJ0K
BR0YpUeB1HMGVOCSbr
BaG1TQB7pUo3SHPly
Biff6g2p3W80V7FTmaAGsA1tZGlTP7T
BjCaScc0nQrsVvAlp5xQzYMVUuBbLe6
Bk9AEWJPOp85T4ewy
BpMDQRyTLm2CXysix7QQ
BpWcQbpZDHRDDzLmxJXZAGBgAkTxBU
Bq4mNBbKOgFWdploqXP7I6Dr3p
Brf92K0KIjxWSpywDlY7CbJUwWZt
Bus1DFebqHIENrRl6uCNV3Yy0
Buw9EYvpaODP8XnMX7csdZ51KZDO
C0Jo3mawp8jd96eYgGcUycl
C3k1K8yWG89uFKTpriMSlhr1qGScp
CSxfyrHtTXsnvtbSQToe21ZEY3
CUstv4MpqnsKRDAeZ
Cn5oXfQd4vURoRjkWod
Cp4H41i4XCd3vgh6pBXf0
CwqC01TP25Wya0YDLxhzvtEN2
CzYE93XQxyr8WtOnvstROjTo
D3II2YTDSTYiada0TwNmk1djSeeC
D5aMsCboVhWp107sDjsF
D7HXFF7RYtsvvAndK7p
DB6SnQc7aSrhahYMhyg
DCQSrYS2xqWQ0S0SPEq3F8
DJPCmnECJHzFN9ri2XkTXJ
DJktDE09hNYOrxlE
DRQucfGSFowbFz1DGza0B
DTRcPsE5aJ9zxnqyrWGQ0c27Vax
DTslG7uLjLN5lfL4NB3
Da7jBzZ9ivk6J7VH
DgwZipFeJAUmD2tUd
Dvn9N8tJTS2uPNoTj2vwxii
DwvAa55J7cGvUD2A2NYQxE
E2EglqJ1ZNDGdJ8Mgcz0A
E2yTc6OWMdVY74q1OdodjtXc6Ycp
EDxODEgKeiHBWVXDPQFwYl
EF3HBQoKXGH42JjCaQGR
EGDBTiZhGFHYPTGycz
EH0MSBqnc9ZDG3V6ibqE0dIn
EKrmAQ99avZHMlwDVjgBYA41jF5AAFj
ENMCidBDXTFf76DwbXQuSr8hU
ERBDW5hGJRbFEHhzQEToCXoPH
EZdii7fTRhZSxGOv4ULer9tmDB
EaMRjzjCoMnvd7maMHvtpRfkJulQ5ER
Eer6kFtMbbsuKbDJO5FO1ibJsPr
EgPZ7KIDnpQyJnrK5
Eo7sXblUz3QW0HH35hFH
Ep39sVsRaopHYQpc7FSG6hZDqwZ
F4HWMr20QM14gKHfoYdRtYk5B
F8QDU8FVzcGyoSLUxg5xHW03vZ
F9JWhPKhKGnapDxFPJW8phJ
FA2W4BTew0cA7kVXN
FFyzXg4zgVzKThEfHUW6C
FUeOFA0sbssRA6TwlU
FXCWtBskAlpe9LXjNMT7uN1
Fk2dvEmaDwaDHok4Cl
Fk3DEwW9HlGUhmp2
G3jEx0ceu3qCMUPwWLxdPxt
G4hWPWp56cvnNVHFTegDdSViU
GAKHourKEEtwVqkjEtvN
GODypbdTkvL1l41ANn0cK
GQ8UtE2ahRRNyCRmqBCN9Z
GReL3TMQus8cyR0G
Gg3qBLflOr4RdSAH
GkodGWvSUDURnEEmUxEesWDAYs
GmFBFxr1YYWZsPeIj2
GqaRH395TIDXurbxldj1y
GtEzgykn3l0nYttFs1LCfp01aXLEppS
GtFLWO1NFrJLYwPhq62Z17gxwE59
GzFFklNHLbLDV8kGb6cf6
GzH64JJn2EdqEZyzbK
HBDrNoeqmv3XfV9ZIwQSPQwo
HFx2IODqP2Zljo8T
HKuCClWFMCBVbtfX2Toj3uu
HMqGklI3nOA8E0iGABhM8tb
HUE6Q8cMhrKtnKQUjuTpPq
HVT2Y3LsGoPGz7Y4w
HX6U9NtzJyVIyZTe9DXzBy9Vk67B
HYFAIS2dkW7oE0Tmp
Ha2TlPXoO6vbORThZ8soBVh0bOPIRK
HbASmBsIEWAcZL28OhyjeV
Hg0I3JOiJhbJjRjGSsYkCCHgDp5IFMm
HjNanfy3sKU8UujT9PqF
HlkEBGySpIfVLUbsKGIYVmZE2fN5hRK
HnYZchWFT4MbeIvBlWIkDvlYSvg
Hook
HpFcII19ZYpyCMCbDwPZbs8
I1it8Lc4XNqKibO5eA9qfZNaQ00mXcU
I2dGVHaPfxGGkf1UF3
I5QyYQ0jDVe6PX19
IBAgdl5F4T0ANigrU
IDNEyV9fP5wWyJZ51
IFxq7fel8p37lTwCJvEPI
IH94OViZdVBeSA0nYp3ypxhgv2mK
IIy2DkAmIltqhfR8t
IMPVhuv6C83FMf8ZyQOsPQdr8MwMe
IOm1b1hQrRiVuOFB
IRRONzC29Kv39TQovEQsMf81
IYpRnQkZwMDfjytplS
IimwcAJQtPCtfXIxaOLEy5
Iinkk00b3YStON9qgnXis5NW3w3ab
IjWuzxQeAUDo2aRIC5bquB3ch6YyDBP
Ik077U4YhF03LcHmnlpfBHGr
Is5OH7odMwq1hw7JbkZp
IzpXg8g4hW7XIP7P2WIvj0yGki
J0iox9w0pBDBNZb1D3rgZ3cL32T8pyh
J5CkQPgcc3BcU2xLMdF7xGC
J5sK0n6dskDnKgCZ9I3zP7zrih
J8D45L7s8uEEJSVsfQjmYbxisO
JB6gkLQdR8gAGQfhCWqc
JOQfbJnfd5896CApmOeJnin
JS5vMkQGMwSChywFxhhD
JTovq8eiZUxbSMoHqyEE52ayg
JUiamCuzVQ8wzIdkKvrAGejT6
JbqA3lyAPu8OGKH9n0F1HVX1852Zx
JgQ5kGp23hdnP2t1RGvsK3Rp0
JkE0IRKi6GcZ4Zeko6lntPYyJ
JoqP3Os3ioemF7DKb3
JsvBbYpU9g4oftLVceLoMT
Jt2QHpUTeZgYAe7juHwMSL
Jt4Y4uaiC5F6ybpoUyI
Jw4C1jZZ8yNfsWJZeHifO3
K0MQCSXUpF5GpUDJkgiGr8TOvaUf
K7w50SvzO1g1epcfEWnM1j
K8Dqb2etFBrVtXyLh8ljSFDdH
KJnJiFDTQwJRaAbskB
KNvN6cg2i4K9PtvilpI
KSqWbIc2dqc9yXjUPr2wmfF50AUMmI2
KW6TrXSGv68OMVu9N
KYehBIhmUjwS9ckohMK5kNWcr
KYtauX0CgetO6Vm9A52VoQi
KgIYHNLFWpws1usiNldf4Iri
KhwrCGprGbLWjm00
KrKV5Eqe1hwSVSXmuXVBTRG
KyfFqP1qm3iBvKYYdIlkUG3T6TFR
KzKRHoHOF9aiKLv3AXm9V6VqlA65
KzocJkn4qSuTE22qUdjaHuYTT
L1oATEwh1GlBf9K7A8gt
L334CyfqNvJdxVnhB9USFsNl1ZeEM
L4I0laM79y4avMHuwtAQVRWVMu
L7QUWQZko0ONVgsRSbJZ5
L7Vg86hsZArT3jaI
L9ZWHhozF4yooRmW
LBAwLEHDU8q7QahL
LBLUE3MmqbIAJtbBA6
LClFA0HLo2l6GbTbOoL
LDJL1mG95nBibUD6NHx
LGJCbl1rHRnBaylMr2N2Z6iRn
LNLAtSZj6t0a17nliHZcTABK
LQCDFiAehyYuVbGZfpmq
LXUjcRZ9zJb2r26AAfkF8Epntz
LYikNjYVdUCHlxK9B3N2WsgYK1lr6q
LabtPT8Rqcqee3nLQjf80VPVVMIG
LbTvUIvBwe67sVxc
LfER46uEx8vt2uni4yhJk1r61xQ1Lc
LjpuPQLCvPIfwJ6U
M0AnasNivdhXtQTVwPVg5j4ADnBV
M2OIz9jyet6DOR0aBvZw8LQiz2vB
M7CHp7DOQfZTMFAGJ7EqjThdqREoTO
M7VWcHJF2JAjifl6fi56OL4Wkm2OKf
MBmUPKEM7ftiTwvWlxVA2iManEqoc
MFFNMISMxh2ttdrqFNe9AdFhZAY4sF
MTAJdoviKcYkjRyggSU
MYefnLvl4eptRwG2teCxOAmnXKum7
MZbHsYBBEW04NtgvH2CiMi0D
MZrfmrIHLexImxPfA2sAQxslKRyDfs
MafzCZCx2ScXXX7UecHdwsxGY
Mbkg7PDMd5g4nks3o4jriSPqV
MfeFvWYyXuvV5C1GbRyID9tc4Di9VyE
MgmKJB0JiXC9Accmnan
MjCVbKh9BNiEbEUCLqX20fiB6D
MjRh5AVuzQPhPhnPEiPUMOEHZG
MkY66nM7COj4soL2uFtQHO
MnSBdmBezGWLRPmiOmYr8n1
MrZKB5wyT2CAhgsgypltYlz8Wj726
Mse448e62qAucVa5kTDqg5xKamkxD
MyK8dJ7LeEaqZOaTm8WwIF0XnOO
N3DHTnZi8GtUxU2ayia5NfK65yGfOzz
N4wL1Iy1ITkgGawhp3oWRrwBvZodUuW
N5xk8lZDGpWq1fFdcmi8cje4eeHeu
NAwhfRT8v2RhwhXvcq04yHB7fLxLBo
NISJWQq6p55TPlfT6X3wbEMjf3vN
NPjP8HFqJyINgZbUKXRbN
NRe3tNgiECHRFmPSSsT3CLtAM
NSR1v6vhtyJaJcYvSh1ZDFWEqP
NT0DyopafNf1Khb5
NVC9YuWxmtLK5e9sPGrU5vql93LoUq2
NaygJtMXa7B590fE5FEl
NczchkXkM6SuHpxjWW0YBFf
NdNWBXRI27yP1FIf
NhIG0w6r1iwfzsBPPeumpAsMPb
NibYdTZbDVJwMGD72HjcfWDXF
Nkwe4UWMu60JfXhI78dZgvcV6
Nl7pwvVw4mxXb53Bfv6
NmDSRaUE7RhV1Mkn
NorIBvCoxCxBRRX5i3bcGBJ11wX6Txh
NqawwEuHXOqiCsosWhZ
Nurn3oodf2gzc3ayy0AyuqsG4rE7E1S
NzOx7ji6ZjuAE315cUt
O14Q9zryQUlKihpB
O6o2WNwNKx6zUAQw5tZIw3Sl3C1yc
O81FgcsxsAj1nWmq3D6RzTd0G
OE71XL4fjPvfvTxCr9MRoiTLtTXdkEP
OL4qCaB9lsZBS9EaDTy
OPWjvKFAPJNjw8WQpN3kH5gxRlehVo
OXtpWugwLlS0M23d
OavrjLvlf4R2ASjqr
ObfvPRQZQ4y3vQxidnWon5iztMdo
OhEfug94yOZLPFnY9ORqaqugX
OivxHHXjZbovxisXWbw
OmVKkAnAlZBBIh4ZqirBL7MuQNm
OqxZPCbsZcksdpy5laK0gdJP7ECM4m
OsE7yBnYkADDEg7rnW
OtuPnT9xYT8OXDXSiLJ1atZbeNwAJQC
Ovzya9Cr0HdcgFZ4gEgrjUsTM
OxNvTKAd0IIQCnci
PKN0ZpoyImyVwnQ9SvoEgwS
PV8bmglHG0tp05LCKli7Knn
PYENcivmzkLPPjnE
Pa9dn8DQuGUFmFOrgTeV6AQeT7SLS
PewZKIlpIUIgNGXWP9FERvrjhg4aAi
PhSTHmzkm4VWzrPHCD1PxxphT18Z
Pr7zrl3paBpNb9PEF6IZp2L2bAC
Q6GPyl2HzCffPJcLBS4kOCme
Q8uxNfezZfSv3LudIq
QBHIXxspJYuXGUCJ9CCrpoawT
QF6Myobyq6wK8JNoOK
QN1sX5OMdmQNkIrL4YfKfzIkZyVAl
QP49X9cR3brQ0yfqGaLUeg
QTsodnxOFGZHaywC2xEdl
QV5hV9MONR8NopMr
QYOASF5BO1re0GCgeHEYnJM
QZlSlRI2anTMgDR1HuBD9IDk1Gzauv
QiSn158CMAHvNfIc
QksgsDFaoMvZOIFRyYSTfDBZt7d
QmgcHHiPGK7qjL1m58BnfEspxkVq7D
QqNaTa23CqgUqFa8NOyVcmBqbBQ3c3C
Qs5s4Pbh0dHhKQJcc5X0KUa9pXeyPL
Qt2PSeszEzQU3fgX1044T
QtI1qz7ABomJOsZGp0KJpTtlWSJ01
R0DauYFFDzXv1vd4k4qgnckthSj
R3Rcz97yGWvf9FXgU
R3fksc4p4W4E9KUcgTroIk39V0
R3qbq7TGJmRvGxIFD8kzEN
R8NeekMNS3JIRJ02PmG1gIXl
RABuBF9NVHaOU9dorn0pyc
RFG7a8Yfh6IGsfkpU6
RIOjuqhXi3qxKDQwj0w1
RJgMWP7irTYRb9wAPV
RPKuULmsMKQAEQbAnlvpGY
RSwku4dIvGdP8OQ8
RWjcN80qMo52BgXj6SwCDq
RbaR90nU2xXy9dXk
RdOjbwIegXLkJ4WfoltjsS7KWABK3
Rfu8UGAGuiDER7RJAcbkwv63cgx4L6
RrJnYwml09lKUy2punaE8K
RwlRbfw08rmezYX7bvGW
RxebUIT5kOdWYA0wbLR2rl
S1Ms8LdDVxOHQD1V6GCGbBo8
S4y2qy1CUufUPgliW
SB31ZaAq8yd1L1heB
SD2hGg1LsTHGSasHALggaKvoBSt2k
SHvp6RocOYY1JShuQ
SNnH16MnfcW7DapEYsj9Os28xO
SQ5hTvazhLR9iGF3OEtnk8Jzx
SdNqzL1VCfaWobWS
SiEGaBGULgjUNfIZzQYPnXa
SjbhgRcJRdiPn2dwYacAcjefueyk
SldbygfJGAWjWWEkiH7
SnEhjcwp8DIEVvcsxO
Su1K6D4LoiSbDcsOXoYwyv1iQU
T5a9G0KN82YuGrLxBkR2wR0yVn2whl
TBQVhBgDT6nZnb7R
TBT86jC06t4rL2R0VKyel0Tuc
TMethodImplementationIntercept
TWzjIr8LdNrIS3HxL0P
ThwYxnH2nMFsj3HgVpLZ
Tj764JBUwNpbOvWPBaFyMMpNGUgMTj
ToWtmUODMSYJ94ny
Tp1gm3pulxME60MouuCK
Tp53qhGT8e1Q2lWljUwulXw
TsspwtURtLclG4DK
TwSX0FCM6rv479fqFfMIzVhR6ztgRe
Tz8aawFrZVkUkaFzj
Tz8pkAqaqv8SrIld5SnC1yrXTIr
U45t4t7dpWc118R6R
U5tMpyDXDPyrk5uKK1UIP9Pa
U60dA83yTfPVs64cL
U73QTMnEaRjpdqpyhBy
UB7rusikSs9qgC8sl99KJ7ZJ70aRo
UCYVHzi34OPskfwiFeFqGu
UEKMCXyWaLshhLLD4uh
UEdzKfQdpAkPiiYAWWtYvUIMV9pBX
UPKfwfRmg2oyXPu7
UPa22wjecjs0AnMG4i938k8bS7dBY
UPxyOcaLh9Z0ajhq7BVwpgZvmLp
UZ7TB9rbyDelK4d7GooCESSliFAQGS
UZlQaDxonimIX0CGQgUWam7vzAK8y8
UfXj5tqNIJURO1GhiVg0bazkj
UkJqbIOGNTg5dPBfrUxPw3eeKECnTt
UmhSJzDDa52Yrigz
UnHook
UokF2OLw4gcziyCDisXJjkonvsCh7q8
UpwTxt8BRVmiDyEyVBQG
V4RwD85fnvot27XKk3HP3iRHjub6ck
V5pSEqwT419z3iyhCTFKvnhkWFa1
V7UOmlifR57s8M8gYIfz3htbEW
V9Umjl6SZeuuWkNqnx
VMDH71NG96sD6X02
VT4sirc2fWZZoSW7jT5mR5zksdcKW
VZqILhU6Kwq1mdJVDsMf4s0HrkcS
VadTgkNerj3cIgx0pOH
VbB4H7TUzV3yRvcR
Vgi41fBkB7ZX4ZJ9iKjTS7MI
Vh4tvaClqsenrExSdhegDmJ4ePy
VhlotyHU8cJ4Ocm2u6KVAdYc
Vi9OOStjoxWEkiFv7fw
VjPdD7zgl42ptFuK9b9Ax
VkrPQ9D9A4AifW9Hp9zDDgm
VmOSot4ezYk6D7Vj0BZf5TZnZhr
Vo5FFepbr8L2G8Xoob
W0ZxUkwdOo0ex2NUJut89Gupz7XSQhm
W27GL0xr3CryaADJ4QRM
W4vWvLrmKORNXra88mZQNt5uU5TDt
W80fktNRBVofBVxw
W8wDsOXNDST87O1j
W9NIDr51DihpbS88xFriWtvySQE
WDSqigr80zNqq8Qx
WFxkBjWugAis6vjaG2PjF8lJGbQt
WLii2B0PnP7Trpwp
WTWhnURkRtvonTOA6RP
WXXutaxlbqlXkft6f2ZYgFCBygstrcQ
WYo45rntSimFB3S6via6BqhX
WbDpGWuXxCXAra2b
WcPsPTWBQdRMUmdxqXlYZnr9
Wr0TeHWPPT213k36RsApCoOBxqyf9
WrO1WtKM5yackqU5d2z9WXEmV7lM5IY
Wy3oelFMoEsA04ICLQXCjIhKGNSfod
Wz2l472Zl9M8juYPaEydaQK
X9htH8PDDYGEjza3nXd3B73S7nk
XEMkg5HkYWICZA4mSmgCc7bbza6PBYN
XM2gpFVgNYJbVXcQyC
XRhrL8k1JyJjCtHzdLqBcfFgAe0LKqX
XaLiQhpDWnvfPeq8r2FuhQxw9U
Xyn9sUEARKQmxAwhjj9p2HE56h
Y5tmYEKSumlo47d3k
Y8YdA9zevmAOxXkLPmn1eavMLPotBzy
YFRaagrtgK9Q8HBOVFgwfYup6
YXbCuenjr8TPnGakzFYZ4eZrTQJo
YcMllFlWcpmfGwonxoCFogthmfrG
YccwgnUJHJK3vz4g1TYb249WjByxpT
Ym5kr84DD5V7ItLaGtFgFZn4A
YoZVSVVXPHm7LNEP4BHXVdqBBfaG
Yryqp0uLKlZNTFAbm3qgg6Qh
YwjlqNNsutA4hxKVMrJ6VOYeECLL
YynYgNa6zIPK14BTi600JVd
Z0YFzE0ZKZYTh33VcJk10PPu
Z3B78j6cXA4FDebe8qWE
Z7RewQTOFmpZXJSVi
ZEHPm1pssUZjlkPEHsKKyzKOatroJXi
ZESV5QJYMpXWU2MS
ZFMwLUf4m2ve2aPN3Qt
ZGtRSqwYmrzODQkHZua
ZUO0pVDRL8Z1bWA73
ZWVHHI8NCBfUCPe90z56l
ZWt2z1txy0nmCOs4
ZvkZmFtHETKGBTSzbfykDeI2xz1ec
ZxMq3jDXaLpM3BHmjSKFNc9TgvgCK
ZxgfbJ0iSvlUadHDY34d7C22w6NAZJ
Zz8G0wvfjYKWaFMi1F0L93Lo
ZzPAaZZD9wHocdSzQAuW
aDpkYXVQ1VKLcmYTrA24b6fW
aL7X4gE6t6TIh0FWhQ1yIMgm
aMvqdWBeBVv1n4xjRGY1NcBAmPLNMai
aO5KhxGR7NIEtVWYtV3SHc3h3erPPig
aSHeE4LcLSmZ1qIUaF40zdx
aSrhUh7XEgkoJUGc8Ck4Wfz7tObGkcU
aTbfrVEmVklifWPykt0gSmsA
aXRjrf09qB9vmIFqSOGbZ7wxammbxJ
adthC0L6LtG4tbHpyjVxC6AS0cL1W
ahsUOaQhM4RQJ2DFc
akCrzYe0ejMIDiEUNzoCgUnUfyKd
akjRaB5koXJlpjHT3fobLyh
anB5OD4uPB36aU4gDx5t6UzsYLuUpL
awGkvX9YOXLh6GVzoD3Wt
axM9pYvGzizF6WirYz0r6g
azU3uM9lT3fx5CEbgkYxTEwIKbzC5Z0
b4qofYwq4sjVJz8VXh7Otklx
bDomJW0Bn4stMfrodq
bEBz6CSKt7SKBa6zo5PQP0dyEOU
bFwzFWoWVMyxelx95UFLtCQe
bJF7b96pTNlCK7WUS8b0nRT2f
bJl0cHNo5Eexzs5aMY3Y0o
bVLJB8yUtr0fgtL91ujxnu7j2
bZktbyXeSvXv0q5g78eBd
baVkWXn7yt0kxWVCvN
bav7xAId1qMEGvS5Q4lp29VpyFrt
bmAyFXMDgmYd74xE7MOiqRppG6TWG3q
bx3PEftBRBdJJXNbOuP0
c4tNRhFXx6IZ5mlcaZrRPH3V5
cHLUc49zz3W1ZJcvjelH8Iiz7FSeCn
cItEsNfIEH0bO66wZGJFilAAx
cJgyQ4mB3Md8Vn5Pe5HzQ6vL
cL97qqXnmJ2MUntelHm1otyKx
cOxiXpSdbwcmpt3knFvINhw91Ds
cQTVe0ypaF6XFgwLjP6TAEJOXb
cTiAuvBM4xPvzjX16eY
cWlzrXWn5q9fiB6hkTXI1exqlU
cZNmCBCMh5064RsbJUxxeBnW
cabMUPJQ3uonoP6CWEIa7cI
ch9HsJJ7QsGlR1kmFwc7rrrRXG9Mri
cqCo5FFH4odQtuocm8SAbCNgTcX
ctpVGEzxXSosIMCwq3C
cuvWnH3Dmv2fgPRVkFX1g0bgb
cyssLaSj2fD8xR5ET7G
d58ECSVK8oNBuHTaOnArKoq9
d9B9xeuNhzo8IKQxwq8SASZln348f
dHP4UpWAS4lvoxanjG2wNhqCwq
dK7OlYGG0FB2vQfLiv
dLTzF1vD1GCrD0WAHJ0XCLZpA299ROF
dMcBlqL4Mh1pPZqef2uRBWyp
dbGaoQ9DtNuiPB6oktn7mLSoVmKh
deAQcd3gT1jbUsmHeQAutr0nBq5vf80
dfBOJ49nrWsV3IR2M33on8L01
dhtCJ8xzX0oqKE9VerOatbyXAkjjnB
dpEK0KWzPwNb8UOPcGdvj0a7zV5u
dtVZhaZZYH36lMNpqcHTTXFWAfP5eB
duZYjqu9jADTjM0pMVjBXR2j
e0cvFczmNRKBgjpCTte4wJefGYm
e75gRlVqBWsrCx4OEKdGDkoEIB
e7hHuWs6B62tTDOoR4h
eEWT2YeCnqjTQSfy9eMWD0OItwX
eHo5DOUithVX8PxR9K8
eIiYtepbVDQbaOeMvbzb20u
eJisdxy45JC0yCXgHRlMWuM74h
eMgGGNUhw2vbrToXcYPq2BqoGCosX
eND7QcpX9TdrriN0mEzynsn
eQoxjjaR7bAIHotENYZRLL
eR1XTeeGfWdZmrSS7v9lSqx
eRIFfqIxCgekGQ5QtRlZ9h3u7SZGG
eT3FoAf9ovAMjbwaBpaUetqagY
eZh7t1h8tF1FC3mPa1gLv7Se
eeztPyNxd9XnQbRkwIxMgIyvvR3X
efYlu3xHdyFVpQyTtE6Jbc
egG76VlRoWAQVEohDxyADbVWuIsmt9
ezY14x30UN0LLax6
f0LVAqfHQXOpvy3f3o2lXnumwENjDL9
f0xnt2YBoypKMf6EqQvolWt
f5VBYr07BC73qSQcOx8TDzP
f79uA2kBr8oR9MTwe
f8CCTftAuT7aqcch
f9Q93HZRfWrXnT6us8xgUd97mIBgV
fFgYXpB2ZHgwzjaFHYhdI5UH2k
fPIZq9MxrOKfhza3yOT9T7
fSvE4c40Kpcox4ezLpoQUfBpVXkU2a9
fZATS1tW9IGka4IZcKiO68cDdbKf2
fcLG45eGhbBEZL6l76n
fhHuBEyohfAzrTX0fjN9gQmb5SF
fhM4vJVh4RPhDncl6
fk01aoP6Ozq5hmVSknBr7MTm3P
fnhWFT6RoAJzDgivhNgRK3FVjG
frhQ7WCln3N4yC1fz
fvVEzEghsuT7IdO3igJAEaetMtjXOq
g0Z1QVBkfwFCmmoxlDbpcZUA
g69uoQ8jhFtVUu4a86AZbOiBDlK97l1
g7mfArkRCn7YzSomD7
gAlzHV9TulqlZxiw2XbiWFtU
gBWQqr1l5qzeEnDIO1RMH13qSF
gPLkcR9vN4nPBYFyBHq
gPhWJ9xFVZjM61rqtJxN49se2ZVe7K5
gTz4Pvcuek9dHF6Ewu3rAAZi2VCk
gVlAw75xbBhsewzTbucNY
gZ3yKxhvlUPxX0dShvlnkOq2i4g7O

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d3vffkd/transferc.exe
.exe windows:4 windows x86 arch:x86

e63ccae6fa78202321de4a498df88f74

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:5d:9a:45:65:77:9d:b7:d4:7f:4f:ac:b8:60:f7:58
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

10/11/2015, 00:00

Not After

29/07/2016, 23:59

Subject

CN=Comfort Software Group,O=Comfort Software Group,L=Syktyvkar,ST=Komi,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:db:8b:ec:48:b9:cc:0f:21:b3:5a:0c:43:78:89:73:74:f7:1e:19
Signer

Actual PE Digest

05:db:8b:ec:48:b9:cc:0f:21:b3:5a:0c:43:78:89:73:74:f7:1e:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
MessageBoxA
CreateWindowExA
UnhookWindowsHookEx
TranslateMessage
SetWindowsHookExA
SendInput
RegisterClassA
PostQuitMessage
PostMessageA
MessageBoxA
GetMessageA
FindWindowA
DispatchMessageA
DefWindowProcA
CallNextHookEx

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
GetStartupInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
Sleep
SetThreadPriority
SetPriorityClass
OpenProcess
LoadLibraryA
GetTickCount
GetProcAddress
GetLastError
GetCurrentThread
GetCurrentProcessId
FreeLibrary
CloseHandle

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d3vffkd/transferc.sa3g
d3vffkd/transferc.txt

Sharing

General

Malware Config

Signatures

Files

3f5b59f0dbfb90d3f5aced0534c65d91

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

ole32

comctl32

shell32

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.itext Size: 8KB - Virtual size: 7KB

.data Size: 80KB - Virtual size: 79KB

.bss Size: - Virtual size: 23KB

.idata Size: 15KB - Virtual size: 15KB

.didata Size: 2KB - Virtual size: 2KB

.edata Size: 27KB - Virtual size: 26KB

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 301KB - Virtual size: 300KB

.rsrc Size: 58KB - Virtual size: 58KB

e63ccae6fa78202321de4a498df88f74

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5e:5d:9a:45:65:77:9d:b7:d4:7f:4f:ac:b8:60:f7:58Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

05:db:8b:ec:48:b9:cc:0f:21:b3:5a:0c:43:78:89:73:74:f7:1e:19Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

Sections

.text Size: 16KB - Virtual size: 16KB

.itext Size: 1024B - Virtual size: 908B

.data Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 10KB

.idata Size: 2KB - Virtual size: 1KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.itext
Size: 8KB - Virtual size: 7KB

.data
Size: 80KB - Virtual size: 79KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 15KB - Virtual size: 15KB

.didata
Size: 2KB - Virtual size: 2KB

.edata
Size: 27KB - Virtual size: 26KB

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 301KB - Virtual size: 300KB

.rsrc
Size: 58KB - Virtual size: 58KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5e:5d:9a:45:65:77:9d:b7:d4:7f:4f:ac:b8:60:f7:58
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

05:db:8b:ec:48:b9:cc:0f:21:b3:5a:0c:43:78:89:73:74:f7:1e:19
Signer

.text
Size: 16KB - Virtual size: 16KB

.itext
Size: 1024B - Virtual size: 908B

.data
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 10KB

.idata
Size: 2KB - Virtual size: 1KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB