Client[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Client.zip
Size

390KB
MD5

d7089b1c48cdfc1ef9228527568e5c6a
SHA1

d24fa95db75807adcaf6237626ec49848aee6fa7
SHA256

a4e9ca42f6f38dd31a3ab347fa02bdff896db76505baf1f876d1f0ae2c3003d5
SHA512

4713b91d7e0e56ce5703b45364aeb289d63bcc3a30ce5603fa003e2f10793ae044563892de92322bf4494f2341c1a82214b72105f382655dc1b73e86347a1d00
SSDEEP

6144:suk513on0sfswOCJmccejL4SAyuHDO0Whg99g0USjv8Rn03ukZPsWY1O3UsKn:st5yBOCzcewSA3/ygw6S0+kOWx32n

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Client/SEWanClt.exe
unpack001/Client/SoftBase.dll

Files

Client.zip
.zip
Client/AliWifiProc.exe
.exe windows:4 windows x86 arch:x86

c135c53da6ba7d5a1be1d0e5a99d67ed

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

17:26:fc:a1:3e:1c:db:47:6c:9c:1b:dd:08:bd:02:58
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/05/2012, 00:00

Not After

03/07/2015, 23:59

Subject

CN=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mydrivers Information Technology Co.\, Ltd (ZhengZhou),L=Zhengzhou,ST=Henan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f3:99:18:62:62:8d:d7:78:16:4c:bb:0d:b2:94:ca:f3:d7:39:1c:79
Signer

Actual PE Digest

f3:99:18:62:62:8d:d7:78:16:4c:bb:0d:b2:94:ca:f3:d7:39:1c:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\DriverGenius Dev\DriverGenius\trunk\product\win32\dbginfo\SoftMgrSvr.pdb

Imports

kernel32

CloseHandle
CreateMutexW
DeleteCriticalSection
LeaveCriticalSection
GetLocalTime
EnterCriticalSection
DeleteFileW
GetLastError
Sleep
GetModuleFileNameW
InitializeCriticalSection
CreateFileA
GetProcAddress
GetModuleHandleA
ExitProcess
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
WideCharToMultiByte
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileW
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
ReadFile

advapi32

OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
StartServiceW
ChangeServiceConfigW
ControlService
DeleteService
OpenServiceW
CloseServiceHandle
CreateServiceW

softbase

ord1
ord2

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Client/AliWifiProc.log
Client/RC.bat
Client/SEWanClt.exe
.exe windows:5 windows x86 arch:x86

cb56e52a222492f806523f65d3289761

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Documents\Visual Studio 2013\Projects\dbfenloader\Release\dbfenloader.pdb

Imports

kernel32

GetModuleFileNameA
GetLastError
SetCurrentDirectoryA
Sleep
SetEnvironmentVariableA
WriteConsoleW
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetCPInfo
GetCommandLineA
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCurrentThreadId
HeapSize
CloseHandle
GetProcessHeap
IsValidCodePage
GetACP
GetOEMCP
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
LoadLibraryExW
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetFileAttributesExW
SetStdHandle
OutputDebugStringW
CreateFileW
ReadFile
ReadConsoleW
SetEndOfFile

advapi32

ChangeServiceConfig2A
ControlService
OpenSCManagerA
QueryServiceStatus
ChangeServiceConfigA
OpenServiceA
CloseServiceHandle
DeleteService
CreateServiceA
StartServiceA

shell32

ShellExecuteA

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/SoftBase.dll
.dll windows:4 windows x86 arch:x86

a40b7059395aca4273809cbf370adaa7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
RaiseException
GetCommandLineA
ExitProcess
TerminateProcess
HeapAlloc
HeapReAlloc
HeapSize
GetACP
SetUnhandledExceptionFilter
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
WriteFile
GetCurrentProcess
GetOEMCP
GetCPInfo
GetProcessVersion
GetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
lstrlenA
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
MulDiv
SetLastError
InterlockedDecrement
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetProcAddress
lstrcpyA
GetModuleHandleA
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
VirtualFree
GetProcessHeap
HeapFree
VirtualAlloc
Sleep
LoadLibraryA
SetHandleCount

user32

CopyRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
SetWindowTextA
ShowWindow
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
LoadStringA
DestroyMenu
GetTopWindow
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
LoadIconA
GetCapture
PostQuitMessage
PostMessageA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
GetWindow

gdi32

GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SelectObject
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

ShellExecuteA

comctl32

ord17

Exports

Exports

DeadQueue
GetDorPic

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/Update.txt
Client/dbfenautoupdate.exe
.exe windows:5 windows x86 arch:x86

7a3348bf6ede6fb09f3b2115d541c99b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:ed
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2014, 00:00

Not After

21/06/2016, 23:59

Subject

CN=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,OU=RDC,O=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fe:2f:d0:0c:37:ad:c7:c2:71:81:9c:f6:41:bf:82:d8:a1:70:c6:dd
Signer

Actual PE Digest

fe:2f:d0:0c:37:ad:c7:c2:71:81:9c:f6:41:bf:82:d8:a1:70:c6:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Upload\projects\aliwifiproc\Bin\IHV\AliWifiService.pdb

Imports

dbghelp

MiniDumpWriteDump

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

TerminateProcess
GetProcessId
LocalFree
LocalAlloc
lstrlenW
OutputDebugStringW
GetProcAddress
GetModuleHandleW
GetFileAttributesW
WTSGetActiveConsoleSessionId
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
SetUnhandledExceptionFilter
CreateEventW
Sleep
SetEvent
ResetEvent
OpenEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ProcessIdToSessionId
OpenProcess
HeapFree
LoadLibraryA
CreateThread
ReadFile
WaitForMultipleObjects
TerminateThread
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
WriteFile
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
SetFilePointer
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
GetModuleFileNameW
InterlockedDecrement
InterlockedCompareExchange
InterlockedIncrement
InterlockedExchange
GetLastError
CreateMutexW
CloseHandle
GetCurrentProcess
WriteConsoleW
SetStdHandle
CreateFileA
HeapAlloc
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA

user32

PostMessageW
SetTimer
KillTimer
DefWindowProcW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
PostQuitMessage

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateProcessAsUserW
DuplicateTokenEx
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
StartServiceW
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx

shlwapi

PathRemoveFileSpecW
PathRemoveExtensionW
PathAppendW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client/yy.mp4

Sharing

General

Malware Config

Signatures

Files

c135c53da6ba7d5a1be1d0e5a99d67ed

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

17:26:fc:a1:3e:1c:db:47:6c:9c:1b:dd:08:bd:02:58Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f3:99:18:62:62:8d:d7:78:16:4c:bb:0d:b2:94:ca:f3:d7:39:1c:79Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

softbase

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 36KB - Virtual size: 33KB

cb56e52a222492f806523f65d3289761

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

Sections

.text Size: 232KB - Virtual size: 232KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 12KB - Virtual size: 11KB

a40b7059395aca4273809cbf370adaa7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 296KB - Virtual size: 302KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 12KB - Virtual size: 11KB

7a3348bf6ede6fb09f3b2115d541c99b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:edCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

17:26:fc:a1:3e:1c:db:47:6c:9c:1b:dd:08:bd:02:58
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f3:99:18:62:62:8d:d7:78:16:4c:bb:0d:b2:94:ca:f3:d7:39:1c:79
Signer

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 36KB - Virtual size: 33KB

.text
Size: 232KB - Virtual size: 232KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 296KB - Virtual size: 302KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:ed
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

fe:2f:d0:0c:37:ad:c7:c2:71:81:9c:f6:41:bf:82:d8:a1:70:c6:dd
Signer

.text
Size: 117KB - Virtual size: 116KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB