f1de2a045162dabb8825f3d4fccbdada9076155a4c806b820fa461fcae81ad93[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

f1de2a045162dabb8825f3d4fccbdada9076155a4c806b820fa461fcae81ad93.zip
Size

28.1MB
MD5

e263fbe66a5134600952115882501c8d
SHA1

e69192618f770f4066fd32e25e991712881d8000
SHA256

f1de2a045162dabb8825f3d4fccbdada9076155a4c806b820fa461fcae81ad93
SHA512

de57ad464346189cb30c7acb81d802e3ce87016dc84174605e32ab244413d844b8403159e7cbcce5fe18cb9048c863731ede47936c619dd96b9b3a8aabc3db64
SSDEEP

196608:HIVsmfAtyuilZE5CQOczWaxtP5NCcTVZ7fgpM:SvfQdiLE5C3czWar5NCcTT7

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gwupdate.exe
unpack001/version.dll

Files

f1de2a045162dabb8825f3d4fccbdada9076155a4c806b820fa461fcae81ad93.zip
.zip
GWSetup.exe
.exe windows:4 windows x86 arch:x86

7df49278540aabc02eb196b8f194dec1

Code Sign

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

03/08/2023, 12:00

Subject

CN=Qi An Xin Technology Group Inc.,O=Qi An Xin Technology Group Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/08/2020, 00:00

Not After

03/08/2023, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Qi An Xin Technology Group Inc.,O=Qi An Xin Technology Group Inc.,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

db:6d:d6:df:c9:8c:9e:36:5f:88:f7:84:ff:ee:7b:67:27:5d:35:44:3c:4a:78:89:73:4e:fa:bf:c4:1e:5e:52
Signer

Actual PE Digest

db:6d:d6:df:c9:8c:9e:36:5f:88:f7:84:ff:ee:7b:67:27:5d:35:44:3c:4a:78:89:73:4e:fa:bf:c4:1e:5e:52

Digest Algorithm

sha256

PE Digest Matches

true

b2:e2:d1:c4:dd:f9:bd:dd:6d:dd:64:ff:3b:07:b3:b0:ea:50:6a:6e
Signer

Actual PE Digest

b2:e2:d1:c4:dd:f9:bd:dd:6d:dd:64:ff:3b:07:b3:b0:ea:50:6a:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetFileTime
GetVersionExA
GetSystemInfo
GetModuleHandleA
OutputDebugStringA
MultiByteToWideChar
ExpandEnvironmentStringsA
GetCurrentProcess
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
FindResourceA
GetLogicalDriveStringsA
OpenProcess
Process32NextW
Process32FirstW
GetStartupInfoA
GetExitCodeProcess
ProcessIdToSessionId
CreateProcessA
GetCurrentThread
Module32Next
Module32First
LocalFree
TerminateProcess
GetModuleHandleW
VirtualQuery
GetEnvironmentVariableA
SetEndOfFile
SetFilePointer
GetLocalTime
LockResource
LoadResource
lstrcmpiW
MoveFileExA
GetSystemTime
CopyFileA
GetProcessHeap
HeapAlloc
HeapFree
GetLastError
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
lstrcpynA
lstrcpyA
lstrcatA
FreeLibrary
GetTempPathA
CreateDirectoryA
LoadLibraryA
GetProcAddress
CloseHandle
Sleep
GetModuleFileNameA
GlobalFree
lstrlenA
DeleteFileA
WriteFile
CreateFileA
GetFileSize
GlobalAlloc
ReadFile
QueryDosDeviceA

user32

ExitWindowsEx
EnumWindows
MessageBoxA
GetWindowThreadProcessId

advapi32

ConvertSidToStringSidA
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
LookupAccountNameA
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
CloseServiceHandle
LookupPrivilegeNameA
OpenThreadToken
GetTokenInformation
EqualSid
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
CreateProcessAsUserA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
FreeSid
AddAccessAllowedAce
RegDeleteValueA
RegSetKeySecurity

shell32

StrStrIA
StrCmpNIA

shlwapi

PathRemoveFileSpecA
StrTrimA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcrt

atoi
strncat
strncpy
_strrev
_access
sprintf
_open
_CxxThrowException
_read
_write
memmove
_close
_lseek
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
_errno
strrchr
_snprintf
__CxxFrameHandler
fclose
fopen
free
malloc
ftell
fseek
_wcsicmp
_vsnprintf
iscntrl
__dllonexit
_onexit
??1type_info@@UAE@XZ
_strnicmp
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strstr
_stricmp
_fileno
remove
_exit

setupapi

SetupIterateCabinetA

msvcp60

??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1Init@ios_base@std@@QAE@XZ

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvCertFromChain

crypt32

CertGetNameStringA

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

iphlpapi

GetTcpTable
SetTcpEntry

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gwupdate.exe
.exe windows:5 windows x64 arch:x64

4dfc70db090389b8669bfe01bc752b7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
GetLastError
MultiByteToWideChar
VirtualProtect
LoadLibraryA
Sleep
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
HeapSize
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

advapi32

SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version.dll
.dll windows:6 windows x86 arch:x86

04b6311b33d4cec5e98712fa2b940b2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetModuleFileNameW
WaitForSingleObject
GetSystemDirectoryW
DisableThreadLibraryCalls
lstrcatW
CloseHandle
LoadLibraryW
CreateThread
GetProcAddress
ExitProcess
FreeLibrary
CreateProcessA
WriteConsoleW
SetEndOfFile
HeapReAlloc
HeapSize
GetStringTypeW
ReadConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
GetModuleHandleExW
HeapFree
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
CreateFileW
SetStdHandle
FlushFileBuffers
ReadFile
DecodePointer

user32

wsprintfW
wsprintfA
MessageBoxW

shlwapi

PathStripPathW

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7df49278540aabc02eb196b8f194dec1

Code Sign

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9aCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

db:6d:d6:df:c9:8c:9e:36:5f:88:f7:84:ff:ee:7b:67:27:5d:35:44:3c:4a:78:89:73:4e:fa:bf:c4:1e:5e:52Signer

b2:e2:d1:c4:dd:f9:bd:dd:6d:dd:64:ff:3b:07:b3:b0:ea:50:6a:6eSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

version

msvcrt

setupapi

msvcp60

wintrust

crypt32

psapi

iphlpapi

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 16KB - Virtual size: 15KB

4dfc70db090389b8669bfe01bc752b7e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 13KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1024B - Virtual size: 630B

04b6311b33d4cec5e98712fa2b940b2c

Headers

DLL Characteristics

File Characteristics

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9a
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

db:6d:d6:df:c9:8c:9e:36:5f:88:f7:84:ff:ee:7b:67:27:5d:35:44:3c:4a:78:89:73:4e:fa:bf:c4:1e:5e:52
Signer

b2:e2:d1:c4:dd:f9:bd:dd:6d:dd:64:ff:3b:07:b3:b0:ea:50:6a:6e
Signer

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 13KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 630B

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 10.0MB - Virtual size: 10.0MB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 4KB - Virtual size: 3KB