appreascv[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

appreascv.rar
Size

5.1MB
MD5

80a7fa97e64d281f7d5eae5ecf0518e9
SHA1

df2eeec58ff7873392d423f7c1044624c7e43772
SHA256

aeb66a2d8b294400151abf94e882f4e9316ee4eee1a0e99d38676a852c4ccc5d
SHA512

856271e7722eaa9b063369d3326ea7efd44b9184c47f21fc1ae7113e03670cc5c0d81ebc86771326fbc82419321626fd098f04f9f41047d3bb3857a7c263fbb1
SSDEEP

98304:6ZQVC794gOm/Vk9ehnFIdFz5BO8rEl5t1FoSuIASDKO9jk0G7WVcJelugKMoz+2t:VC79OqVk9Xrufl5t1FoSucxkjiV0MA+C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/appreascv/CKeyboardH.dll

Files

appreascv.rar
.rar
appreascv/BdeH.46n
appreascv/BdeH.exe
.exe windows:4 windows x86 arch:x86

e63ccae6fa78202321de4a498df88f74

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:5d:9a:45:65:77:9d:b7:d4:7f:4f:ac:b8:60:f7:58
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

10/11/2015, 00:00

Not After

29/07/2016, 23:59

Subject

CN=Comfort Software Group,O=Comfort Software Group,L=Syktyvkar,ST=Komi,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:db:8b:ec:48:b9:cc:0f:21:b3:5a:0c:43:78:89:73:74:f7:1e:19
Signer

Actual PE Digest

05:db:8b:ec:48:b9:cc:0f:21:b3:5a:0c:43:78:89:73:74:f7:1e:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
MessageBoxA
CreateWindowExA
UnhookWindowsHookEx
TranslateMessage
SetWindowsHookExA
SendInput
RegisterClassA
PostQuitMessage
PostMessageA
MessageBoxA
GetMessageA
FindWindowA
DispatchMessageA
DefWindowProcA
CallNextHookEx

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
GetStartupInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
Sleep
SetThreadPriority
SetPriorityClass
OpenProcess
LoadLibraryA
GetTickCount
GetProcAddress
GetLastError
GetCurrentThread
GetCurrentProcessId
FreeLibrary
CloseHandle

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
appreascv/BdeH.txt
appreascv/CKeyboardH.dll
.dll windows:5 windows x86 arch:x86

0cdcc5c624fd109283f304a2c5b60bd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayGetElemsize
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
CreateErrorInfo
GetErrorInfo
SetErrorInfo
VariantInit
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
NotifyWinEvent
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawStateW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
IsDebuggerPresent
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemTimes
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetDCPenColor
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CoCreateGuid
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shell32

Shell_NotifyIconW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

oleacc

LresultFromObject

winmm

sndPlaySoundW

Exports

Exports

A6qsL0hENzGudWz35CiFOEDynCzj
ADilWyBDL6u0tpJFiW0uQ
AHmN9kF5J2F8a4OBv8x1xR8g8Hk8vfq
AMR6tE7riHOO49Uav
AO5BDC20zWjUtFkbEmhD0d3GnZZHF
AQlwfk6DuwQDHdrqP1GwO
ARMvxunmRIiTUQ5fwenC0UX6SFfl
ATMCESApc9cmXiwTXL
AUSjTq8kuOzwVLvlh2m1sPNDIbo3itO
AeQWTs6yK0Yd93XP7ufjbw
Ag6oIASN8JTnSax11j
AgHwwOEFliGiWwHSMC5g6
AiUO9yKBwWdm0NRi
ApoZSJix2SvjhoN8E0QTncTeawU
AvztgYZ4yfNVrGoExuiRNZA3JgwqD5m
B0QSTjM4Jw4tSQCeAtnUCdazb54WL
B2CFKCSgsEBvsOZ514aCwlUwqaAzSJG
B7vN5pnefNrgRbAoWQ
BFXKzltLdTL7NjSu
BIf7VhBZkunwTAt3ui
BcAe4RvpXpt9pX2YKwaz
Bce3ZgvU1qad99grcL
BtRmbZOYAeoaeB1Hk6I2tcpo
BvbQtla4CnEbF72lfVAGts1f
C1weBKfaGtQkb9u1pod
C4zXbhlRg11Zf7UCEmGYA6
C7O5MuV1Yli3oZGDdLWLwca5
C7hXt6DDEW9MOGjg8
C9pH4ECGDtm39dodO
CAFvs29J2VgfzBx6PrCUlOmz5GCQ
CBbWU7ulfKNKjc7fu05
CDLPxxFCJqzEriZVXS4iGGafM6NkL0
CMAw3VNT2ybX3wlR
CPoLgMqDiF1ZyXxh03nlgtwZooqc
CS5Ki8YIB8JMGYjKmKwgmZq
CSZOVJ1y1pOybDnPz6H
CT6chRBzzfWCvTJJ
CYL7zKTtuA4ntpAP
CgCS8eZwahUDVEB6J057GeFWMNU4
CgmwnKqx3l5izXnRw3mu4GeCJ
CjLel4SNfTiCNkwCUIElY1RZzxZk
ClNrAkpY5GbLp2ORzQkeCcH0wTcz4m
CwxE0O1sUZiLcFv6YKWtQCb
Czy0Cz3j94526CSZqyYt0yYjWW
D1wXiZ4cwBwVpWli7LEI4E4Ojp8s
DS5gKKetAdGGKsbHtuaqh8rLxhx0VO
DUjEjFFbl63WyttZ0IC1O1jT
DVbpxKZU5C18Eb30rb85
DXvzv8drwZjtrevtR
DbFuPcbL4kn7FrM7uDVJbAt0
DfokIWPbBEaJizaIeFDr7S
DhYFp50LfAR3yvPRzjo20OKp9
DnSPJFM5kgKYs2fR
Dp97Tk6gtrZfTOzCXd2zGR
Dtd9KOY8Drms6OLJ
E7LihqYP59R1HGIJglDwNTQcjGcJrO
EBMdgDNLcoDn2sYHr
EEbVX49LZ3Zkfi1E8uuwzv
EIIjBudjMRPJs84x1dgQOaHa
EKaeETdLVUzEZ4Vnpt
EPaB5rHoEXaMt3t3l
EV24jFeenkg6oer5JCnqytpV0pQz
EXiVRDEV51eIKThT5J
Ef5LZGVZBaTeerkJBeB
EhEFlgoYGjpB6OZoEAFP5QR
EkIHe2B7yjoRbbF8y
EkkxOaBV63QC51kJz98SQYkIIV
Es9Kfvxy4083WCPP7x6
EwRhwHJ85p0UumTLwEHXUP9E
ExZ0pFES8BdrP7cO7f56xx9bjPm1o
EyZa15XcZBgCsRz54
F16UWsomreERkyWDKRM8kvk35rCJ9
F5BCQut1ZywNrrJUytWETZgcP
FGzAggcmxvU0Kgm1ibYyhDDrHQg
FK8U59fCvt6Bved9qPpiSldZo
FNv94CveXl8D2makg2BFr8dMEmnf
FSaJ0l7kfHnvVDavtosaO32ZpRCM
FWyNWYMSYZmLe6Nko4qFJpp
FX5wB8Jl37gPXA11BsKg
FcHY9ycVFo43djK1w41tFr36W
FdgCqAU4TcJrzP9j3SpV7rMc7Z
FlVPCOUscd9koqSLyMIhpsda1
Fmut7WDTwH1LQ6B18DxDEfjRjow
FnPVT9Y42BFYy4dCSMdHOUTFQ8tkf
FnRMohUakoYBhVrvRa1mdA5Ggf
FqWWMVstPWR9YnuapAuT4h
FvlljB3JG13EeZwh9yC
FwcD4a8j68xohygM80T4QV
FyAjjy6asqOqdyI64YXO
GBSwWfYT7Zu1ByIp739YQ9iQlMNn
GIEqnUnSq30ujFOLqZstiuCj
GJC6O72lcDs05kF128j4Ul
GMAgj3QWyTWUo202bXN1jWi
GOlYLk6KY6v1girWUD3aMhxPXYI2
GWGyMbVfMoz5puC9n
GbNLK6HARJmD8Vh4hZyxcR6tfGzu1t
GcngSArnslGb0JKhut
GlOFmPpGqAuokkOT8au8uKaq6D7
GneWDwkUn76zZG4kButTNe
GqLAffan6Uw6paOF41V9
Gv6UUvOGDaVL7CnweDpk8
GzkVXoMts771MJNKzirOTvscucOy
H24nQnb5CH0U3ILcl3w
H33AFCuOj27iyoG15
H4oe8rLgUbAYcTi6fVxnxAW0SK
H55R9d3yY4twlckmLEYsBG6QDYSjKxZ
HF4ItgKnK2pfeqNd6IPucPNus
HJ7ku0uYBJnFV9JcSA1BHSv
HKGTtSR4C1CmmZlbPKiMurdA5hx
HQlX2tqXuZ5nmN7j9YYDTD
HTZxXuyvfkjEwMuL5BLya0XK
HYnABotgta1lRUDHOX
HZCKz0FTdlvDDYk8XTD5FyOeexz
HZnrI5kZqODvSV4uawLZ3KI4DNJnlIo
HcdP8U1RxylJfNEzZeFvDqD0OrBR
HeRlEpjhL7GIbTvLk
Hook
Hwh6O6MNOENphk4RLH
HwoWiJ8TChZIcSxJJAJI
I0BoOYF0UIAg0JpxL5oImCpgXqwwls7
I0X9BmZA8MdcTYULm9m
I5LgbytMNJRkiSNMuZpLhW0Jbt2eMD
I6yptQus0RTpbOMhEEWtDYAY47
IFd9JgPsYLH2FMANaBw641bbmjZGZ4
IFi9Ggmn2w8YrE855JufR
IFyPVXs8CMB4uCTUKMkRWuWCG
INwGDKleRlAlsx6PEhNx7kfW
IQMYddRz3PF8QjhnyYBZ
ITU2GrZ88et7XCzZZVo6
ITxcQmJ0rEBBnzN0UrKn1
IVHF1q6ApigVUuvXLpybm5EmRmS7f
IWelvwrVV1Ll2d29
IZXHKf9t4qQsYyTewlKlhKAuu
IbnxZ5P3YlbbQOOiz
J5yTNK9Z38FaegO18OmY
J8OB2D8cPry61RaoPFg3LOAa4k96z6a
J9SHdKPSwfMMrfHOd
JDTrcfIxVgowhk2pmLj3
JHfisrvtlWSWytAweFrT
JMA2MUkUlCvl484D7VXl
JMWjMEZgwCpKnsc7r4DHoangscWP
JMndwrDEMamcpFiNGz7SJjbUH
JMxmTTucOBtiQkh4f
JNqTW8H7FaYYL1FEREAAqcS2x2wL
JUWAcyMjR2pw7JyV
JXtQ4HcRDPF96jDERBd
JlIcWPXLLElkp1qQhR6IjNRVBr0A
JmogePGUyJspZHslhS1YJwzl0
JodbPZXqgvFCG3G136h
JohckPnKTJGfgdEHqLGz
K7dPvEvlQDCUjLZ0V
K8aITxLtRyeakpUGT59jvMgFKl2s
KIqFZBRrXhm8XFdn
KPgodVxeI3FsLdYe
KQVWYXINuK1YjXA0S
KYJ0FgMPISTYAdeE2rWBnG
KcV4tIyDRV2FzbDdYBwycLbchQB7
Kj0Gc65sPEtzAMPmISTVrDwXnk
Kn2x6Sni6CG9yoVkZKfXnqMPWnc
KnXDVYm85kaeGn39JJj
Ko930eJjjuVhj8BwuQ8zQWl40ScD
KsLUSwajRmAjxO3GnxPEA4J1w9aC6X
KuM7YuEMnjMbzjRXLi
L0xbuwJQjxlGQMMn84Az
LAIMTrL3lFCFLELT
LBjaAg5uRa8ZpfDHEcyWDHx
LEqBoT644qf1ZQuG
LILqpiGDr5k0HuLz7CTLBTwvay9M
LJeJynmgXgrtWboLdVh8OTPGMKy0n4
LONvFYmbqLVjoC6LA
LZnFo8en0UpZuLkBo
Lap1k1WZ9vvHfTaZY8bSaK83HZxb0
LfmUmo99gLcrFMy4wBLJbfx87zvwfa
Li2ddU87GNa9CeamGJ
Ljx2nxLPk7VnLqu0YuwdbGjS
LkCoP3gKnDtQCZDNp3
LkJTKuez2BAIWIa0d
Lkb058zFwnzNd9krjih5Swhl0oMtb4M
Lq3sIoOKItQXmgOGjyF4cUAM
LqMaAwBkEkSwx21Mub9lO8
LqRFPr1g51iaayOrJ7YHKUNWpCCHW
LwGNG7o3wYvhEwI4FLO
LyVJdkie2ZH29Y8i1JFlU
M0Ea15ihG5lpIlRDzObzCUgoKTIDG7P
M7lBYn8YQ7nRbwVBNDEtwB6Si
MCdbhwQmM1GpPvvgp8FdIR8OXDjeq
MExntxhrke8ttBp1
MIvMM08UhVasxxZPRfeGcy3XUTFFTg
MThBi5gWv9t98x06fvn6Qys
MV3C1RhPU9uXUR6h
McdneGal42PpfSWijkVXPvpzaY6EFpw
Mfq54mXiMfPfPSax8uFgdeZoHBg
MftJgRhZRUgQtzgkdpaGshv
Mfy1S9f7SWwToiRwX1us6vx81Bw
MyKiSsITurNNUBSOK
N0QGbNo0ZG6aXBjOVoCX
N0UKyHs8ZoKYWDNWWaBKnLebow86Wv3
NIGOPd01467wV5Ms
NMuXahx9sSHwrNfELVKfrXzeOJj
NQdV0ESn0ZCDv0t5VF
NRQAJMCQ3CVp8Hkh5
NVIGiDLCP0DnYSJsB1
NVjIDJWyp8dT2ZzPvyf1EGD8EnfxaMW
NWP4yQV5M3CIrYRtOZLrhk5WqzQHJ
NYMek3rauPVNLuWXU
Ni1ahFJr3P9BG2Qd0E795oTUL
NiYmO6xH3PT9sWWXiRLUwQG7o4c4kw
NpsmVCDh3rrzu4hv6w3EgUVAj
Nu7vBtPzyrRfo7f4QHt
NuWxL9KIaZqstdNMNyDyVX4jAHRmEs
Nw7dJuu0scfhMM8AZ
O9KYRrbXFat8KkdMJwmqRTs35
OB9mskGKLLgkzGXSUNDGFWlLRN7
OBnG5FaUGqhJuOlauS
OCSLxntmN1LxQB4WiU0sYzND0BF
OHO6VhS6xHfcXfItF2iUq4dTr
OHZVVqJCpm3eDhmwFE
OJCheega12sl7bC9rvUjriZ98jTiY
OJNSvul1HjFvYkYIMoYxA
OPiY5ZDvE3qtGN57NrK7haM8ej
Oae6c44A9RxKk2bMY4
OlhuBATqY2u7j4plchWZ3IVsVZvO7nf
OqhOOAvDXWo1IPVa7g1Dqk
OrkOj0BgKuqTh0Tquwb10MS
OvpGXiUOXEaR1BhtQfPpu4R4mfYu
OzjNFsAR7qNiUiopOzap
P2muWTlYiWi5nfT9BhP
P4IKGgaJL6m5aFNRHIzVdTAd
PHQNd8kYCrwmKzlOEd
PJ91PSR2m4qJ6Q2B2Hw9MB
PTKLJKS6DU3OhzAjxopuoTUy5RyxAHN
PlNdSkZjjQstR35n00nsfI
PwmGCbs1inbq9pL6a6Rkxg6sTwpB
PxZe9pYQVLIMkQ26W4M3x
Q0tvUVlN2aqPDTL0o2gVvajUBTu3dCz
Q4zvVz840VpU7gcmS55I
Q7IQKhS6NRn9Ws4gg2yWQaMqcKG33oN
QDiJJ9hCXxsfjg4apn
QEa0nV2RbSB5Q1xM
QIUxWu8kfsCgZdjGDFFpbNlN96r0KG
QSRZSof6ljjDdMrLElZ0nZ
QUbyGyjXxCkdH8hqEArRV
QYdZodgHK7XcL88eqXsxAA
QZpw4VfjO1PxpVvp1keIlU
QfrzCIrUa3i4bluhGui1SyvY
QklgvaOvye8Cx99KE3D9yD3rG
QuSYSbo5YfRP2MzTAkiIvT3nvQlDs32
QvX0K6f9Wimx6TwfxqpR3Xj9T9Jw0jZ
QwG7ves6s4qey1Wf2hSq5tvWX
QxXUy513anaNhZEmBxGuhUDvoMk6
RBNyGDCyMp8lWdi8rt5gKlC
RRwTAMhoxCqLavNGMq
RS25YPacO4uUXLk81bVDa
RSmIlr2IWCXkJvMxCNxLnd
RXiC556T1eCkdc5ti
RcYTHh53ZH7TGwjW3tu
RoB2y0vTHpwfno4dL25DEUMNL93XVG
Rq53RtZA82N9ogSErW3E
RtzZpcqXhqSGK1tjwmx5C7LHiW4N2
RvrofCtioyaeIxW7VnNYnBkFg4
Rwcj6XHnTi4sYQJKojln
S09XfMQxP64oDinlM
S5xLXnYzSvCj4Omb2zMQ2AnMerFNMbB
S9Ze2U5xL3r8nIdrN6VvPId
S9e8KtZVTMkSJ5rWJ0rVXBuii
SIQ3aBFEMaRrCoNG
SMPPLjoinvzyPZeU9BS4eNgkfzDbCA9
SNAsmhHFMNMEHAlvC6mq22
SQIybX75uqtzT68JTAwCm8GC
SS3UgPl5Cf58yycqG2Jg11CR
SWozGDk8C9uu8OSwSF8OjG
SaRKUNAsgwuj09eokW
SbqoqCrEDfRuOTi6SzVy2iI
SrdbPrRuVEgGCHQE4REeI3OA7
StRJDHh8Wim77KipLHqaHcNsD9RWQv7
T0U7VQXRsgUtS3ED0MiniZmeNG
T596o3dQicZtVW8kXsPeLdM6
TDfBs8KhLwk8wvA4D3w
TJJ3xzNgRGb0PN1sd
TJJhnUFqerIg78TY3Jcn2980nMsX
TMethodImplementationIntercept
TNMy9sjVCXhXaUIsiuEZmMsD
TNTkCsgfbJWj1NOSi80NQU9YI6uo
TOzOyh0euXIrSnWdFOI9NuNoK2hNa1X
TQig8pcWVEEUAutUwTcxRYgR83yZ
TSMmuUVRyaEBl4V8mROOgiCbATM
TVdEdM3FmYbo1nhRRTkIrXVQW6su
TYF1y0jnPoSGO2UL0TAwU4L7vr
TZCBBjsFqlJjp1JxqSIXMjzMArud
ThdfOHnpxoPbPdgVoEmMrpfvBRavlU
TlQj4aJkUrlM7oY7jUST
TuCTugfKS2Qq7LZQy4zK
TvZo3EG3ExqZnFFdsjuYw6jtMz
U6Xf952EYCnwVvWpDM5OVfPBT6kPk
U715DMjFm5qiahSzuoMuvzF2ZX
U7DiTLHYWoJVrImRCBFc87N
UB7hW2vr9hC4yjW2WYbvX7M1AUwkx
UC3EuHC9N3LqhxtyuT8
UJ1dlbyhtYzpBkvbGQuLCFVMvN
UPnZtJAo1SHEPX0jjgU6vdZn0d
UY0j70TIDWl2CJkXhjAdQNZa0mQ7Ob
UZGIRFXdDfl30oaBYekS8PkbqWrc
UZYry08qRS5qDnRsJOll4vR9nexIPWr
UeEVfR8EIsDwDxSRjKoRn
UnHook
UqWi6oLXPkmJYFRMJEU0GLKmcX
UrNs6nJ6zZCTqcg1y3vBJAGq
UuHoJPwQ5MG8QqMI3ghDLQAqaY6VN3
UuTgcje4SfSxsWW7iQvzB45xMni
UvPwXRldq8KoWEPg
UwbnWfoB2LjNA4om0DzB1zcQ3kCOw
UyS5r1yyJFs9Qnoq4wKktvf
UytRYPbqYbhxXX6rlddTBSS1
UzOV86HkOnSc2rSpHHnQP66x
V2uOOfNvUffEyfMSgEGhrJKv5C8OVGt
V4eCAHPLAdHcQGMnHuPykSW
V9ocVxarHhGpAfuNEgAbl8EPu5dXeqQ
VDYIN5RfaPTZGeYeS4N4PHsHH
VDhvkvgGjqYVtjFTVove5rcpb
VFoDe7D3kxMRnvgb
VHkrxXgBS5gvb49wX
VIIGLvzYVPjGYDQs5CzH8Vkyqf8Bk
VIhx5BfmwNAZULvTP5Bszfdm
VMF3J0XGIxarZ9KGoqKbFBVh2D2u
VOBvDKZrTcxtF5erJbc0E6I9ot
VPmeUf3RNAdn9OkwmOP
VUgWWoojS3drcW4KqvCiX34RrVEI2v
VV5WworOGAWOVO6ky
VX4Mq9rF695lGq2P7ZihGxfiVa1VK
VbTXT64T8FdTWuYBDPlkohcn0Pd0
VcykGYr63iRwWjMmDCHU9bZ2ZJ8l1
VdVOHaM3YWYius7TbycTXk
VoF2dsYVhCHpGLUGMiC0IH0iVY7kg
Vs8B1wO11AszM8yH5zRiXP7oBUX4hr
VtxQrJO4MGBeOrxt
VutbQq3tMU3keHPqtOMWwuOoNm
Vv3YJWeA5Vb9qpIr
W1KnoXYBVmuuxgGCo6vxEPOXB
W6oQrHgiHp7ZWmMX9PrSG9
WD8SCa8qpXfiQWZMkDNDCM9d
WFrxAqhLWZB2SWk8cLD5jMGDvIjXBg
WIrv7yxXR8bvkl6xsoWzgGAu5IlNsR9
WLhFMSgv4C6l4rOkxTwh2ZX6VcOj0BH
WNlkWjWjlRvmSFjuVv
WOP5IVxUvcVvpdrpR3lc2OwbkCeyHV
WZjfYYlHGcLzdkki2KXoeMoUpYUQmCe
WhwZZSi0yK7fsjbM5wxQAJ8hBkolo3
WnF1EhA1KM0iAoiOInr9uNXtu5CRIEn
X0zZ2s5J44XnCHc4H1kKa6zQ1lpnZgf
X1SG7x10HQ0ZXz5uOAWjasLEL8Q
X1WZ5mdclUH4OobKJz
X310Utcp7RAxpetg
X7t0rf9OMe2HEIe94leiDPrBoWFdw
X8SO45cMPGuMEhubGBJoEGC6Cll6b
XCWm7w8lufCw297GZkmHxN0LHY7b
XDBDiIc8b9UJ57dtQ6eMLb
XKslTlVX5V35r3bl9F8EyeUwcrruMZ
XYMKI7kArrHJ1CMEAchjaEIH4aTM9xc
XdSLYoKZL3QhncfR10vX2wFo6R
XfTnRWppbXiSC4HgQ81Cy7x8r3Ey38
XkTgRgy2A1a1H4anz
Xrgp9boWNS8uVREzwBaMFWRZUy5sY
Y3tDZTzJkfC6L0OzVYLJAMlGJFcADf
YAGuiVxc7UXShdbOnmgXPQFL4i
YJGVlJtdVVuHlV3oQX9mMqfegsk
YKJ0Fgaho3j4R6PqaqnzRt
YMwSq08nqCo6QYJQn
YPX9M4kkv9yK7DicS
YQUfkI129V77qR5XrkQIpx5x
YVhh5Liwg3piEpJh5hjzYJ4
YWe9lb17yuw5kLcfVApNs5zzzI
YYjEmudiWsnnlcgASLBDpW9T
Yp01bxZTWM5NbK5fnsLEExgZ2Y
YprEt1UYitFxSe0yPXIVW0gE21qYjI
YqWiaTAmM2t83KZfDxq
YuyKxI9ZkO6ZudhtA8TbVy6f
Ywhd0pfxkIMNAtlzwSGnrkadlD
Yy2x2lACvP6HMw7SuNfPg
Z3AxBaHUR6m4GFJQQsCXq2
Z49vmOH6EnF9MneQDlZp3
Z7OWYZjEIHgSlKDbp
Z9L0Wb08JKIKa7vX1fI2Ln
Z9bF5Yw0kNXw0osrV
Z9stCeQqKrCJxfUlKD2Ucy3mNWH2
ZDjYWXwni8GnTOOc
ZFvuuWy6McwdHFBAOYrmKd17qJxj
ZGC35noFDUyLjdkAdDrKpD
ZJF0bG5waHvzKKNQ0FA
ZN8zdxjFDBoXRl71KcW3nezfE
ZPBuUWpUrbxHPBMCwhmkVsOnNQXDt
ZVPguLPvLAiMxylN3Ytx941Yu
ZWWLpCNba8zFHg7zrBaNAE8B
Zdrejd5wZXT7jp8vyEaWGP
ZlBMPg91jthiYSUZ5
ZlJEcuNAgLQr8JHLeGIJYB5fd
ZsMp5uHqwzXvA90p8IdSWmfUfRA
Zu6ZDOR4uRRDJshFMqjIDwG8vV
ZwKH07mCWvl0MhgcE
ZxNX0RMAznBC58sfT5AMrJXCy
a5NCDQoKMgeUmLHQ5dDpWK
a5tWGfex2lg5NC8kCkLYC5G
a7Upqhs6083HfUJncun9Smn5YyHnqT
aFt5Racp1NsPlYaX6lwOi
aHYlXxFIYYZNlgGAr
aJDvE6cCD2uEx3xnaM3sghj8
aMyO1OMItMFI1K646r
aRMakwhkrvGUgiJXUHeirs6G5MzoMi
aS1s1v0urKqFkK4lwjdPQy2Ynhz6
aWf2OSWdFz8gRao6jRwiPiOccOsaNm
aXZRRJeR8wNV7voZ5HMBUAAluU
adPO5JJRt0fU80wk
aiSTdHVaIKVWniacJ880
akXEF5U6pTbSGdP9S42voUm
aoJBLY5k1bjJ5ZDBe7PwV
avSCaThGIphQnCAAdfZp8YESEhw
axTVaVx43Jv9zLMbBV0msf
axnxrzUBC15TpD718a3JsS
b6fSuiSoLUanC8BySA9EfZ1HdvZC
bDp9HvsUDqwPzJadHIxoHp1m9Tc4iaF
bGRTdUMbVOnJOiRVN9yi5cRcsum
bJwPgZijwQUdQf1xSo1I5v
bK9dhhbSt2KBOXNU9rQrZ
bUWKP107EIi8BAM7mHFXmKgLK1
bX0YWliqtl9lMtDJswBFyUOZWL5V31I
bYcfUOQ9NpKjulqS4WXBZUkrY
bai5AvSoJ9Tz19l9U04pLiZ67T1MVg
bcbrTrqfvyUcO51ehMBABuRm6S
bor7tD5iOVrferOV
bpfjRMJafZbi8FxlS62UE
bsXMfdhJ7NCiGdAvoOgQIAqoOI6rq
bscIN6ixoWiIx62mpN3jg
c0ADljLl9SC87wIpVnzzc6BuCzj2V
c8j9pH7Jt5gDzZX0ZKCBdNbgliJmF
cEMp2xtCUEcj6LeeRkF
cNkK7rm1L9qS9Z5OqbxL8dyU56w
cRKHEYdHCGsmBjMHhxGtzmMkI
cUiiJIN67IfY05jwRag0nOThJ
cgv9NZkyD5PxbIbPQP
cju370lpbAoDtxbPn4yXJBmki2BiA
clriX1JQu6oWAxNUJWItCko7s
d7dqdDKjEQ34B1N5
d8wlKS3mFcgBgGn68g8ITex
dDuhIpvR7wGcNMQ0fNevTGaTxHd
dGJ1GQgls9U44Y5iDQzee
dKBcA8AaiRDylLwdHMWUdtC
dKaPH3uYhZsBfmqXrfVa
dLYWXJyene2e2uwpeKTNAI
dLnj8kruCVPwJEZmT
dPgFtnPrtBRs2F261njtlRSsn1y67
dQ8W3Ou8zlFHqCwPD
dUiOS6nGtMGCfe9L6hyMnqKN4JJ
dX5CFdkujMUMwe8eETK20IcWDRBnSB
db6GZf7wz7ws9PWZsXNXrOuS1lO
deQtc8Vz7f8e7d2BDorlShX
dj1pzYVaAAeHx8cBFCpVb3AjhNhz
dqD8ezhS6YYVIeRChBgWoUy16hYs
drJgRghdCiG4WC4rJFIZCf
dsIuo6jERbzrzUu5IULjlNzBVAvuT
e0tCi3lLMKnUqAgiL5GI8w5sRa
e2tl407NNvdJez2mYf9RcIDug6l
e3qwOMLKPf9aYpC8JOndDpg
e8agLaMzf2i9CXrTUqgVUmt7Tjpq5
e9ydD3gei5L4BrIfXy
eABMk2tR9CCYQLxvDt
eBEtDtd8SwsfEJcK3gdU6lv9vB6
eBGXGcgHr8vzsmiVLFGEG1dYeBch
eESKX4pXEXvXBb7LK
eH23bQWSS3Dq2gZro70niBIKWbhvgxU
eINFXjcSKdnvn7l73ADrAzl9j8A
eJJNmyjHkNm46iGLDewSt70b3rMfro
eQlYrLfZKDkFQIAytIn3t
eVA8qVHygBcvzBatStTb5ZUnlEAGqDo
eYmn4yz19cu3FGdqpKor58Am
ecOJpUQMKBpk37cds6j7Xgt6R6V
ecaxYsZXEyy1c1tAenTGa7ETSCsu
eiZg1hjqQLkNhPoLomWF2zMS
ejbBBUBdIWlXfp6CB
eklcqXDCuOzSy7wKvuGs
erCYmgYlDnZgCyJJF
esTaHUO97xhgIHUzqq2OjpDp
et44c6nuyiJOTN5Rr115bFMV1RQst
eu6t6lmIGwPVXIIW6VXCP
exznsCPE9QwGD4Jny2gWewovF
f7PeoWYcCSTXFLHzLx5vXsfgNMfQOHb
fA7BSgIadqolucoqx1zWt6qDyVbHq
fCJ7UTviwS9eQdhFwjGyPb0lilP8Etw
fCS364E5Eu36lcCjCMxOJ
fFL9htAXGl8gE3NSH
fGd1Mnk22lZAg4i3K5faDVK4yYolCty
fJBjlEJErarEqMCRQxL9M
fLYkctMMDTD1QlwPS6K2GDlUCfB
fOxUXpf1LQP9YYuhXcRm4M0l
fUHgIr1YeTMg03CjbN81hG
fVZOcOPqkO6YUilvFKt9JD5
fbTY5Ykapuy4Np1vRekc14OW9xisRa
fep31t7OSynsKPPdEWPf
fgHb0cOqYLo8sLCgXu5wF0Eq1qV
fi4XkkjvbczBWbztFNWLBC
fivXzD8m8WRcj4iIQMkH0yWM9SJ
flxIk7Dtbv8iSwu8BNXawhOz9BM

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e63ccae6fa78202321de4a498df88f74

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5e:5d:9a:45:65:77:9d:b7:d4:7f:4f:ac:b8:60:f7:58Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

05:db:8b:ec:48:b9:cc:0f:21:b3:5a:0c:43:78:89:73:74:f7:1e:19Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

Sections

.text Size: 16KB - Virtual size: 16KB

.itext Size: 1024B - Virtual size: 908B

.data Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 10KB

.idata Size: 2KB - Virtual size: 1KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

0cdcc5c624fd109283f304a2c5b60bd5

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

ole32

comctl32

shell32

winspool.drv

oleacc

winmm

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.itext Size: 10KB - Virtual size: 9KB

.data Size: 35KB - Virtual size: 35KB

.bss Size: - Virtual size: 23KB

.idata Size: 14KB - Virtual size: 14KB

.didata Size: 2KB - Virtual size: 2KB

.edata Size: 27KB - Virtual size: 27KB

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 326KB - Virtual size: 326KB

.rsrc Size: 85KB - Virtual size: 85KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5e:5d:9a:45:65:77:9d:b7:d4:7f:4f:ac:b8:60:f7:58
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

05:db:8b:ec:48:b9:cc:0f:21:b3:5a:0c:43:78:89:73:74:f7:1e:19
Signer

.text
Size: 16KB - Virtual size: 16KB

.itext
Size: 1024B - Virtual size: 908B

.data
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 10KB

.idata
Size: 2KB - Virtual size: 1KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.itext
Size: 10KB - Virtual size: 9KB

.data
Size: 35KB - Virtual size: 35KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 14KB - Virtual size: 14KB

.didata
Size: 2KB - Virtual size: 2KB

.edata
Size: 27KB - Virtual size: 27KB

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 326KB - Virtual size: 326KB

.rsrc
Size: 85KB - Virtual size: 85KB