307d931018030eaadd3358151691c0fb[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

307d931018030eaadd3358151691c0fb.bin
Size

947KB
MD5

b46f11c581380e182cbd0ead7eb92558
SHA1

97cf491fe8b2fade51efc059ebc60635786bb125
SHA256

5acd753f67b4bb85c78151fa25ae5256752e6c7810c08834e5bc62e1db61d73b
SHA512

dce2bdb75021b11f8465a086525b7f38ad893043fe5870231bab1a088ffdde51c8df22688927ad59db572c2491898688b71c252997b8d92a0f40ca7a3f5d4263
SSDEEP

24576:4Xdc8SaZG+8T8sLdKgOWxxmbfqzw/vpbkpa:byGXRcSyvpbya

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/fe0f3a2dad2a511fd5833a4ba5503d30af7dc5bb993043ab2a1fc0a9dc5af186.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx

Files

307d931018030eaadd3358151691c0fb.bin
.zip

Password: infected
fe0f3a2dad2a511fd5833a4ba5503d30af7dc5bb993043ab2a1fc0a9dc5af186.exe
.exe windows:6 windows x86 arch:x86

Password: infected

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:16:70:a1:c7:4e:3e:59:b4:37:90:1c:a7:5c:fa:a8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25/10/2023, 00:00

Not After

24/10/2024, 23:59

Subject

SERIALNUMBER=91320506MA7LWP79XC,CN=苏州四次纬网络科技有限公司,O=苏州四次纬网络科技有限公司,ST=江苏省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:ed:76:ab:d1:46:27:20:91:32:65:69:bf:a1:4b:f4:7d:c8:b6:9b:6c:a4:4e:36:1b:f0:c7:d6:d5:bb:c8:92
Signer

Actual PE Digest

e6:ed:76:ab:d1:46:27:20:91:32:65:69:bf:a1:4b:f4:7d:c8:b6:9b:6c:a4:4e:36:1b:f0:c7:d6:d5:bb:c8:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 941KB - Virtual size: 944KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??0CharReader@Json@@QAE@ABV01@@Z
??0CharReader@Json@@QAE@XZ
??0CharReaderBuilder@Json@@QAE@ABV01@@Z
??0CharReaderBuilder@Json@@QAE@XZ
??0Exception@Json@@QAE@ABV01@@Z
??0Exception@Json@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Factory@CharReader@Json@@QAE@ABV012@@Z
??0Factory@CharReader@Json@@QAE@XZ
??0Factory@StreamWriter@Json@@QAE@ABV012@@Z
??0Factory@StreamWriter@Json@@QAE@XZ
??0FastWriter@Json@@QAE@ABV01@@Z
??0FastWriter@Json@@QAE@XZ
??0Features@Json@@QAE@XZ
??0LogicError@Json@@QAE@$$QAV01@@Z
??0LogicError@Json@@QAE@ABV01@@Z
??0LogicError@Json@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Path@Json@@QAE@$$QAV01@@Z
??0Path@Json@@QAE@ABV01@@Z
??0Path@Json@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVPathArgument@1@1111@Z
??0PathArgument@Json@@QAE@$$QAV01@@Z
??0PathArgument@Json@@QAE@ABV01@@Z
??0PathArgument@Json@@QAE@I@Z
??0PathArgument@Json@@QAE@PBD@Z
??0PathArgument@Json@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0PathArgument@Json@@QAE@XZ
??0Reader@Json@@QAE@$$QAV01@@Z
??0Reader@Json@@QAE@ABV01@@Z
??0Reader@Json@@QAE@ABVFeatures@1@@Z
??0Reader@Json@@QAE@XZ
??0RuntimeError@Json@@QAE@$$QAV01@@Z
??0RuntimeError@Json@@QAE@ABV01@@Z
??0RuntimeError@Json@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0StaticString@Json@@QAE@PBD@Z
??0StreamWriter@Json@@QAE@ABV01@@Z
??0StreamWriter@Json@@QAE@XZ
??0StreamWriterBuilder@Json@@QAE@ABV01@@Z
??0StreamWriterBuilder@Json@@QAE@XZ
??0StyledStreamWriter@Json@@QAE@ABV01@@Z
??0StyledStreamWriter@Json@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0StyledWriter@Json@@QAE@ABV01@@Z
??0StyledWriter@Json@@QAE@XZ
??0Value@Json@@QAE@$$QAV01@@Z
??0Value@Json@@QAE@ABV01@@Z
??0Value@Json@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Value@Json@@QAE@ABVStaticString@1@@Z
??0Value@Json@@QAE@H@Z
??0Value@Json@@QAE@I@Z
??0Value@Json@@QAE@N@Z
??0Value@Json@@QAE@PBD0@Z
??0Value@Json@@QAE@PBD@Z
??0Value@Json@@QAE@W4ValueType@1@@Z
??0Value@Json@@QAE@_J@Z
??0Value@Json@@QAE@_K@Z
??0Value@Json@@QAE@_N@Z
??0ValueConstIterator@Json@@AAE@ABV?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBVCZString@Value@Json@@V23@@std@@@std@@@std@@@std@@@Z
??0ValueConstIterator@Json@@QAE@ABVValueIterator@1@@Z
??0ValueConstIterator@Json@@QAE@XZ
??0ValueIterator@Json@@AAE@ABV?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBVCZString@Value@Json@@V23@@std@@@std@@@std@@@std@@@Z
??0ValueIterator@Json@@QAE@ABV01@@Z
??0ValueIterator@Json@@QAE@ABVValueConstIterator@1@@Z
??0ValueIterator@Json@@QAE@XZ
??0ValueIteratorBase@Json@@QAE@ABV?$_Tree_iterator@V?$_Tree_val@U?$_Tree_simple_types@U?$pair@$$CBVCZString@Value@Json@@V23@@std@@@std@@@std@@@std@@@Z
??0ValueIteratorBase@Json@@QAE@XZ
??0Writer@Json@@QAE@ABV01@@Z
??0Writer@Json@@QAE@XZ
??1CharReader@Json@@UAE@XZ
??1CharReaderBuilder@Json@@UAE@XZ
??1Exception@Json@@UAE@XZ
??1Factory@CharReader@Json@@UAE@XZ
??1Factory@StreamWriter@Json@@UAE@XZ
??1FastWriter@Json@@UAE@XZ
??1LogicError@Json@@UAE@XZ
??1Path@Json@@QAE@XZ
??1PathArgument@Json@@QAE@XZ
??1Reader@Json@@QAE@XZ
??1RuntimeError@Json@@UAE@XZ
??1StreamWriter@Json@@UAE@XZ
??1StreamWriterBuilder@Json@@UAE@XZ
??1StyledStreamWriter@Json@@QAE@XZ
??1StyledWriter@Json@@UAE@XZ
??1Value@Json@@QAE@XZ
??1Writer@Json@@UAE@XZ
??4CharReader@Json@@QAEAAV01@ABV01@@Z
??4CharReaderBuilder@Json@@QAEAAV01@ABV01@@Z
??4Exception@Json@@QAEAAV01@ABV01@@Z
??4Factory@CharReader@Json@@QAEAAV012@ABV012@@Z
??4Factory@StreamWriter@Json@@QAEAAV012@ABV012@@Z
??4FastWriter@Json@@QAEAAV01@ABV01@@Z
??4Features@Json@@QAEAAV01@$$QAV01@@Z
??4Features@Json@@QAEAAV01@ABV01@@Z
??4LogicError@Json@@QAEAAV01@$$QAV01@@Z
??4LogicError@Json@@QAEAAV01@ABV01@@Z
??4Path@Json@@QAEAAV01@$$QAV01@@Z
??4Path@Json@@QAEAAV01@ABV01@@Z
??4PathArgument@Json@@QAEAAV01@$$QAV01@@Z
??4PathArgument@Json@@QAEAAV01@ABV01@@Z
??4Reader@Json@@QAEAAV01@$$QAV01@@Z
??4Reader@Json@@QAEAAV01@ABV01@@Z
??4RuntimeError@Json@@QAEAAV01@$$QAV01@@Z
??4RuntimeError@Json@@QAEAAV01@ABV01@@Z
??4StaticString@Json@@QAEAAV01@$$QAV01@@Z
??4StaticString@Json@@QAEAAV01@ABV01@@Z
??4StreamWriter@Json@@QAEAAV01@ABV01@@Z
??4StreamWriterBuilder@Json@@QAEAAV01@ABV01@@Z
??4StyledStreamWriter@Json@@QAEAAV01@ABV01@@Z
??4StyledWriter@Json@@QAEAAV01@ABV01@@Z
??4Value@Json@@QAEAAV01@$$QAV01@@Z
??4Value@Json@@QAEAAV01@ABV01@@Z
??4ValueConstIterator@Json@@QAEAAV01@$$QAV01@@Z
??4ValueConstIterator@Json@@QAEAAV01@ABV01@@Z
??4ValueConstIterator@Json@@QAEAAV01@ABVValueIteratorBase@1@@Z
??4ValueIterator@Json@@QAEAAV01@ABV01@@Z
??4ValueIteratorBase@Json@@QAEAAV01@$$QAV01@@Z
??4ValueIteratorBase@Json@@QAEAAV01@ABV01@@Z
??4Writer@Json@@QAEAAV01@ABV01@@Z
??5Json@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@std@@AAV12@AAVValue@0@@Z
??6Json@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@AAV12@ABVValue@0@@Z
??8Value@Json@@QBE_NABV01@@Z
??8ValueIteratorBase@Json@@QBE_NABV01@@Z
??9Value@Json@@QBE_NABV01@@Z
??9ValueIteratorBase@Json@@QBE_NABV01@@Z
??ACharReaderBuilder@Json@@QAEAAVValue@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AStreamWriterBuilder@Json@@QAEAAVValue@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QAEAAV01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QAEAAV01@ABVStaticString@1@@Z
??AValue@Json@@QAEAAV01@H@Z
??AValue@Json@@QAEAAV01@I@Z
??AValue@Json@@QAEAAV01@PBD@Z
??AValue@Json@@QBEABV01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??AValue@Json@@QBEABV01@H@Z
??AValue@Json@@QBEABV01@I@Z
??AValue@Json@@QBEABV01@PBD@Z
??BStaticString@Json@@QBEPBDXZ
??BValue@Json@@QBE_NXZ
??CValueConstIterator@Json@@QBEPBVValue@1@XZ
??CValueIterator@Json@@QAEPAVValue@1@XZ
??DValueConstIterator@Json@@QBEABVValue@1@XZ
??DValueIterator@Json@@QAEAAVValue@1@XZ
??EValueConstIterator@Json@@QAE?AV01@H@Z
??EValueConstIterator@Json@@QAEAAV01@XZ
??EValueIterator@Json@@QAE?AV01@H@Z
??EValueIterator@Json@@QAEAAV01@XZ
??FValueConstIterator@Json@@QAE?AV01@H@Z
??FValueConstIterator@Json@@QAEAAV01@XZ
??FValueIterator@Json@@QAE?AV01@H@Z
??FValueIterator@Json@@QAEAAV01@XZ
??GValueIteratorBase@Json@@QBEHABV01@@Z
??MValue@Json@@QBE_NABV01@@Z
??NValue@Json@@QBE_NABV01@@Z
??OValue@Json@@QBE_NABV01@@Z
??PValue@Json@@QBE_NABV01@@Z
??_7CharReader@Json@@6B@
??_7CharReaderBuilder@Json@@6B@
??_7Exception@Json@@6B@
??_7Factory@CharReader@Json@@6B@
??_7Factory@StreamWriter@Json@@6B@
??_7FastWriter@Json@@6B@
??_7LogicError@Json@@6B@
??_7RuntimeError@Json@@6B@
??_7StreamWriter@Json@@6B@
??_7StreamWriterBuilder@Json@@6B@
??_7StyledWriter@Json@@6B@
??_7Writer@Json@@6B@
??_FStyledStreamWriter@Json@@QAEXXZ
??_FValue@Json@@QAEXXZ
?addComment@Reader@Json@@AAEXPBD0W4CommentPlacement@2@@Z
?addError@Reader@Json@@AAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVToken@12@PBD@Z
?addErrorAndRecover@Reader@Json@@AAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVToken@12@W4TokenType@12@@Z
?addPathInArg@Path@Json@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$vector@PBVPathArgument@Json@@V?$allocator@PBVPathArgument@Json@@@std@@@4@AAV?$_Vector_const_iterator@V?$_Vector_val@U?$_Simple_types@PBVPathArgument@Json@@@std@@@std@@@4@W4Kind@PathArgument@2@@Z
?all@Features@Json@@SA?AV12@XZ
?append@Value@Json@@QAEAAV12@$$QAV12@@Z
?append@Value@Json@@QAEAAV12@ABV12@@Z
?asBool@Value@Json@@QBE_NXZ
?asCString@Value@Json@@QBEPBDXZ
?asDouble@Value@Json@@QBENXZ
?asFloat@Value@Json@@QBEMXZ
?asInt64@Value@Json@@QBE_JXZ
?asInt@Value@Json@@QBEHXZ
?asLargestInt@Value@Json@@QBE_JXZ
?asLargestUInt@Value@Json@@QBE_KXZ
?asString@Value@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?asUInt64@Value@Json@@QBE_KXZ
?asUInt@Value@Json@@QBEIXZ
?begin@Value@Json@@QAE?AVValueIterator@2@XZ
?begin@Value@Json@@QBE?AVValueConstIterator@2@XZ
?c_str@StaticString@Json@@QBEPBDXZ
?clear@Value@Json@@QAEXXZ
?compare@Value@Json@@QBEHABV12@@Z
?computeDistance@ValueIteratorBase@Json@@IBEHABV12@@Z
?containsNewLine@Reader@Json@@CA_NPBD0@Z
?copy@Value@Json@@QAEXABV12@@Z
?copy@ValueIteratorBase@Json@@IAEXABV12@@Z
?copyPayload@Value@Json@@QAEXABV12@@Z
?currentValue@Reader@Json@@AAEAAVValue@2@XZ
?decodeDouble@Reader@Json@@AAE_NAAVToken@12@@Z
?decodeDouble@Reader@Json@@AAE_NAAVToken@12@AAVValue@2@@Z
?decodeNumber@Reader@Json@@AAE_NAAVToken@12@@Z
?decodeNumber@Reader@Json@@AAE_NAAVToken@12@AAVValue@2@@Z
?decodeString@Reader@Json@@AAE_NAAVToken@12@@Z
?decodeString@Reader@Json@@AAE_NAAVToken@12@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?decodeUnicodeCodePoint@Reader@Json@@AAE_NAAVToken@12@AAPBDPBDAAI@Z
?decodeUnicodeEscapeSequence@Reader@Json@@AAE_NAAVToken@12@AAPBDPBDAAI@Z
?decrement@ValueIteratorBase@Json@@IAEXXZ
?defaultRealPrecision@Value@Json@@2IB
?demand@Value@Json@@QAEPAV12@PBD0@Z
?deref@ValueIteratorBase@Json@@IAEAAVValue@2@XZ
?deref@ValueIteratorBase@Json@@IBEABVValue@2@XZ
?dropNullPlaceholders@FastWriter@Json@@QAEXXZ
?dupMeta@Value@Json@@AAEXABV12@@Z
?dupPayload@Value@Json@@AAEXABV12@@Z
?empty@Value@Json@@QBE_NXZ
?enableYAMLCompatibility@FastWriter@Json@@QAEXXZ
?end@Value@Json@@QAE?AVValueIterator@2@XZ
?end@Value@Json@@QBE?AVValueConstIterator@2@XZ
?find@Value@Json@@QBEPBV12@PBD0@Z
?get@Value@Json@@QBE?AV12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV12@@Z
?get@Value@Json@@QBE?AV12@IABV12@@Z
?get@Value@Json@@QBE?AV12@PBD0ABV12@@Z
?get@Value@Json@@QBE?AV12@PBDABV12@@Z
?getComment@Value@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4CommentPlacement@2@@Z
?getFormatedErrorMessages@Reader@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getFormattedErrorMessages@Reader@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getLocationLineAndColumn@Reader@Json@@ABE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
?getLocationLineAndColumn@Reader@Json@@ABEXPBDAAH1@Z
?getMemberNames@Value@Json@@QBE?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?getNextChar@Reader@Json@@AAEDXZ
?getOffsetLimit@Value@Json@@QBEHXZ
?getOffsetStart@Value@Json@@QBEHXZ
?getString@Value@Json@@QBE_NPAPBD0@Z
?getStructuredErrors@Reader@Json@@QBE?AV?$vector@UStructuredError@Reader@Json@@V?$allocator@UStructuredError@Reader@Json@@@std@@@std@@XZ
?good@Reader@Json@@QBE_NXZ
?hasComment@Value@Json@@QBE_NW4CommentPlacement@2@@Z
?hasCommentForValue@StyledStreamWriter@Json@@CA_NABVValue@2@@Z
?hasCommentForValue@StyledWriter@Json@@CA_NABVValue@2@@Z
?increment@ValueIteratorBase@Json@@IAEXXZ
?indent@StyledStreamWriter@Json@@AAEXXZ
?indent@StyledWriter@Json@@AAEXXZ
?index@ValueIteratorBase@Json@@QBEIXZ
?initBasic@Value@Json@@AAEXW4ValueType@2@_N@Z
?insert@Value@Json@@QAE_NI$$QAV12@@Z
?insert@Value@Json@@QAE_NIABV12@@Z
?invalidPath@Path@Json@@CAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?isAllocated@Value@Json@@ABE_NXZ
?isArray@Value@Json@@QBE_NXZ
?isBool@Value@Json@@QBE_NXZ
?isConvertibleTo@Value@Json@@QBE_NW4ValueType@2@@Z
?isDouble@Value@Json@@QBE_NXZ
?isEqual@ValueIteratorBase@Json@@IBE_NABV12@@Z
?isInt64@Value@Json@@QBE_NXZ
?isInt@Value@Json@@QBE_NXZ
?isIntegral@Value@Json@@QBE_NXZ
?isMember@Value@Json@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?isMember@Value@Json@@QBE_NPBD0@Z
?isMember@Value@Json@@QBE_NPBD@Z
?isMultilineArray@StyledStreamWriter@Json@@AAE_NABVValue@2@@Z
?isMultilineArray@StyledWriter@Json@@AAE_NABVValue@2@@Z
?isNull@Value@Json@@QBE_NXZ
?isNumeric@Value@Json@@QBE_NXZ
?isObject@Value@Json@@QBE_NXZ
?isString@Value@Json@@QBE_NXZ
?isUInt64@Value@Json@@QBE_NXZ
?isUInt@Value@Json@@QBE_NXZ
?isValidIndex@Value@Json@@QBE_NI@Z
?key@ValueIteratorBase@Json@@QBE?AVValue@2@XZ
?make@Path@Json@@QBEAAVValue@2@AAV32@@Z
?makePath@Path@Json@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$vector@PBVPathArgument@Json@@V?$allocator@PBVPathArgument@Json@@@std@@@4@@Z
?match@Reader@Json@@AAE_NPBDH@Z
?maxInt64@Value@Json@@2_JB
?maxInt@Value@Json@@2HB
?maxLargestInt@Value@Json@@2_JB
?maxLargestUInt@Value@Json@@2_KB
?maxUInt64@Value@Json@@2_KB
?maxUInt64AsDouble@Value@Json@@2NB
?maxUInt@Value@Json@@2IB
?memberName@ValueIteratorBase@Json@@QBEPBDPAPBD@Z
?memberName@ValueIteratorBase@Json@@QBEPBDXZ
?minInt64@Value@Json@@2_JB
?minInt@Value@Json@@2HB
?minLargestInt@Value@Json@@2_JB
?name@ValueIteratorBase@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?newCharReader@CharReaderBuilder@Json@@UBEPAVCharReader@2@XZ
?newStreamWriter@StreamWriterBuilder@Json@@UBEPAVStreamWriter@2@XZ
?normalizeEOL@Reader@Json@@CA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD0@Z
?null@Value@Json@@2ABV12@B
?nullRef@Value@Json@@2ABV12@B
?nullSingleton@Value@Json@@SAABV12@XZ
?omitEndingLineFeed@FastWriter@Json@@QAEXXZ
?parse@Reader@Json@@QAE_NAAV?$basic_istream@DU?$char_traits@D@std@@@std@@AAVValue@2@_N@Z
?parse@Reader@Json@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVValue@2@_N@Z
?parse@Reader@Json@@QAE_NPBD0AAVValue@2@_N@Z
?parseFromStream@Json@@YA_NABVFactory@CharReader@1@AAV?$basic_istream@DU?$char_traits@D@std@@@std@@PAVValue@1@PAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@5@@Z
?pushError@Reader@Json@@QAE_NABVValue@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?pushError@Reader@Json@@QAE_NABVValue@2@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?pushValue@StyledStreamWriter@Json@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?pushValue@StyledWriter@Json@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?readArray@Reader@Json@@AAE_NAAVToken@12@@Z
?readCStyleComment@Reader@Json@@AAE_NXZ
?readComment@Reader@Json@@AAE_NXZ
?readCppStyleComment@Reader@Json@@AAE_NXZ
?readNumber@Reader@Json@@AAEXXZ
?readObject@Reader@Json@@AAE_NAAVToken@12@@Z
?readString@Reader@Json@@AAE_NXZ
?readToken@Reader@Json@@AAE_NAAVToken@12@@Z
?readValue@Reader@Json@@AAE_NXZ
?recoverFromError@Reader@Json@@AAE_NW4TokenType@12@@Z
?releasePayload@Value@Json@@AAEXXZ
?removeIndex@Value@Json@@QAE_NIPAV12@@Z
?removeMember@Value@Json@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?removeMember@Value@Json@@QAEXPBD@Z
?removeMember@Value@Json@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV12@@Z
?removeMember@Value@Json@@QAE_NPBD0PAV12@@Z
?removeMember@Value@Json@@QAE_NPBDPAV12@@Z
?resize@Value@Json@@QAEXI@Z
?resolve@Path@Json@@QBE?AVValue@2@ABV32@0@Z
?resolve@Path@Json@@QBEABVValue@2@ABV32@@Z
?resolveReference@Value@Json@@AAEAAV12@PBD0@Z
?resolveReference@Value@Json@@AAEAAV12@PBD@Z
?setComment@Value@Json@@QAEXPBDIW4CommentPlacement@2@@Z
?setComment@Value@Json@@QAEXPBDW4CommentPlacement@2@@Z
?setComment@Value@Json@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4CommentPlacement@2@@Z
?setDefaults@CharReaderBuilder@Json@@SAXPAVValue@2@@Z
?setDefaults@StreamWriterBuilder@Json@@SAXPAVValue@2@@Z
?setIsAllocated@Value@Json@@AAEX_N@Z
?setOffsetLimit@Value@Json@@QAEXH@Z
?setOffsetStart@Value@Json@@QAEXH@Z
?setType@Value@Json@@AAEXW4ValueType@2@@Z
?size@Value@Json@@QBEIXZ
?skipCommentTokens@Reader@Json@@AAEXAAVToken@12@@Z
?skipSpaces@Reader@Json@@AAEXXZ
?strictMode@CharReaderBuilder@Json@@SAXPAVValue@2@@Z
?strictMode@Features@Json@@SA?AV12@XZ
?swap@Value@Json@@QAEXAAV12@@Z
?swapPayload@Value@Json@@QAEXAAV12@@Z
?toStyledString@Value@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?type@Value@Json@@QBE?AW4ValueType@2@XZ
?unindent@StyledStreamWriter@Json@@AAEXXZ
?unindent@StyledWriter@Json@@AAEXXZ
?validate@CharReaderBuilder@Json@@QBE_NPAVValue@2@@Z
?validate@StreamWriterBuilder@Json@@QBE_NPAVValue@2@@Z
?valueToQuotedString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NIW4PrecisionType@1@@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K@Z
?valueToString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?what@Exception@Json@@UBEPBDXZ
?write@FastWriter@Json@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVValue@2@@Z
?write@StyledStreamWriter@Json@@QAEXAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@ABVValue@2@@Z
?write@StyledWriter@Json@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVValue@2@@Z
?writeArrayValue@StyledStreamWriter@Json@@AAEXABVValue@2@@Z
?writeArrayValue@StyledWriter@Json@@AAEXABVValue@2@@Z
?writeCommentAfterValueOnSameLine@StyledStreamWriter@Json@@AAEXABVValue@2@@Z
?writeCommentAfterValueOnSameLine@StyledWriter@Json@@AAEXABVValue@2@@Z
?writeCommentBeforeValue@StyledStreamWriter@Json@@AAEXABVValue@2@@Z
?writeCommentBeforeValue@StyledWriter@Json@@AAEXABVValue@2@@Z
?writeIndent@StyledStreamWriter@Json@@AAEXXZ
?writeIndent@StyledWriter@Json@@AAEXXZ
?writeString@Json@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVFactory@StreamWriter@1@ABVValue@1@@Z
?writeValue@FastWriter@Json@@AAEXABVValue@2@@Z
?writeValue@StyledStreamWriter@Json@@AAEXABVValue@2@@Z
?writeValue@StyledWriter@Json@@AAEXABVValue@2@@Z
?writeWithIndent@StyledStreamWriter@Json@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?writeWithIndent@StyledWriter@Json@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

18:16:70:a1:c7:4e:3e:59:b4:37:90:1c:a7:5c:fa:a8Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e6:ed:76:ab:d1:46:27:20:91:32:65:69:bf:a1:4b:f4:7d:c8:b6:9b:6c:a4:4e:36:1b:f0:c7:d6:d5:bb:c8:92Signer

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 941KB - Virtual size: 944KB

.rsrc Size: 23KB - Virtual size: 24KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 337KB - Virtual size: 336KB

.data Size: 35KB - Virtual size: 130KB

.rsrc Size: 327KB - Virtual size: 327KB

.reloc Size: 83KB - Virtual size: 83KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

18:16:70:a1:c7:4e:3e:59:b4:37:90:1c:a7:5c:fa:a8
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e6:ed:76:ab:d1:46:27:20:91:32:65:69:bf:a1:4b:f4:7d:c8:b6:9b:6c:a4:4e:36:1b:f0:c7:d6:d5:bb:c8:92
Signer

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 941KB - Virtual size: 944KB

.rsrc
Size: 23KB - Virtual size: 24KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 337KB - Virtual size: 336KB

.data
Size: 35KB - Virtual size: 130KB

.rsrc
Size: 327KB - Virtual size: 327KB

.reloc
Size: 83KB - Virtual size: 83KB