zsiagzzSD[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

zsiagzzSD.exe
Size

7.3MB
MD5

30113a67722c9291678a420828ecfb37
SHA1

9388a7d40274d562a00d3df55d521260cf2a93c7
SHA256

1e1601c35565583967b8d07f3a9058cb324877f4a7f66715313e52847eef54be
SHA512

561dc98f15143e4a7da7a6a5ad56d6cc6d93b3794f036cd07f013bb7dabfcbd52e560b8799b1022ce8b3ea073e80e360b5621b48996e04b03962cdfde6a2b03f
SSDEEP

196608:ChtDlqH9zdWI9waVgrO3h3AlMM9ocVkfLCons:Chc9xWI9/VqO3GMM9FVcLPs

Score

1^/10

Malware Config

Signatures

Files

zsiagzzSD.exe
.exe windows:6 windows x64 arch:x64

6e54e9742f4945523ac48c0886d13a69

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:ea:f6:1d:c3:95:f6:30:41:f4:24:7d:ae:76:ab:7e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

09/09/2016, 00:00

Not After

12/08/2018, 23:59

Subject

CN=福建六壬网安股份有限公司,OU=IT,O=福建六壬网安股份有限公司,L=福州,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

95:13:9d:cf:6b:ac:e7:89:63:a6:ae:cd:76:9b:55:d0:5a:4f:5f:44:e8:0c:fc:1c:8b:32:ac:6c:71:b3:02:34
Signer

Actual PE Digest

95:13:9d:cf:6b:ac:e7:89:63:a6:ae:cd:76:9b:55:d0:5a:4f:5f:44:e8:0c:fc:1c:8b:32:ac:6c:71:b3:02:34

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MoveFileExA
WaitForSingleObjectEx
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetTickCount
VerifyVersionInfoA
GetSystemDirectoryA
SleepEx
LeaveCriticalSection
EnterCriticalSection
LocalFree
FormatMessageA
SetLastError
RtlCaptureContext
InitializeCriticalSectionEx
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
QueryFullProcessImageNameW
AreFileApisANSI
GetModuleHandleW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CreateFileW
GetConsoleWindow
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualProtect
GetCurrentProcessId
Beep
lstrcpyA
DeleteFileA
GetLastError
CopyFileA
GetTempPathA
Sleep
lstrcatA
GetEnvironmentVariableA
GetShortPathNameA
K32EnumProcessModules
CloseHandle
Process32Next
K32GetModuleFileNameExA
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32First
GetModuleFileNameA
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
CreateThread
GetCurrentProcess
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringW
GetFileInformationByHandleEx
GlobalAlloc
RtlLookupFunctionEntry
MultiByteToWideChar
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
HeapAlloc
RtlUnwindEx
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ReleaseCapture
IsIconic
SetCursorPos
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetCursorPos
OpenClipboard
ReleaseDC
SetForegroundWindow
MessageBoxA
DispatchMessageA
TranslateMessage
PeekMessageA
PostQuitMessage
UpdateWindow
GetWindowLongW
AdjustWindowRectEx
LoadCursorA
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
TrackMouseEvent
GetMonitorInfoA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
SetFocus
BringWindowToTop
SetCapture
SetCursor
SetWindowLongW
GetClientRect
UnregisterClassA
RegisterClassExA
CharUpperBuffW

gdi32

GetDeviceCaps

advapi32

SetSecurityInfo
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
RegSetValueExA
GetUserNameA
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
OpenProcessToken
RegQueryValueExA

shell32

SHGetFolderPathA
ShellExecuteA

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

msvcp140

?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?uncaught_exception@std@@YA_NXZ
_Thrd_detach
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?good@ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?setf@ios_base@std@@QEAAHHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
_Cnd_do_broadcast_at_thread_exit

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory

normaliz

IdnToAscii

wldap32

ord41
ord22
ord217
ord27
ord32
ord45
ord35
ord79
ord30
ord200
ord301
ord143
ord50
ord33
ord60
ord211
ord46
ord26

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore

ws2_32

ntohl
gethostname
sendto
recvfrom
WSACleanup
ioctlsocket
closesocket
freeaddrinfo
recv
send
WSAStartup
WSAIoctl
WSAGetLastError
bind
WSASetLastError
connect
getpeername
socket
getaddrinfo
select
getsockname
__WSAFDIsSet
accept
setsockopt
htonl
getsockopt
listen
htons
ntohs

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
strrchr
memset
memmove
__C_specific_handler
memcmp
memchr
_CxxThrowException
__std_exception_copy
__std_exception_destroy
memcpy
strchr
__std_terminate
strstr

api-ms-win-crt-stdio-l1-1-0

_open
_write
_read
fseek
fwrite
_wfopen
__stdio_common_vsprintf
__p__commode
_set_fmode
fread
_close
__stdio_common_vsscanf
fputc
fflush
__acrt_iob_func
fgetc
ftell
_lseeki64
fgetpos
setvbuf
ungetc
fsetpos
feof
fputs
fopen
_fseeki64
_popen
_pclose
fgets
_get_stream_buffer_pointers
fclose

api-ms-win-crt-string-l1-1-0

strpbrk
tolower
strcmp
strcspn
strncpy
strspn
strcat_s
strncmp
_strdup
isupper

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
calloc
realloc
_callnewh

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtoul
strtoull
strtod
strtoll

api-ms-win-crt-filesystem-l1-1-0

_access
_stat64
_fstat64
_lock_file
_unlock_file
_unlink
rename

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-runtime-l1-1-0

_getpid
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_resetstkoflw
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__sys_nerr
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_errno
terminate
system
_beginthreadex
abort
exit
_invalid_parameter_noinfo_noreturn
strerror

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
setlocale
_configthreadlocale
localeconv

api-ms-win-crt-math-l1-1-0

_dclass
acosf
__setusermatherr
cosf
fmodf
sinf
ceilf
sqrtf
_dsign

Exports

Exports

@9a�� zd��\n� \��S_78$��or��[!�T.�W��剠��I��r�ku��@��0�oS_�"�7p��}��>��c�[iK�d�o�%q��Qk��P�II��kKw>�R�� Dfo /�p=s5G3в�9��J~�E�N�r��g!�bD�&��m�� :g��@��P�l�팎x��wLTn��U�%��,+}`�$�漫��U\��窅��/9��!�v+��ٕ&�+.L2[��Z�Q;�ז 9��\38!�_p��d5��`�ƹI�{s+��8B��ܑ;�27��6�m�\�2��b�@;Z��,P�[�o��y�� \�pdՋ�8�iS��F�s��_^��O�q˗n�z��"��B��%�~� �� 8b�t�{��94FɄ�A`M��dZY�q�� }��ȿz��rӭ��8�!� S�� N�0(��d�J*�� `0��9��J��@ ��f�+l�d�Ӣ�h��Ylu��ght��)<_4�\&��'�Dɺf%AM��a�m0|;-G��뮇��P/m~��\"}�>쪺sKh6Z|"��M��D�M��ES�FGX&LƖ��oZ'�=��r<��w�.� ��{3^,C�{�돻�G]�gԆ~��XB�� ɛfĬdG��dW� ��G�1�7�J��е^:;_e�yx|�t�؉�t��}��O� �|#��U��v�EqQ�ws��K{*}��<��}�� 3��r��X9��2�q��:V��]#TY��(8��)bM�t�׏Z�/�~I��"naW��|��8"��h��{<(�F�$��Fe�(��0/��\��@'�~m��?P�1 �S{�ӧ'][��?��2�N�U�AHv�mZ��ذ��G��I�'9��4s��s��&ς�fB��F|e�H;�1Rs�,��%(q�HcaSחm�!.��౾^�v�kx[�A��gӼ�';��my�+��X�R�eO'�b��F��l>E��#�z�tTm�{��a�(`OE��k>��_�Ĭ�b)E��r��_wO�`�s�tn�D�G��Z`M�`D�g��c��yu��_Src�J�l�M��iݻ.��_Ǧ y�U��Q��k+� ,@S��J� b��;��&]wy�50F� 8ہ"�M�*��>\k��1��Ir��{�L��n:��N/C��V�֧��]H��w ]>��%/x��g�0r�S n�@TkƜ��}��l.Z � ��Im�`�=�]�l2]s��+ �٦3n��J�Z �� Յ�v9 ��"PT_{6Qk��,�;l��a�K:��Q��&f=̗]��y_�P��.~j�]쁴N��ZB�#⸨��0Y�� g�FCn�{��VJp"m7T�ɔ�m�]&��N��X� �C��{�{<��a�b��G#d��Ȗ�� y��+CB$+�/92��c�ѹ�(�H�s��[Ua��㠇I|.O6��z�d�sj�ŵ�oAG&@��wq�D6�W�/�%�7`%�w�ߍ�w��WR�Y��X ��d�:�a�_#&߫R#Dfĕ��iD��Od}�w�(��L�"�Y�=:%|ڄ��58�x<b)R��o��d,ph��M�B��gS=�-��AԵ�`��ǋR��0t��l�-�P��@\�!��D�p,��p&��K�.T9��,��O��^U/�qZ�;C��xl&#}ވ��w1��9e��r�Ff�jģĸ�WJM�1�"�X�K4(cV��.f֎�Y�]��,�Q�p�u��3ˑtH��K��ȵ$(!�-Z18�($��6�E�]�P�C�0ĕ�� m��Y�E٪��Iŋ��?|5+;��U9C'�߁�T�۟*��W6��r�v��P8�mai��y�"��F�o��1�h�܊⏝ToW��KA�$kIY-��p�ŒW�v�Z�c]}~�ל��I��7�� ps��'[߆��K�*xL��eYWT0@��y��>LS��b��6��{z�晢�D�77X}u�{?q�֧8��/��6��8��Q�rY�_��(I��L��`յ�+$2��Pߘ��uP��R��S��-(��p��9<V��rG��f>��%(:�o�Gj)��W�w� �m�\\�<��*��)߶��+B��&�7uv�47Vb��;9�W�X�ðI��^��N%� �γ�Ɋ[��U�W�s��.2>�oI� .�� s6о�֗}�0ڮ��V��m�w;vom-��m�Xi��tT�� c � p��`��+(��(��,M��κ�D��\&xz1�(�?� �#r�+^��$1��>|�?I)1��x�I�;3��X��G��!��ձ��$&N��SH�;њ9e-yɏ��!)�+a��1�8�� V�6̞r7��I��k�{�U�r�l�'��0��]6��t�!��z�TSY��缙��;hRg�+�/y8� ��uj�*� #��1�ŇC��e�c�1�.�׭�t�ZPH:�K�ۙ��1��9�R�\[��QFPjᡸQ��oaW�� ;zT\�H��)7뗱ܷ�k�ϸDk|ϴ��Uc_�8��4i��#Z9��h'T�h�~�� >CH o>"��+Q��wʾZ�R�3�+1��+�;��m(z� j�ԯ��i��ao3�;��*�v^r�5��x��7�/ (>�n��\)�0�Vw</��5��w3�:NjT� ��ld��hTv1R$]q��fd{�M��41d=�x��+7�T�f�� #�A��˻Q��^�9Cde&�u�u{��N��9C!qr�X��pٜ�� g

Sections

.text
Size: - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

._Nu
Size: - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.p%p
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0Dev
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.}cI
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Z>x
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.\yr
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e54e9742f4945523ac48c0886d13a69

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

36:ea:f6:1d:c3:95:f6:30:41:f4:24:7d:ae:76:ab:7eCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

95:13:9d:cf:6b:ac:e7:89:63:a6:ae:cd:76:9b:55:d0:5a:4f:5f:44:e8:0c:fc:1c:8b:32:ac:6c:71:b3:02:34Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

imm32

msvcp140

d3d9

d3dx9_43

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 804KB

.rdata Size: - Virtual size: 161KB

.data Size: - Virtual size: 44KB

.pdata Size: - Virtual size: 33KB

._Nu Size: - Virtual size: 488B

.p%p Size: - Virtual size: 1KB

.0Dev Size: - Virtual size: 2.5MB

.}cI Size: - Virtual size: 3.0MB

.Z>x Size: 5KB - Virtual size: 5KB

.\yr Size: 7.3MB - Virtual size: 7.3MB

.rsrc Size: 512B - Virtual size: 480B

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

36:ea:f6:1d:c3:95:f6:30:41:f4:24:7d:ae:76:ab:7e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

95:13:9d:cf:6b:ac:e7:89:63:a6:ae:cd:76:9b:55:d0:5a:4f:5f:44:e8:0c:fc:1c:8b:32:ac:6c:71:b3:02:34
Signer

.text
Size: - Virtual size: 804KB

.rdata
Size: - Virtual size: 161KB

.data
Size: - Virtual size: 44KB

.pdata
Size: - Virtual size: 33KB

._Nu
Size: - Virtual size: 488B

.p%p
Size: - Virtual size: 1KB

.0Dev
Size: - Virtual size: 2.5MB

.}cI
Size: - Virtual size: 3.0MB

.Z>x
Size: 5KB - Virtual size: 5KB

.\yr
Size: 7.3MB - Virtual size: 7.3MB

.rsrc
Size: 512B - Virtual size: 480B