iworldpc[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

iworldpc.exe
Size

1.4MB
MD5

0d0b7609fb09b70e40049ae90b2294f8
SHA1

203e6fceb39c808519c72b7c5e959a78079eac72
SHA256

34e7c6b8148b2827042031a8465f00a5c2fd74b7cc9329d8ea66341dabf5a11e
SHA512

a3e897ac7d9806ca02050a838ac89b22c10a8a4f52634f7786bbe1d468859054b1e4ea70d334e39044bee87142da09e1dd8297a04605b57aacfb6b9f6fa9157d
SSDEEP

24576:Vu+KpPycXWqbCsBmcSrQjP+JmX9+AccpsSDzwnglBbFbgXk1aTQYTHFR:sVS+t7cOJzxcTL

Score

1^/10

Malware Config

Signatures

Files

iworldpc.exe
.exe windows:6 windows x86 arch:x86

f8d34fd3c6c6e0e79a9d92e7389d65d4

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ff:bd:8c:46:14:80:4f:6b:a9:4b:1a:ae:0b:2b:63
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/10/2020, 00:00

Not After

18/10/2023, 23:59

Subject

CN=深圳市迷你玩科技有限公司,O=深圳市迷你玩科技有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ff:bd:8c:46:14:80:4f:6b:a9:4b:1a:ae:0b:2b:63
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/10/2020, 00:00

Not After

18/10/2023, 23:59

Subject

CN=深圳市迷你玩科技有限公司,O=深圳市迷你玩科技有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6e:ff:98:01:31:d3:5b:9a:81:0f:5f:d5:f6:2b:d9:d2:eb:5c:0d:3a:ee:a7:dd:45:ef:07:fb:a5:31:23:b6:90
Signer

Actual PE Digest

6e:ff:98:01:31:d3:5b:9a:81:0f:5f:d5:f6:2b:d9:d2:eb:5c:0d:3a:ee:a7:dd:45:ef:07:fb:a5:31:23:b6:90

Digest Algorithm

sha256

PE Digest Matches

true

6e:ff:98:01:31:d3:5b:9a:81:0f:5f:d5:f6:2b:d9:d2:eb:5c:0d:3a:ee:a7:dd:45:ef:07:fb:a5:31:23:b6:90
Signer

Actual PE Digest

6e:ff:98:01:31:d3:5b:9a:81:0f:5f:d5:f6:2b:d9:d2:eb:5c:0d:3a:ee:a7:dd:45:ef:07:fb:a5:31:23:b6:90

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\codeOversea\newMiniGame\MiniGame\Bin\MiniGameAppPC.pdb

Imports

wininet

InternetCrackUrlW
InternetCloseHandle
InternetConnectW
InternetReadFile
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
InternetOpenW
HttpQueryInfoW

kernel32

GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameA
CloseHandle
ResetEvent
WaitForSingleObject
CreateMutexW
CreateEventW
CreateThread
GetVersionExW
GetModuleFileNameW
GetPrivateProfileStringA
WideCharToMultiByte
GetUserDefaultLangID
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InitializeCriticalSection
SetCriticalSectionSpinCount
TryEnterCriticalSection
SetEvent
Sleep
OutputDebugStringW
MultiByteToWideChar
GetProcessTimes
OpenProcess
GetSystemTimeAsFileTime
ReadProcessMemory
UnregisterWaitEx
UnregisterWait
ReadFile
WriteFile
DuplicateHandle
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
ReleaseMutex
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
RegisterWaitForSingleObject
GetSystemTime
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryW
GetTickCount
SetLastError
SleepEx
GetVersionExA
FormatMessageA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
LoadLibraryA
ExpandEnvironmentStringsA
GetModuleHandleA
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
LocalFree
LocalAlloc
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SystemTimeToFileTime

user32

LoadIconW
SetWindowLongW
GetUserObjectInformationW
GetWindowLongW
MessageBoxA
GetProcessWindowStation
GetAsyncKeyState
MessageBoxW
GetWindowRect
GetKeyState
GetClientRect
ReleaseDC
GetDC
EnableWindow
KillTimer
SetTimer
SetWindowPos
UpdateLayeredWindow
PostQuitMessage
PostMessageW

gdi32

SetDIBColorTable
GetDIBColorTable
CreateCompatibleDC
StretchBlt
SelectObject
DeleteObject
CreateDIBSection
GetObjectW
DeleteDC

shell32

ShellExecuteExW
ShellExecuteA

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateGuid
CoCreateInstance

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

advapi32

RegQueryValueExW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegOpenKeyExW
RegCloseKey

mfc140u

ord5921
ord280
ord285
ord3009
ord2990
ord7468
ord4606
ord4603
ord4605
ord1052
ord324
ord2215
ord7493
ord12131
ord6218
ord13752
ord2760
ord9210
ord12172
ord1111
ord9040
ord11015
ord11396
ord10472
ord458
ord3403
ord3404
ord3164
ord3305
ord3302
ord10255
ord8210
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord3833
ord11936
ord14588
ord8965
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord5790
ord9693
ord4494
ord3055
ord2750
ord14590
ord7923
ord14596
ord6877
ord11717
ord14234
ord14131
ord13703
ord5935
ord2682
ord12124
ord3941
ord3371
ord3372
ord3265
ord12168
ord1523
ord290
ord12559
ord5110
ord2389
ord2383
ord2385
ord266
ord265
ord2205
ord8162
ord3321
ord3322
ord14264
ord12073
ord12097
ord3624
ord3288
ord10130
ord3600
ord3601
ord1365
ord3301
ord12343
ord2577
ord2567
ord4392
ord13542
ord13543
ord4476
ord8344
ord14232
ord14130
ord8816
ord13468
ord5418
ord7818
ord14136
ord8775
ord8772
ord5532
ord6971
ord12933
ord13861
ord6355
ord8122
ord13864
ord8125
ord4147
ord3924
ord3295
ord3294
ord835
ord8470
ord7653
ord1472
ord8386
ord12247
ord10433
ord12928
ord12865
ord4589
ord7997
ord8324
ord5357
ord10379
ord2486
ord12542
ord12541
ord14589
ord7922
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord2034
ord11983
ord11982
ord14466
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord995
ord6860
ord3852
ord5918
ord12239
ord8217
ord12251
ord12219
ord4092
ord5249
ord5549
ord5760
ord9350
ord5525
ord5763
ord5252
ord5411
ord5228
ord5961
ord7722
ord7723
ord7712
ord5409
ord8219
ord10250
ord9209
ord6495
ord2246
ord1514
ord1512
ord1525
ord1045
ord286
ord296
ord1513
ord1511
ord7107
ord325
ord1053
ord2365
ord2411
ord2409

msimg32

TransparentBlt
AlphaBlend

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathAppendW
PathRemoveFileSpecW
PathCombineW
PathAppendA

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectRect
GdipDrawImageI
GdipDeleteGraphics
GdipCreateFromHDC
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateSolidFill
GdipDeleteBrush
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

msvcp140

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?id@?$ctype@D@std@@2V0locale@2@A
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Raise_handler@std@@3P6AXABVexception@stdext@@@ZA
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?putback@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

vcruntime140

__current_exception_context
__current_exception
__std_terminate
__CxxFrameHandler3
memcpy
memmove
memset
_purecall
strchr
wcsstr
strstr
_except_handler4_common
strrchr
memchr
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

__p___argc
_errno
_invoke_watson
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_invalid_parameter_noinfo
exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
abort
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
signal
strerror
raise
_resetstkoflw
terminate
_controlfp_s
_exit
_beginthreadex
_invalid_parameter_noinfo_noreturn
__sys_nerr

api-ms-win-crt-heap-l1-1-0

calloc
realloc
_set_new_mode
malloc
free

api-ms-win-crt-string-l1-1-0

islower
isupper
isgraph
strcmp
isalnum
isdigit
isxdigit
isspace
_strnicmp
_stricmp
_strdup
isalpha
tolower
strncmp
wcscpy_s
strncpy
isprint
_wcsicmp

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_wstat64
_unlock_file
_stat64i32
_wmkdir
_lock_file

api-ms-win-crt-stdio-l1-1-0

fseek
__stdio_common_vsscanf
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
fgets
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
fputs
ferror
__stdio_common_vfscanf
_wfopen_s
_write
_read
_close
__stdio_common_vfwprintf
ftell
__p__commode
_set_fmode
__stdio_common_vswprintf_s
fopen
_setmode
_fileno
feof
_lseeki64
_open
_wfopen

api-ms-win-crt-convert-l1-1-0

wcstombs_s
_i64tow_s
_strtoi64
_wtoi
wcstol
atoi
strtol
strtoul
atol

api-ms-win-crt-time-l1-1-0

_localtime64
_gmtime64
_time64

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

ws2_32

getsockname
accept
listen
connect
closesocket
bind
recv
WSAStartup
WSACleanup
getaddrinfo
send
WSAIoctl
getsockopt
htons
ntohs
WSAGetLastError
socket
getpeername
WSASetLastError
__WSAFDIsSet
setsockopt
select
shutdown
freeaddrinfo
recvfrom
gethostname
sendto
ioctlsocket

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8d34fd3c6c6e0e79a9d92e7389d65d4

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:ff:bd:8c:46:14:80:4f:6b:a9:4b:1a:ae:0b:2b:63Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:ff:bd:8c:46:14:80:4f:6b:a9:4b:1a:ae:0b:2b:63Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

6e:ff:98:01:31:d3:5b:9a:81:0f:5f:d5:f6:2b:d9:d2:eb:5c:0d:3a:ee:a7:dd:45:ef:07:fb:a5:31:23:b6:90Signer

6e:ff:98:01:31:d3:5b:9a:81:0f:5f:d5:f6:2b:d9:d2:eb:5c:0d:3a:ee:a7:dd:45:ef:07:fb:a5:31:23:b6:90Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

mfc140u

msimg32

comctl32

shlwapi

gdiplus

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-locale-l1-1-0

ws2_32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 254KB - Virtual size: 254KB

.data Size: 16KB - Virtual size: 74KB

.rsrc Size: 68KB - Virtual size: 68KB

.reloc Size: 43KB - Virtual size: 43KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:ff:bd:8c:46:14:80:4f:6b:a9:4b:1a:ae:0b:2b:63
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:ff:bd:8c:46:14:80:4f:6b:a9:4b:1a:ae:0b:2b:63
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

6e:ff:98:01:31:d3:5b:9a:81:0f:5f:d5:f6:2b:d9:d2:eb:5c:0d:3a:ee:a7:dd:45:ef:07:fb:a5:31:23:b6:90
Signer

6e:ff:98:01:31:d3:5b:9a:81:0f:5f:d5:f6:2b:d9:d2:eb:5c:0d:3a:ee:a7:dd:45:ef:07:fb:a5:31:23:b6:90
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 254KB - Virtual size: 254KB

.data
Size: 16KB - Virtual size: 74KB

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 43KB - Virtual size: 43KB