439952718b5512e8f1e27e3980cc75acee14a318b68ddbb7fb06fd49a67aae20

Sharing

Copy URL Twitter E-mail

General

Target

439952718b5512e8f1e27e3980cc75acee14a318b68ddbb7fb06fd49a67aae20
Size

1.6MB
MD5

6ad5efd4afa862e95d63ef2a46a6abfc
SHA1

a0bb91ac67890fbc36d3219c73bc67b44d230490
SHA256

439952718b5512e8f1e27e3980cc75acee14a318b68ddbb7fb06fd49a67aae20
SHA512

de99c8e6354d483f7955bd7792332b1062bc3d87d2430d2f84cbb0f0baa007b24566a4354a1378015d7552fbd9c0fe9005cde833f54f217b73d1bca1751fdbd4
SSDEEP

49152:301X2U+ZJteZ2s2cqYlCo6Lxpxrd01U21qh:E1GUsteQc9lCo6lp+Uh

Score

1^/10

Malware Config

Signatures

Files

439952718b5512e8f1e27e3980cc75acee14a318b68ddbb7fb06fd49a67aae20
.dll windows:6 windows x86 arch:x86

25e8a8ea2b10f2dbfca5fe4dc51a4782

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:8a:2f:31:3a:b2:c2:9c:d4:2b:06:2a:0e:46:7b:0c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/11/2023, 00:00

Not After

04/11/2025, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:84:2c:30:3f:1a:51:3f:b8:ef:45:16:b7:f9:ae:21:30:da:c4:58:06:0e:b6:92:4c:ff:a4:46:a1:8e:77:ce
Signer

Actual PE Digest

81:84:2c:30:3f:1a:51:3f:b8:ef:45:16:b7:f9:ae:21:30:da:c4:58:06:0e:b6:92:4c:ff:a4:46:a1:8e:77:ce

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins\workspace\CR-CLIENT-12.0.0\CR-MetaBuild-Win\cr-win-client\dist\msvs_win32\Release\x86\sym\CRWindowsClientService\CRClient\CRClient.pdb

Imports

kernel32

GetThreadId
ReadProcessMemory
GetCurrentProcessId
FreeLibrary
LocaleNameToLCID
OpenThread
ConnectNamedPipe
WriteProcessMemory
VirtualProtect
SetUnhandledExceptionFilter
LoadLibraryW
WerUnregisterRuntimeExceptionModule
WerRegisterRuntimeExceptionModule
OutputDebugStringW
TerminateProcess
GetCurrentProcess
ReadFile
GetModuleHandleW
CreateProcessW
CloseHandle
GetFileAttributesW
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
HeapDestroy
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
HeapReAlloc
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetProcAddress
IsDebuggerPresent
GetFileInformationByHandleEx
LockResource
FindFirstFileExW
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
AreFileApisANSI
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
GetThreadContext
CreateThread
TerminateThread
ResumeThread
SuspendThread
GetCurrentThreadId
WaitForSingleObject
K32GetModuleFileNameExW
UnmapViewOfFile
HeapValidate
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
LoadLibraryA
LoadLibraryExW
GetEnvironmentVariableW
GetSystemDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
WriteFile
DisconnectNamedPipe
CreateNamedPipeW
LocalAlloc
LocalFree
lstrcmpA
GetFileAttributesExW
GetFileSize
GetSystemInfo
GetLocaleInfoEx
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
GetProcessId
GetLastError
MultiByteToWideChar
HeapSize
InitializeCriticalSectionEx
GetModuleFileNameW
HeapFree
SetFileInformationByHandle
SizeofResource
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
LockFileEx
UnlockFile
HeapCompact
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
OutputDebugStringA

user32

ReleaseCapture
InvalidateRect
UpdateWindow
PtInRect
ReleaseDC
EnableWindow
SetForegroundWindow
EnableMenuItem
GetSysColorBrush
GetDesktopWindow
PostQuitMessage
CheckDlgButton
DrawIconEx
GetDlgItem
GetParent
GetWindowTextW
GetClientRect
LoadImageW
SetWindowLongW
SetCursor
SetCapture
LoadCursorW
TranslateMessage
SetPropW
SetFocus
IsDlgButtonChecked
DialogBoxIndirectParamW
GetWindowThreadProcessId
IsWindowVisible
GetSysColor
IsHungAppWindow
SetDlgItemTextW
ClientToScreen
GetDlgCtrlID
CopyRect
EnumWindows
DispatchMessageW
GetCapture
OffsetRect
IsWindow
ShowWindow
RegisterClassExW
SetWindowTextW
GetSystemMetrics
DisableProcessWindowsGhosting
GetWindowLongW
GetWindowTextLengthW
RemovePropW
EndDialog
SendMessageW
CreateWindowExW
GetPropW
GetMessageW
DefWindowProcW
MessageBoxW
SetWindowPos
GetDC
GetWindowRect
GetWindow
PostMessageW
CallWindowProcW
GetKeyState
GetSystemMenu

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreateSolidBrush
CreateFontIndirectW

shell32

ShellExecuteW
SHGetKnownFolderPath
ord6
SHCreateDirectoryExW

dbghelp

SymGetModuleBase64
SymGetModuleInfo64
SymFunctionTableAccess64
SymInitialize
StackWalk64
SymFromAddr

msvcp140

?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
_Mtx_trylock
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Syserror_map@std@@YAPBDH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Xtime_get_ticks
?_Winerror_map@std@@YAHH@Z
_Strcoll
_Strxfrm
_Wcscoll
_Wcsxfrm
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
_Thrd_join
_Thrd_id
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Mtx_unlock
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFindExtensionW
PathFileExistsW
PathFindFileNameW

wintrust

WinVerifyTrust

crypt32

CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptDecodeObject
CryptMsgClose

vcruntime140

__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
_get_purecall_handler
_set_purecall_handler
wcsrchr
memset
memcpy
strchr
_CxxThrowException
memchr
wcsstr
memmove
strrchr
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

wcslen
_wcsdup
strtok_s
isspace
_strdup
tolower
strncpy_s
strcspn
_wcsicmp
iswspace
wmemcpy_s
wcsnlen
strncmp

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
calloc
_set_new_mode
malloc
free
_recalloc
_msize

api-ms-win-crt-runtime-l1-1-0

_set_new_handler
_get_invalid_parameter_handler
_set_invalid_parameter_handler
_invalid_parameter_noinfo_noreturn
_errno
_beginthreadex
_seh_filter_dll
_invalid_parameter_noinfo
_endthreadex
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_getpid
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
signal

api-ms-win-crt-convert-l1-1-0

atoi
_ultow_s
_itoa_s
_wtoi
wcstol

api-ms-win-crt-stdio-l1-1-0

fsetpos
fflush
ungetc
setvbuf
_fseeki64
__stdio_common_vswprintf_s
__stdio_common_vswprintf
_get_stream_buffer_pointers
fputwc
fputc
fgetpos
__stdio_common_vsprintf
__stdio_common_vsprintf_s
fwrite
fread
ungetwc
fgetc
fgetwc
fclose

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_stat64i32
_wremove
_unlock_file

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_localtime64
_gmtime64_s
_time64

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-math-l1-1-0

ceil

advapi32

RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
RegQueryValueExW
RegCloseKey

ole32

CoCreateGuid
CoTaskMemFree

Exports

Exports

AddCRCustomData
AdobeCrashReporterEnableSignalHandling
CrashReporterInitialize
DisableCRDunamisExitEventCapture
GetCRDialogOptions
GetCRLastErrorCode
GetCRReportSendPreference
SendCRErrorEventToDunamis
SetAppIntegrityLevelLow
SetCRDialogOptions
SetCRDialogScalingFactor
SetCRDialogUserEmail
SetCRDisplayName
SetCRHighbeamSessionId
SetCRHighbeamSessionInfo
SetCRIMSUserGuid
SetCRLocale
SetCRParentWnd
SetCRPostHandler
SetCRPostHandlerPassingExceptionInfoAndContext
SetCRPosthandlerThreadPreference
SetCRPreHandler
SetCRReportSendPreference
SetCRSessionNonGenuine
SetCRSignatureVerificationPreference
SetDunamisExitNormal
SetDunamisSessionId
SetDunamisSourceAppName
ShowCRDialogOnlyOnFirstCrash
ShowCRNativeDialogOnCrash

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25e8a8ea2b10f2dbfca5fe4dc51a4782

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:8a:2f:31:3a:b2:c2:9c:d4:2b:06:2a:0e:46:7b:0cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

81:84:2c:30:3f:1a:51:3f:b8:ef:45:16:b7:f9:ae:21:30:da:c4:58:06:0e:b6:92:4c:ff:a4:46:a1:8e:77:ceSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

dbghelp

msvcp140

shlwapi

wintrust

crypt32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

advapi32

ole32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 159KB - Virtual size: 158KB

.data Size: 15KB - Virtual size: 19KB

.rsrc Size: 54KB - Virtual size: 53KB

.reloc Size: 45KB - Virtual size: 44KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:8a:2f:31:3a:b2:c2:9c:d4:2b:06:2a:0e:46:7b:0c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

81:84:2c:30:3f:1a:51:3f:b8:ef:45:16:b7:f9:ae:21:30:da:c4:58:06:0e:b6:92:4c:ff:a4:46:a1:8e:77:ce
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 159KB - Virtual size: 158KB

.data
Size: 15KB - Virtual size: 19KB

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 45KB - Virtual size: 44KB