92c55cb1e79443fdbf3bf51742731d6beb076f2a978648af590e641fe6f6f400

Sharing

Copy URL

Twitter E-mail

General

Target

92c55cb1e79443fdbf3bf51742731d6beb076f2a978648af590e641fe6f6f400
Size

1.4MB
MD5

a99131ba0d826360ebfc5fc573b325a4
SHA1

4042ef0d2afa0705ebff4d5f98e2f83b505b0daa
SHA256

92c55cb1e79443fdbf3bf51742731d6beb076f2a978648af590e641fe6f6f400
SHA512

b17aacdf38a1720d6ad806c6125711086df5f6fd2473d81ec308e2a6aefef2acfb4cfc28f43e930ed032e8b56dc3659994fa8cde7111f35bf44e358a91d9b551
SSDEEP

24576:hdjx71gWufN62IR0/hjlB6iTzKFjiQpWw+MToLHQrEH7pfGHR4Y6S2O2:zxSN7dSOQpWXMToL5fGHR4Y6S2O2

Score

1^/10

Malware Config

Signatures

Files

92c55cb1e79443fdbf3bf51742731d6beb076f2a978648af590e641fe6f6f400
.exe windows:5 windows x86 arch:x86

1a699c05762cb574bab84c2ec5316c96

Code Sign

0f:05:ae:21:cd:c1:7b:9f:3c:f0:9d:7b:fc:65:9b:a3
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-02-2020 00:00

Not After

17-02-2023 12:00

Subject

CN=Glarysoft LTD,O=Glarysoft LTD,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:06:79:fd:2c:2e:aa:69:21:0f:c6:b7:95:ad:64:2f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-02-2020 00:00

Not After

17-02-2023 12:00

Subject

CN=Glarysoft LTD,OU=IT,O=Glarysoft LTD,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:83:3a:89:cc:ed:03:80:91:5b:4f:69:f7:3e:91:1c:4c:29:5f:c2:88:bb:fc:a1:1d:1c:25:6f:d5:32:d8:7a
Signer

Actual PE Digest

de:83:3a:89:cc:ed:03:80:91:5b:4f:69:f7:3e:91:1c:4c:29:5f:c2:88:bb:fc:a1:1d:1c:25:6f:d5:32:d8:7a

Digest Algorithm

sha256

PE Digest Matches

false

7b:41:95:7c:d3:5e:09:cf:36:2e:f7:b4:f2:5d:30:13:39:08:51:19
Signer

Actual PE Digest

7b:41:95:7c:d3:5e:09:cf:36:2e:f7:b4:f2:5d:30:13:39:08:51:19

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\winapps\5.0\Build\QuickSearch\Release\QuickSearch.pdb

Imports

memfiles

RestartMemfilesService
SortByResult
GetSelectFileCountByResult
GetSelectFilePathByResult
RemoveSelectIndexByResult
AddSelectIndexByResult
IsSelectByResult
SetSelectIndexByResult
FindFileIndexByResult
GetMemfilesServiceVersion
ReleaseCurLoadDiskInfo
GetCurLoadDiskInfo
SetQuickSearchExcludePath
SetQuickSearchExcludeFileAttribute
GetFilePathByResultW
GetFileNameByResultW
GetAttributeByResult
ReleaseFileInfo
GetFileInfoByResult
SetChangeNotifyHWND
EnabledChangeNotifyByResult
LoadDiskForSearch
SetFilesMaskByResult
ReleaseString
QuickSearch
ConvertMatchString
UninitMemfilesService
SetChangeNotifyCallBack
SetUsedCacheDataByResult
InitMemfilesService
ReleaseFilePath
GetMulteFilePathByResult
GetFileCountByResult

languages

ord8
ord5
ord6
ord1
ord3
ord4

lockdll

ord6
ord2
_GoHomePage@8

shortcutfixer

GetShortcutsTargetPath
GetShortcutsArguments
CloseShortcuts
GetShortcutsIconLocation
CreateShortcuts

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

mfc90u

ord613
ord6780
ord3856
ord662
ord398
ord790
ord586
ord5853
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord3115
ord4905
ord3670
ord2447
ord1144
ord3217
ord1186
ord1098
ord4211
ord794
ord589
ord4043
ord6527
ord2696
ord5852
ord316
ord601
ord4519
ord5559
ord1556
ord690
ord441
ord6355
ord6063
ord6572
ord6060
ord6566
ord4579
ord6569
ord6372
ord6183
ord6101
ord5974
ord6040
ord5863
ord5850
ord6418
ord6174
ord3513
ord5342
ord6022
ord6808
ord6806
ord744
ord524
ord3637
ord4543
ord6574
ord2758
ord6547
ord3741
ord4044
ord3933
ord6091
ord3068
ord6275
ord1496
ord611
ord3489
ord4652
ord1665
ord2274
ord678
ord3548
ord1683
ord1771
ord615
ord3496
ord4654
ord1667
ord2277
ord4510
ord1601
ord2103
ord4234
ord6065
ord1533
ord6164
ord933
ord1552
ord5535
ord663
ord404
ord1064
ord3399
ord2209
ord664
ord405
ord750
ord3627
ord1708
ord1779
ord4319
ord6760
ord4266
ord1937
ord2695
ord935
ord5510
ord5509
ord5511
ord5508
ord5231
ord5047
ord5301
ord5277
ord4608
ord4632
ord5168
ord5661
ord5152
ord4739
ord2360
ord1063
ord1088
ord1137
ord1108
ord1688
ord4026
ord686
ord436
ord753
ord539
ord3907
ord1248
ord4405
ord4774
ord6666
ord2146
ord1357
ord2130
ord3577
ord2282
ord4512
ord2592
ord3742
ord2470
ord3488
ord778
ord3654
ord4660
ord1719
ord2283
ord2593
ord6187
ord1354
ord1353
ord3543
ord2106
ord1183
ord3486
ord636
ord367
ord6096
ord2537
ord2326
ord938
ord5938
ord2479
ord4490
ord6687
ord1607
ord285
ord3220
ord287
ord291
ord3500
ord5767
ord1219
ord6811
ord1276
ord2458
ord1243
ord2523
ord2145
ord3191
ord452
ord1557
ord1542
ord608
ord324
ord702
ord453
ord4322
ord3018
ord2501
ord2490
ord665
ord406
ord6529
ord265
ord266
ord1254
ord1250
ord784
ord582
ord2676
ord1603
ord6659
ord2478
ord5979
ord6013
ord1599
ord5632
ord4631
ord5324
ord2208
ord1810
ord1809
ord3353
ord337
ord1492
ord1041
ord758
ord554
ord1166
ord6172
ord3149
ord4451
ord1723
ord788
ord585
ord792
ord587
ord290
ord6095
ord3622
ord6349
ord4351
ord2143
ord2901
ord1678
ord6094
ord4410
ord4541
ord677
ord3547
ord4656
ord1682
ord1770
ord2278
ord3826
ord2267
ord3145
ord2726
ord6347
ord6205
ord1935
ord3187
ord5770
ord2469
ord2885
ord2170
ord4287
ord3085
ord4066
ord4074
ord5841
ord1026
ord1484
ord2475
ord6683
ord2981
ord2927
ord3368
ord6673
ord5966
ord4926
ord4788
ord2344
ord6782
ord4163
ord6601
ord3066
ord6593
ord4328
ord5102
ord4617
ord1444
ord4682
ord5653
ord4741
ord5167
ord4516
ord6353
ord6311
ord3165
ord2597
ord6604
ord2069
ord6577
ord1675
ord4262
ord2904
ord5008
ord4000
ord1938
ord693
ord3563
ord3252
ord4658
ord2280
ord654
ord595
ord797
ord3528
ord4681
ord4910
ord4348
ord2891
ord4071
ord4081
ord4080
ord3286
ord2764
ord2893
ord2774
ord3140
ord2966
ord4728
ord3112
ord2983
ord2771
ord5650
ord1727
ord1791
ord1792
ord2139
ord5625
ord1442
ord3226
ord6376
ord5404
ord3682
ord6804
ord4174
ord6802
ord1641
ord2368
ord2375
ord2630
ord2612
ord2610
ord2628
ord2640
ord2617
ord2633
ord1752
ord2967
ord3514
ord4784
ord5007
ord3999
ord370
ord310
ord818
ord821
ord1608
ord2638
ord2621
ord2623
ord2625
ord305
ord3221
ord3231
ord5939
ord6686
ord1486
ord4530
ord2364
ord3537
ord2197
ord1420
ord1043
ord783
ord581
ord724
ord1272
ord481
ord2372
ord1383
ord3445
ord2243
ord339
ord5078
ord4815
ord6350
ord2619
ord2635
ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5664
ord4603
ord6800
ord5512
ord2074
ord5602
ord4664
ord1493
ord4345
ord1751
ord1754
ord6411
ord3355
ord639
ord374
ord3794
ord6579
ord4131
ord2595
ord5851
ord811
ord280
ord813
ord814
ord3768
ord3155
ord4398
ord4010
ord3842
ord6204
ord462
ord6408
ord286
ord2694
ord600
ord4527
ord2431
ord1689
ord3061
ord6636
ord1047
ord2596
ord638
ord296
ord799
ord801
ord333
ord710

msvcr90

memset
memcpy
__CxxFrameHandler3
_CxxThrowException
_purecall
wprintf
_beginthreadex
_endthreadex
_mktime64
wcschr
__wargv
__argc
_wcstoi64
_localtime64_s
_time64
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcsncpy_s
calloc
_recalloc
_resetstkoflw
memcpy_s
_wcsnicmp
ispunct
isspace
wcstol
_wcsicmp
wcstoul
wcsrchr
malloc
free
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
wcscpy_s
??0exception@std@@QAE@XZ
memmove_s
??1exception@std@@UAE@XZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
strcspn
_msize
_stat64i32
exit
fclose
fseek
realloc
ftell
_findfirst64i32
fread
fopen
_findclose
strncpy
_findnext64i32
isalnum
_snprintf
rewind
strncmp
memmove
wcstod
wcsstr
printf
??0exception@std@@QAE@ABQBD@Z

kernel32

GetEnvironmentVariableA
SetUnhandledExceptionFilter
GetCommandLineW
LocalFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetComputerNameW
SetFilePointer
ReadFile
GetCurrentProcessId
FreeLibrary
GetVersionExW
GetDiskFreeSpaceExW
GetVolumeInformationW
VerifyVersionInfoW
VerSetConditionMask
LocalFileTimeToFileTime
FindNextFileW
FindClose
FindFirstFileW
GetOverlappedResult
ReadDirectoryChangesW
FileTimeToLocalFileTime
CompareFileTime
FileTimeToSystemTime
CreateFileW
WriteFile
OutputDebugStringW
SetEvent
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GlobalFree
ResumeThread
DuplicateHandle
QueryPerformanceCounter
QueryPerformanceFrequency
lstrcpyW
GlobalUnlock
GlobalLock
GlobalAlloc
CreateMutexW
GetPrivateProfileStringW
GetLogicalDrives
CloseHandle
GetLongPathNameW
WideCharToMultiByte
lstrlenA
InterlockedExchange
lstrlenW
GetTickCount
TerminateThread
WaitForSingleObject
MultiByteToWideChar
LoadLibraryW
GetFullPathNameA
GetLastError
SetLastError
GetVersion
GetModuleFileNameW
Sleep
GetFileAttributesW
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleW
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
DeleteFileA
AreFileApisANSI
GetTempPathA
DeleteFileW
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
FormatMessageA
GetProcessHeap
UnlockFileEx
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
HeapAlloc
SetEndOfFile
TryEnterCriticalSection
HeapCompact
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameW
ExpandEnvironmentStringsW

user32

InvalidateRect
GetFocus
IsWindowVisible
GetWindowRect
IsWindow
SendMessageW
GetWindowRgnBox
EnumChildWindows
GetSysColorBrush
TrackPopupMenu
CallWindowProcW
DestroyMenu
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
InsertMenuW
CreateMenu
GetMenuItemInfoW
UnionRect
GetMenuBarInfo
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetMenuState
SetWindowTextW
InsertMenuItemW
DrawIconEx
GetSysColor
GetCursor
EnableWindow
SetWindowPos
SetActiveWindow
LoadAcceleratorsW
SetCapture
ReleaseCapture
ClientToScreen
FillRect
SetMenuDefaultItem
GetDlgCtrlID
TranslateAcceleratorW
GetMenuItemID
GetMenuItemCount
GetKeyState
IsZoomed
GetWindow
IsIconic
GetSystemMetrics
GetSubMenu
LoadMenuW
LoadIconW
RegisterClipboardFormatW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
UnregisterHotKey
RegisterHotKey
SetPropW
EnumWindows
PostMessageW
GetPropW
wsprintfW
LoadImageW
DestroyIcon
DrawIcon
GetIconInfo
GrayStringW
DrawTextExW
TabbedTextOutW
MonitorFromPoint
GetMonitorInfoW
MonitorFromRect
SetForegroundWindow
GetLayeredWindowAttributes
PtInRect
GetForegroundWindow
SetRectEmpty
IsRectEmpty
OffsetRect
GetActiveWindow
FrameRect
GetWindowRgn
SetWindowRgn
SetLayeredWindowAttributes
SystemParametersInfoW
TrackMouseEvent
EqualRect
DrawTextW
LoadCursorW
SetCursor
GetParent
CopyRect
SetRect
ReleaseDC
GetDC
RedrawWindow
LoadBitmapW
AppendMenuW
CreatePopupMenu
ScreenToClient
GetCursorPos
GetClientRect
SetTimer
KillTimer
SetWindowLongW
GetWindowLongW

gdi32

GetBitmapDimensionEx
GetMapMode
LPtoDP
SetBitmapDimensionEx
GetBkMode
CreateFontIndirectW
CreateSolidBrush
Escape
ExtTextOutW
FillRgn
DPtoLP
SetBrushOrgEx
CreatePatternBrush
CreatePen
GetCurrentObject
CreateFontW
GetDeviceCaps
FillPath
EndPath
BeginPath
GetBkColor
RectVisible
FrameRgn
CreateRoundRectRgn
TextOutW
GetDIBColorTable
StretchBlt
GetObjectW
SetDIBColorTable
DeleteObject
CreateDIBSection
DeleteDC
GetTextExtentPoint32W
CreateCompatibleBitmap
SelectObject
BitBlt
PtVisible
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend
GradientFill

advapi32

RegEnumKeyW
RegOpenKeyW
GetUserNameW
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
RegCloseKey

shell32

ord43
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW
ord165
SHGetSpecialFolderLocation
CommandLineToArgvW
ord701
SHGetDesktopFolder
ord716
SHFileOperationW

comctl32

InitCommonControlsEx
FlatSB_EnableScrollBar
_TrackMouseEvent

shlwapi

PathIsDirectoryW
StrFormatByteSizeW
SHGetValueW
SHSetValueW
PathIsNetworkPathW
PathFindExtensionW
StrFormatKBSizeW
ord354
PathFileExistsW

ole32

CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

msvcp90

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

gdiplus

GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipFillRectangleI

crashreport

ord1

checkupdate

ord6

config

ord12
ord3
ord11
ord13
GUCIsSeparate
ord2
ord10
ord1

Exports

Exports

MatchMask

Sections

.text
Size: 1016KB - Virtual size: 1015KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a699c05762cb574bab84c2ec5316c96

Code Sign

0f:05:ae:21:cd:c1:7b:9f:3c:f0:9d:7b:fc:65:9b:a3Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

06:06:79:fd:2c:2e:aa:69:21:0f:c6:b7:95:ad:64:2fCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

de:83:3a:89:cc:ed:03:80:91:5b:4f:69:f7:3e:91:1c:4c:29:5f:c2:88:bb:fc:a1:1d:1c:25:6f:d5:32:d8:7aSigner

7b:41:95:7c:d3:5e:09:cf:36:2e:f7:b4:f2:5d:30:13:39:08:51:19Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

memfiles

languages

lockdll

shortcutfixer

version

mfc90u

msvcr90

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp90

gdiplus

crashreport

checkupdate

config

Exports

Exports

Sections

.text Size: 1016KB - Virtual size: 1015KB

.rdata Size: 185KB - Virtual size: 184KB

.data Size: 15KB - Virtual size: 69KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 83KB - Virtual size: 82KB

0f:05:ae:21:cd:c1:7b:9f:3c:f0:9d:7b:fc:65:9b:a3
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

06:06:79:fd:2c:2e:aa:69:21:0f:c6:b7:95:ad:64:2f
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

de:83:3a:89:cc:ed:03:80:91:5b:4f:69:f7:3e:91:1c:4c:29:5f:c2:88:bb:fc:a1:1d:1c:25:6f:d5:32:d8:7a
Signer

7b:41:95:7c:d3:5e:09:cf:36:2e:f7:b4:f2:5d:30:13:39:08:51:19
Signer

.text
Size: 1016KB - Virtual size: 1015KB

.rdata
Size: 185KB - Virtual size: 184KB

.data
Size: 15KB - Virtual size: 69KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 83KB - Virtual size: 82KB