5x(24-10-24)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

5x(24-10-24).zip
Size

24.9MB
MD5

72c113929b670b2d613371185091d18a
SHA1

3c31ec287bb40af5aba234ecc4d4a94016633535
SHA256

76a65ecfc54d6ef74020e0b9ab497a3abf7e1709c40cc071535cd4bae3c82783
SHA512

f4dde7e9c4b3595e64aec0b4e2f0941643a94de8a7c7f29e81e43fce33ce6aff2ce3054b42c9939290a11b88dc25c09b862760b25a18931dcbdb474ac7ca5e61
SSDEEP

393216:kxeZQwe9c0ny9NxOu8OZtTUM7XIlFXE2INiyoeqS/N+myqUm/v82bBPUCO:wnwe9tANxFJ7wE7Niped7yq/n80ZUh

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Zabbix.exe
unpack001/名单助手PDF.exe
unpack001/对《立式加工中心项目》竞标公平性的质疑和恶意竞标现象的举报材料.exe
unpack001/报错截图2024444.exe

Files

5x(24-10-24).zip
.zip

Password: infected
TestAV-bypass.exe
.exe windows:6 windows x64 arch:x64

Password: infected

8afb2868e79a96ac0216979fa8a409ed

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:aa:22:78:6f:c0:e1:c4:68:34:66:eb:3b:72:f0:68
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02-07-2024 00:00

Not After

28-08-2027 23:59

Subject

SERIALNUMBER=91330100716105852F,CN=ALIBABA (CHINA) NETWORK TECHNOLOGY CO.\,LTD.,O=ALIBABA (CHINA) NETWORK TECHNOLOGY CO.\,LTD.,L=杭州市,ST=浙江省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c21e69dade5b79ee9ab98e696b0e68a80e69cafe4baa7e4b89ae5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b599e6b19fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26-09-2024 00:00

Not After

25-11-2035 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:7d:c9:3d:95:21:d1:36:b0:23:e1:eb:fa:d8:36:a3:e3:19:fe:37:c6:d9:03:2c:d8:b5:03:d3:34:b8:9f:2e
Signer

Actual PE Digest

78:7d:c9:3d:95:21:d1:36:b0:23:e1:eb:fa:d8:36:a3:e3:19:fe:37:c6:d9:03:2c:d8:b5:03:d3:34:b8:9f:2e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
GetCurrentProcessId
CreateThread
GlobalMemoryStatusEx
GetSystemInfo
WaitForSingleObject
VirtualAlloc
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTickCount
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess

msvcp140

?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

winhttp

WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpReceiveResponse
WinHttpReadData
WinHttpOpenRequest

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
memcpy
strstr
memmove
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_crt_atexit
_initialize_onexit_table
_errno
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
_register_onexit_function
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
terminate
_set_app_type
_seh_filter_exe
__p___argc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
__p__commode
_set_fmode

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Zabbix.exe
.exe windows:6 windows x64 arch:x64

Password: infected

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16.6MB - Virtual size: 16.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
名单助手PDF.exe
.exe windows:5 windows x64 arch:x64

Password: infected

9b80103e91000ed5313083f4faf3c4f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

H:\2005demo编译\884a09c697a479c56ed376a25e4846bc\高仿酷狗\高仿酷狗\x64\Release\KugouUI.pdb

Imports

kernel32

SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCommandLineA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
Sleep
ExitProcess
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
TerminateProcess
RtlPcToFileHeader
RaiseException
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
lstrcmpW
GetVersionExA
lstrlenA
lstrcmpA
GetCurrentThreadId
CloseHandle
MultiByteToWideChar
FormatMessageW
lstrlenW
WideCharToMultiByte
GetCurrentProcessId
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetModuleHandleW
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GetLastError
SetLastError
GetConsoleWindow
LoadLibraryA
HeapSetInformation
GetProcAddress

user32

PostQuitMessage
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
ClientToScreen
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
UpdateWindow
ShowWindow
UnhookWindowsHookEx
MessageBoxW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
RemovePropW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetParent
GetWindowLongW
SendMessageW
GetWindowThreadProcessId
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
ValidateRect
PeekMessageW
GetKeyState
CheckMenuItem
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
DispatchMessageW

gdi32

ScaleWindowExtEx
DeleteDC
GetStockObject
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
对《立式加工中心项目》竞标公平性的质疑和恶意竞标现象的举报材料.exe
.exe windows:6 windows x64 arch:x64

Password: infected

aa02f17a4286d1f59cd9d0d4ec151629

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\dbs\sh\odct\0905_231102_0\client\onedrive\Product\UX\Exe\obj\amd64\OneDrive.pdb

Imports

kernel32

GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetVolumePathNameW
ReadFile
RemoveDirectoryW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
GetCompressedFileSizeW
FindFirstFileNameW
IsDebuggerPresent
SetHandleInformation
CreatePipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeviceIoControl
IsWow64Process
LoadLibraryExW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
ReadDirectoryChangesW
CreateSymbolicLinkW
CompareStringOrdinal
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessIoCounters
GetPrivateProfileStringW
WritePrivateProfileStringW
CopyFileW
MoveFileExW
ReplaceFileW
GetComputerNameW
RegisterApplicationRestart
GetFileInformationByHandleEx
OpenFileById
GetDllDirectoryW
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
SetStdHandle
GetFileSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindNextFileW
FindFirstFileExW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
CreateFileW
CreateDirectoryW
MultiByteToWideChar
GetSystemTimes
SetProcessShutdownParameters
GetExitCodeProcess
GetProcessTimes
WaitForMultipleObjects
CreateEventW
ReleaseMutex
GetLongPathNameW
SetLastError
VerifyVersionInfoW
GetProductInfo
VerSetConditionMask
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineW
K32GetModuleFileNameExW
GetUserDefaultLCID
GetUserGeoID
LCIDToLocaleName
SystemTimeToFileTime
MoveFileW
LocalAlloc
GetModuleFileNameW
GetVersionExW
GetSystemTimeAsFileTime
GetSystemTime
OpenProcess
TerminateProcess
GetCurrentProcess
CreateMutexW
WaitForSingleObject
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
FindFirstFileW
FindClose
InitializeCriticalSectionEx
DeleteFileW
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
CreateProcessW
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryW
SetDllDirectoryW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
LocalFree
DeleteCriticalSection
DecodePointer
GetLastError
SetEnvironmentVariableW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
GetLocaleInfoEx
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
RaiseException
OutputDebugStringW

user32

RegisterClipboardFormatW
PostMessageW
EnumWindows
GetClassNameW
GetWindowThreadProcessId
SystemParametersInfoW
SendMessageTimeoutW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
RegisterClassW
SetClipboardData
CloseClipboard
OpenClipboard
CreateWindowExW
DestroyWindow
ShowWindow

advapi32

RegisterServiceCtrlHandlerW
AdjustTokenPrivileges
CreateProcessWithTokenW
GetUserNameW
SetFileSecurityW
ConvertSidToStringSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegDeleteTreeW
RegUnLoadKeyW
RegLoadKeyW
RegEnumKeyW
RegDeleteKeyExW
RegCreateKeyTransactedW
GetAclInformation
FreeSid
DuplicateTokenEx
CreateWellKnownSid
AllocateAndInitializeSid
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegGetValueW
RegSetKeyValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken

shell32

CommandLineToArgvW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHChangeNotify
SHParseDisplayName
ShellExecuteExW
SHCreateItemFromParsingName
SHAssocEnumHandlers
SHCreateDirectoryExW
SHGetFolderPathW
SHGetFolderPathAndSubDirW
SHSetKnownFolderPath
ord526

ole32

CoInitialize
CoInitializeSecurity
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CreateBindCtx
CoCreateGuid
CoInitializeEx
CoSetProxyBlanket
CreateItemMoniker
GetRunningObjectTable

oleaut32

LoadTypeLi
LoadRegTypeLi
GetRecordInfoFromTypeInfo

crypt32

CertFindExtension
CryptStringToBinaryW
CryptBinaryToStringW

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingW
RpcBindingVectorFree
RpcStringBindingComposeW
RpcStringFreeW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqW
RpcBindingSetAuthInfoExW
RpcEpRegisterW
RpcEpUnregister
RpcServerInqCallAttributesW

secur32

GetUserNameExW

shlwapi

PathStripPathW
PathIsDirectoryW
PathFileExistsW
PathIsDirectoryEmptyW
PathRemoveFileSpecW
StrStrIW
SHCreateStreamOnFileW
AssocQueryStringW
SHRegGetBoolUSValueW
SHRegGetPathW
SHRegGetValueW
SHSetValueW
SHGetValueA
SHDeleteValueW
SHDeleteKeyW
PathIsPrefixW
SHRegGetUSValueW
SHGetValueW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetCheckConnectionW
InternetCanonicalizeUrlW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

userenv

CreateEnvironmentBlock
GetDefaultUserProfileDirectoryW

Sections

.text
Size: 655KB - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
报错截图2024444.exe
.exe windows:4 windows x64 arch:x64

Password: infected

c975f0e49f9733ab7c8495058f981a52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtProtectVirtualMemory
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtCreateFile
NtReadFile
NtWriteFile
RtlNtStatusToDosError
ceil
cos
floor
log
memcmp
memcpy
memmove
memset
pow
sin
strlen

advapi32

OpenProcessToken
SystemFunction036

bcrypt

BCryptGenRandom

comctl32

DefSubclassProc
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetIconSize
InitCommonControlsEx
RemoveWindowSubclass
SetWindowSubclass

d2d1

D2D1CreateFactory

dwrite

DWriteCreateFactory

gdi32

AddFontMemResourceEx
AddFontResourceW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontW
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesExW
GetBitmapBits
GetDeviceCaps
GetObjectW
GetStockObject
RemoveFontMemResourceEx
RemoveFontResourceW
SelectObject

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
ActivateActCtx
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateActCtxW
CreateDirectoryW
CreateEventW
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateNamedPipeW
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerExW
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DuplicateHandle
EnumSystemGeoID
EnumSystemLocalesEx
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLocaleInfoEx
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetStartupInfoA
GetStdHandle
GetSystemDefaultLocaleName
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetTimeZoneInformationForYear
GetUserDefaultLocaleName
GetWindowsDirectoryW
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
InitializeProcThreadAttributeList
IsValidLocaleName
LoadLibraryW
LoadResource
LockResource
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
ReadFileEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetCurrentDirectoryW
SetEnvironmentVariableW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
UpdateProcThreadAttribute
WaitForMultipleObjects
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFileEx
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlAddFunctionTable
RtlUnwindEx
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
__C_specific_handler

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree

shell32

DragFinish
DragQueryFileW
DragQueryPoint
SHCreateItemFromParsingName
Shell_NotifyIconW

shlwapi

SHCreateMemStream

user32

AdjustWindowRectEx
AppendMenuW
BeginDeferWindowPos
BeginPaint
CheckMenuItem
CloseClipboard
CountClipboardFormats
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DragDetect
DrawMenuBar
DrawTextW
EmptyClipboard
EndDeferWindowPos
EndPaint
EnumChildWindows
FillRect
GetAncestor
GetCapture
GetClassInfoExW
GetClassNameW
GetClientRect
GetClipboardData
GetClipboardOwner
GetCursor
GetCursorPos
GetDC
GetFocus
GetIconInfo
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMessageW
GetMonitorInfoW
GetParent
GetScrollInfo
GetSubMenu
GetSysColorBrush
GetSystemMetrics
GetWindowLongPtrW
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageW
IsWindow
IsWindowVisible
KillTimer
LoadCursorW
LoadImageW
LoadStringW
MessageBoxW
MonitorFromWindow
PostMessageW
RedrawWindow
RegisterClassExW
RegisterClipboardFormatW
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageW
SendNotifyMessageW
SetCapture
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuInfo
SetMenuItemInfoW
SetParent
SetScrollInfo
SetTimer
SetWindowLongPtrW
SetWindowPos
SetWindowTextW
ShowWindow
TrackPopupMenu
TranslateMessage
UpdateWindow

userenv

GetUserProfileDirectoryW

windowscodecs

WICConvertBitmapSource

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fmode
_fpreset
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
log10
malloc
powf
signal
strncmp
vfprintf

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 897KB - Virtual size: 896KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/51
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/77
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8afb2868e79a96ac0216979fa8a409ed

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:aa:22:78:6f:c0:e1:c4:68:34:66:eb:3b:72:f0:68Certificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

78:7d:c9:3d:95:21:d1:36:b0:23:e1:eb:fa:d8:36:a3:e3:19:fe:37:c6:d9:03:2c:d8:b5:03:d3:34:b8:9f:2eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

winhttp

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 87KB - Virtual size: 88KB

Password: infected

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 8.0MB - Virtual size: 8.0MB

.rdata Size: 16.6MB - Virtual size: 16.6MB

.data Size: 1.0MB - Virtual size: 1.4MB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 162KB - Virtual size: 161KB

.symtab Size: 512B - Virtual size: 4B

Password: infected

9b80103e91000ed5313083f4faf3c4f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

oleaut32

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 5.9MB - Virtual size: 5.9MB

.pdata Size: 9KB - Virtual size: 8KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:aa:22:78:6f:c0:e1:c4:68:34:66:eb:3b:72:f0:68
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:7d:c9:3d:95:21:d1:36:b0:23:e1:eb:fa:d8:36:a3:e3:19:fe:37:c6:d9:03:2c:d8:b5:03:d3:34:b8:9f:2e
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 87KB - Virtual size: 88KB

.text
Size: 8.0MB - Virtual size: 8.0MB

.rdata
Size: 16.6MB - Virtual size: 16.6MB

.data
Size: 1.0MB - Virtual size: 1.4MB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 162KB - Virtual size: 161KB

.symtab
Size: 512B - Virtual size: 4B

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 5.9MB - Virtual size: 5.9MB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 32KB - Virtual size: 36KB

.text
Size: 655KB - Virtual size: 655KB

.rdata
Size: 198KB - Virtual size: 198KB

.data
Size: 17KB - Virtual size: 28KB

.pdata
Size: 28KB - Virtual size: 28KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 239KB - Virtual size: 239KB

.reloc
Size: 2.3MB - Virtual size: 2.3MB

.text
Size: 5.4MB - Virtual size: 5.4MB

.data
Size: 1024B - Virtual size: 784B

.rdata
Size: 897KB - Virtual size: 896KB

.pdata
Size: 232KB - Virtual size: 231KB

.xdata
Size: 285KB - Virtual size: 284KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 14KB - Virtual size: 13KB

.CRT
Size: 512B - Virtual size: 120B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 12KB - Virtual size: 11KB

/19
Size: 3.3MB - Virtual size: 3.3MB

/35
Size: 3.8MB - Virtual size: 3.8MB

/51
Size: 9.2MB - Virtual size: 9.2MB

/63
Size: 144KB - Virtual size: 144KB

/77
Size: 2.2MB - Virtual size: 2.2MB

/89
Size: 1024B - Virtual size: 744B

/102
Size: 10.8MB - Virtual size: 10.8MB