d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133

Sharing

Copy URL

Twitter E-mail

General

Target

d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133
Size

2.1MB
MD5

222a5b5c942853cf2e9d9c5f9f7dcf97
SHA1

433b34935ee4101b0705228363bc756628cf0217
SHA256

d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133
SHA512

015b11b14eb0cb432c3c05be2682afa76af0abaa442a003a9299d5ad62c676c6f50ced746d70c7a8a088556f51e078e1a0786c64da4d0c4ef6ee97381d99635d
SSDEEP

49152:0MYnMbts4Uqq+VaSGRB1kyUdfofKVkOgThzEKuOyYdf:0jn+1OkaSGRB1RokOgtgH

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/Utility.dll
unpack001/uninst.exe
unpack003/$PLUGINSDIR/System.dll

Files

d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CrxInstaller.dll
.dll windows:5 windows x86 arch:x86

916f25ec2485d115fd929d67b26c23b1

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:7a:91:1e:ff:5e:e2:7c:6c:d9:2a:85:ed:a3:a0:40
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-02-2020 00:00

Not After

10-02-2023 12:00

Subject

CN=China Financial Certification Authority Co. Ltd,O=China Financial Certification Authority Co. Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c1:6d:ec:0d:e1:15:c4:89:c3:41:48:c6:ea:ea:ed:fb:ba:d2:01:dd
Signer

Actual PE Digest

c1:6d:ec:0d:e1:15:c4:89:c3:41:48:c6:ea:ea:ed:fb:ba:d2:01:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\agent\_work\347\s\SADK\Private\Src\CryptoTools\CrxInstaller\x86\Release\CrxInstaller.pdb

Imports

shlwapi

PathFileExistsW

kernel32

FreeResource
FindResourceW
LoadResource
SizeofResource
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
MultiByteToWideChar
CreateFileA
CreateDirectoryA
FindFirstFileA
GlobalFree
lstrcpyW
GetCurrentThreadId
SetFileAttributesW
GetFileSize
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
GetProcessHeap
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetFileInformationByHandle
DeleteFileW
RemoveDirectoryW
MoveFileW
FlushFileBuffers
ReplaceFileW
CopyFileW
Sleep
GetModuleHandleA
SetEndOfFile
FindNextFileW
FindClose
GetTempPathW
WideCharToMultiByte
CreateDirectoryW
FindFirstFileW
LocalFree
LocalAlloc
GetProcAddress
InitializeCriticalSection
LoadLibraryW
FreeLibrary
CloseHandle
GetLastError
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetVersion
GetConsoleOutputCP
WriteConsoleA
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetModuleHandleW
ExitProcess
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
RtlUnwind
GetConsoleCP
SetHandleCount
GetStartupInfoA
RaiseException
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale

user32

MessageBoxA
GetUserObjectInformationW
wsprintfW
GetProcessWindowStation
GetDesktopWindow

advapi32

RegisterTraceGuidsW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptHashData
ConvertSidToStringSidW
CryptCreateHash
LookupAccountNameW
CryptAcquireContextW
CryptGetHashParam
RegCloseKey
GetTraceEnableLevel
RegOpenKeyExW
UnregisterTraceGuids
GetTraceLoggerHandle
RegQueryValueExW
GetTraceEnableFlags
ControlTraceW
TraceEvent

shell32

SHGetFolderPathW

Exports

Exports

Install
UnInstall

Sections

.text
Size: 705KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Utility.dll
.dll windows:5 windows x86 arch:x86

e94bd755e974f0e570e2969b9d725e70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\agent\_work\290\s\CSP\Private\Src\Tools\Utility\Release\Utility.pdb

Imports

kernel32

WriteFile
GetLastError
SetLastError
CreateToolhelp32Snapshot
GetCurrentThreadId
OpenProcess
TerminateProcess
Process32NextW
WaitForMultipleObjects
CloseHandle
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
Process32FirstW
LocalAlloc
CreateFileA
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
SetStdHandle
FlushFileBuffers
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

advapi32

RegCloseKey
GetTraceEnableLevel
RegOpenKeyExW
UnregisterTraceGuids
GetTraceLoggerHandle
RegQueryValueExW
GetTraceEnableFlags
ControlTraceW
TraceEvent
RegisterTraceGuidsW

user32

wsprintfW

Exports

Exports

FindProc
GetOSVersion
KillProc

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SecEditCtlHost.SRCB.exe
.exe windows:5 windows x86 arch:x86

2ff54e0e06a643a68c22b9e2c028ae98

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:d6:db:25:2a:af:e3:c3:a6:80:a7:73:92:f0:70:4c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02-02-2023 00:00

Not After

12-02-2026 23:59

Subject

CN=China Financial Certification Authority Co. Ltd,O=China Financial Certification Authority Co. Ltd,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e4:66:6f:f9:f2:af:99:ca:35:da:1c:c4:f7:2c:2f:13:98:8b:82:6c
Signer

Actual PE Digest

e4:66:6f:f9:f2:af:99:ca:35:da:1c:c4:f7:2c:2f:13:98:8b:82:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent\_work\31\s\InformationSecurity\Private\Src\SecEditCtl.v31\Application\SRCB\SecEditCtlHost\x86\Release\SecEditCtlHost.SRCB.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
ReadFile
HeapSize
SetConsoleCtrlHandler
LCMapStringA
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CreateFileW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleA
WriteFile
GetFileAttributesW
OutputDebugStringA
SignalObjectAndWait
GetNativeSystemInfo
ResetEvent
DeviceIoControl
GetVersionExW
GetSystemDirectoryA
lstrlenW
lstrlenA
GetComputerNameW
GetFileSizeEx
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
SizeofResource
LoadResource
FreeResource
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
RtlUnwind
RaiseException
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
ReleaseMutex
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedDecrement
InterlockedIncrement
GetSystemTimeAsFileTime
LCMapStringW
GetCPInfo
ReadConsoleInputA
GetVersion
WideCharToMultiByte
SetConsoleMode
CreateThread
WaitForMultipleObjects
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateMutexW
LocalFree
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
CreateEventW
LocalAlloc
GetProcAddress
SetLastError
GetLastError
GetModuleFileNameW
LoadLibraryW
SetEvent
WaitForSingleObject
GetACP
FreeLibrary

advapi32

GetTokenInformation
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegEnumKeyExW
GetUserNameW
DeregisterEventSource
TraceEvent
ControlTraceW
GetTraceEnableFlags
RegQueryValueExW
InitializeSecurityDescriptor
GetTraceLoggerHandle
SetSecurityDescriptorDacl
UnregisterTraceGuids
RegOpenKeyExW
GetTraceEnableLevel
RegCloseKey
RegisterTraceGuidsW
RegOpenKeyW
OpenProcessToken
ReportEventA
RegisterEventSourceA
LookupAccountSidA
ConvertSidToStringSidA

shlwapi

PathStripToRootA
PathFileExistsW
StrStrIW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertFreeCertificateContext
CertCreateCertificateContext

imm32

ImmAssociateContext

msimg32

AlphaBlend

ws2_32

WSAAddressToStringW

user32

GetCursorPos
IsWindowVisible
EnableWindow
UpdateWindow
InvalidateRect
DrawTextW
InflateRect
FillRect
IsWindowEnabled
EndPaint
BeginPaint
DefWindowProcW
CallWindowProcW
PostQuitMessage
GetWindowLongW
GetClientRect
SetTimer
UnregisterClassW
DispatchMessageW
TranslateMessage
ScreenToClient
SetWindowLongW
ShowWindow
RegisterClassExW
wsprintfW
SetRect
MessageBoxW
LoadStringW
KillTimer
DestroyWindow
GetWindowRect
CreateWindowExW
keybd_event
MapVirtualKeyW
CallNextHookEx
GetFocus
SetWindowsHookExW
PostMessageW
UnhookWindowsHookEx
GetKeyState
SendMessageW
PtInRect
SetCursor
LoadCursorW
TrackMouseEvent
SetFocus
GetAsyncKeyState
IsWindow
SetWindowPos
SetForegroundWindow
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetSysColor
ReleaseDC
GetMessageW
GetDC

gdi32

FillRgn
CreateRoundRectRgn
SetBkMode
LineTo
MoveToEx
SetTextColor
CreateFontIndirectW
GetObjectW
GetStockObject
Ellipse
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
CreateSolidBrush
CreatePen

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

gdiplus

GdipCloneImage
GdipDisposeImage
GdipGetImageHeight
GdipAlloc
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipFree
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStream
GdipDrawImageRectRectI

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

Sections

.text
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
com.cfca.SecEditCtl.SRCB-win.json
ikmbmfkdkoampbhdaknhonadjaofhhnh.json
ikmbmfkdkoampbhdaknhonadjaofhhnh.zip
.zip
ikmbmfkdkoampbhdaknhonadjaofhhnh/3.2.0.5_0/_metadata/computed_hashes.json
ikmbmfkdkoampbhdaknhonadjaofhhnh/3.2.0.5_0/_metadata/verified_contents.json
ikmbmfkdkoampbhdaknhonadjaofhhnh/3.2.0.5_0/content.js
.js
ikmbmfkdkoampbhdaknhonadjaofhhnh/3.2.0.5_0/eventPage.js
.js
ikmbmfkdkoampbhdaknhonadjaofhhnh/3.2.0.5_0/icon-128.png
.png
ikmbmfkdkoampbhdaknhonadjaofhhnh/3.2.0.5_0/icon-16.png
.png
ikmbmfkdkoampbhdaknhonadjaofhhnh/3.2.0.5_0/icon-48.png
.png
ikmbmfkdkoampbhdaknhonadjaofhhnh/3.2.0.5_0/manifest.json
uninst.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CrxInstaller.dll
.dll windows:5 windows x86 arch:x86

916f25ec2485d115fd929d67b26c23b1

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:7a:91:1e:ff:5e:e2:7c:6c:d9:2a:85:ed:a3:a0:40
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-02-2020 00:00

Not After

10-02-2023 12:00

Subject

CN=China Financial Certification Authority Co. Ltd,O=China Financial Certification Authority Co. Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c1:6d:ec:0d:e1:15:c4:89:c3:41:48:c6:ea:ea:ed:fb:ba:d2:01:dd
Signer

Actual PE Digest

c1:6d:ec:0d:e1:15:c4:89:c3:41:48:c6:ea:ea:ed:fb:ba:d2:01:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\agent\_work\347\s\SADK\Private\Src\CryptoTools\CrxInstaller\x86\Release\CrxInstaller.pdb

Imports

shlwapi

PathFileExistsW

kernel32

FreeResource
FindResourceW
LoadResource
SizeofResource
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
MultiByteToWideChar
CreateFileA
CreateDirectoryA
FindFirstFileA
GlobalFree
lstrcpyW
GetCurrentThreadId
SetFileAttributesW
GetFileSize
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
GetProcessHeap
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetFileInformationByHandle
DeleteFileW
RemoveDirectoryW
MoveFileW
FlushFileBuffers
ReplaceFileW
CopyFileW
Sleep
GetModuleHandleA
SetEndOfFile
FindNextFileW
FindClose
GetTempPathW
WideCharToMultiByte
CreateDirectoryW
FindFirstFileW
LocalFree
LocalAlloc
GetProcAddress
InitializeCriticalSection
LoadLibraryW
FreeLibrary
CloseHandle
GetLastError
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetVersion
GetConsoleOutputCP
WriteConsoleA
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetModuleHandleW
ExitProcess
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
RtlUnwind
GetConsoleCP
SetHandleCount
GetStartupInfoA
RaiseException
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale

user32

MessageBoxA
GetUserObjectInformationW
wsprintfW
GetProcessWindowStation
GetDesktopWindow

advapi32

RegisterTraceGuidsW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptHashData
ConvertSidToStringSidW
CryptCreateHash
LookupAccountNameW
CryptAcquireContextW
CryptGetHashParam
RegCloseKey
GetTraceEnableLevel
RegOpenKeyExW
UnregisterTraceGuids
GetTraceLoggerHandle
RegQueryValueExW
GetTraceEnableFlags
ControlTraceW
TraceEvent

shell32

SHGetFolderPathW

Exports

Exports

Install
UnInstall

Sections

.text
Size: 705KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 172KB

.ndata Size: - Virtual size: 104KB

.rsrc Size: 29KB - Virtual size: 29KB

916f25ec2485d115fd929d67b26c23b1

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0f:7a:91:1e:ff:5e:e2:7c:6c:d9:2a:85:ed:a3:a0:40Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

c1:6d:ec:0d:e1:15:c4:89:c3:41:48:c6:ea:ea:ed:fb:ba:d2:01:ddSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 705KB - Virtual size: 704KB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 488KB - Virtual size: 488KB

.reloc Size: 50KB - Virtual size: 50KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

e94bd755e974f0e570e2969b9d725e70

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 104KB

.rsrc
Size: 29KB - Virtual size: 29KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:7a:91:1e:ff:5e:e2:7c:6c:d9:2a:85:ed:a3:a0:40
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

c1:6d:ec:0d:e1:15:c4:89:c3:41:48:c6:ea:ea:ed:fb:ba:d2:01:dd
Signer

.text
Size: 705KB - Virtual size: 704KB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 488KB - Virtual size: 488KB

.reloc
Size: 50KB - Virtual size: 50KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0f:d6:db:25:2a:af:e3:c3:a6:80:a7:73:92:f0:70:4c
Certificate

e4:66:6f:f9:f2:af:99:ca:35:da:1c:c4:f7:2c:2f:13:98:8b:82:6c
Signer

.text
Size: 620KB - Virtual size: 620KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 13KB - Virtual size: 29KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 39KB - Virtual size: 39KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 104KB

.rsrc
Size: 29KB - Virtual size: 29KB