filename | strongpity.exe | |
---|---|---|
size | 115496 (0x1c328) | |
md5 | a4d3b78941da8b6f4edad7cb6f35134b | |
type | PE32 executable (GUI) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | Win.Trojan.StrongPity-7124525-0 FOUND | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x108 |
Rich Header
lib id | version | times used |
---|---|---|
241 | 40116 | 9 |
243 | 40116 | 123 |
242 | 40116 | 24 |
259 | 24123 | 17 |
261 | 24123 | 35 |
260 | 24123 | 17 |
147 | 30729 | 9 |
1 | 0 | 104 |
265 | 24234 | 3 |
255 | 24234 | 1 |
258 | 24234 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
Data Directory
module_name | hint | ord | function_name |
---|---|---|---|
KERNEL32.dll | 645 | GetTempPathW | |
KERNEL32.dll | 281 | ExitProcess | |
KERNEL32.dll | 679 | GetVolumeInformationW | |
KERNEL32.dll | 831 | LoadLibraryW | |
KERNEL32.dll | 581 | GetProcAddress | |
KERNEL32.dll | 533 | GetModuleHandleA | |
KERNEL32.dll | 168 | CreateProcessW | |
KERNEL32.dll | 82 | CloseHandle | |
KERNEL32.dll | 313 | FindFirstFileW | |
KERNEL32.dll | 302 | FindClose | |
KERNEL32.dll | 490 | GetFileAttributesW | |
KERNEL32.dll | 719 | HeapFree | |
KERNEL32.dll | 586 | GetProcessHeap | |
KERNEL32.dll | 325 | FindNextFileW | |
KERNEL32.dll | 659 | GetTickCount | |
KERNEL32.dll | 715 | HeapAlloc | |
KERNEL32.dll | 143 | CreateFileW | |
KERNEL32.dll | 496 | GetFileSize | |
KERNEL32.dll | 960 | ReadFile | |
KERNEL32.dll | 1121 | SetFileAttributesW | |
KERNEL32.dll | 214 | DeleteFileW | |
KERNEL32.dll | 885 | OpenEventW | |
KERNEL32.dll | 1113 | SetEvent | |
KERNEL32.dll | 1317 | WriteFile | |
KERNEL32.dll | 158 | CreateMutexW | |
KERNEL32.dll | 514 | GetLastError | |
KERNEL32.dll | 1202 | Sleep | |
KERNEL32.dll | 1316 | WriteConsoleW | |
KERNEL32.dll | 1127 | SetFilePointerEx | |
KERNEL32.dll | 724 | HeapSize | |
KERNEL32.dll | 428 | GetConsoleMode | |
KERNEL32.dll | 410 | GetConsoleCP | |
KERNEL32.dll | 343 | FlushFileBuffers | |
KERNEL32.dll | 1235 | UnhandledExceptionFilter | |
KERNEL32.dll | 1189 | SetUnhandledExceptionFilter | |
KERNEL32.dll | 448 | GetCurrentProcess | |
KERNEL32.dll | 1216 | TerminateProcess | |
KERNEL32.dll | 772 | IsProcessorFeaturePresent | |
KERNEL32.dll | 935 | QueryPerformanceCounter | |
KERNEL32.dll | 449 | GetCurrentProcessId | |
KERNEL32.dll | 453 | GetCurrentThreadId | |
KERNEL32.dll | 633 | GetSystemTimeAsFileTime | |
KERNEL32.dll | 743 | InitializeSListHead | |
KERNEL32.dll | 768 | IsDebuggerPresent | |
KERNEL32.dll | 611 | GetStartupInfoW | |
KERNEL32.dll | 536 | GetModuleHandleW | |
KERNEL32.dll | 945 | RaiseException | |
KERNEL32.dll | 1048 | RtlUnwind | |
KERNEL32.dll | 1139 | SetLastError | |
KERNEL32.dll | 238 | EnterCriticalSection | |
KERNEL32.dll | 825 | LeaveCriticalSection | |
KERNEL32.dll | 209 | DeleteCriticalSection | |
KERNEL32.dll | 739 | InitializeCriticalSectionAndSpinCount | |
KERNEL32.dll | 1221 | TlsAlloc | |
KERNEL32.dll | 1223 | TlsGetValue | |
KERNEL32.dll | 1224 | TlsSetValue | |
KERNEL32.dll | 1222 | TlsFree | |
KERNEL32.dll | 354 | FreeLibrary | |
KERNEL32.dll | 830 | LoadLibraryExW | |
KERNEL32.dll | 535 | GetModuleHandleExW | |
KERNEL32.dll | 612 | GetStdHandle | |
KERNEL32.dll | 531 | GetModuleFileNameA | |
KERNEL32.dll | 871 | MultiByteToWideChar | |
KERNEL32.dll | 1297 | WideCharToMultiByte | |
KERNEL32.dll | 360 | GetACP | |
KERNEL32.dll | 499 | GetFileType | |
KERNEL32.dll | 813 | LCMapStringW | |
KERNEL32.dll | 722 | HeapReAlloc | |
KERNEL32.dll | 307 | FindFirstFileExA | |
KERNEL32.dll | 323 | FindNextFileA | |
KERNEL32.dll | 778 | IsValidCodePage | |
KERNEL32.dll | 567 | GetOEMCP | |
KERNEL32.dll | 370 | GetCPInfo | |
KERNEL32.dll | 390 | GetCommandLineA | |
KERNEL32.dll | 391 | GetCommandLineW | |
KERNEL32.dll | 474 | GetEnvironmentStringsW | |
KERNEL32.dll | 353 | FreeEnvironmentStringsW | |
KERNEL32.dll | 1159 | SetStdHandle | |
KERNEL32.dll | 617 | GetStringTypeW | |
KERNEL32.dll | 202 | DecodePointer | |
USER32.dll | 819 | wsprintfW | |
SHLWAPI.dll | 73 | PathFindFileNameW | |
WINHTTP.dll | 15 | WinHttpOpen | |
WINHTTP.dll | 23 | WinHttpSendRequest |
StringTable 040904b0
CompanyName | Digest Security |
FileDescription | Digest Printer Server |
FileVersion | 1.0.0.6 |
InternalName | dpserver.exe |
LegalCopyright | Copyright (C) 2019 Digest Security |
OriginalFilename | dpserver.exe |
ProductName | Digest Printer |
ProductVersion | 1.2.0.1 |
VS_FIXEDFILEINFO
FileVersion | 1.0.0.6 |
ProductVersion | 1.2.0.1 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x40004 |
FileType | 1 |
FileSubtype | 0 |
Signers (1)
issuer: /emailAddress=contact@digestsecurity.com/C=ZD/ST=W/L=NY/O=DGS Software/OU=IT/CN=Digest
serial: 5ADF105E7F2CE39D45B3AFEABA305C59
Certificates (1)
Certificate: Data: Version: 3 (0x2) Serial Number: 5a:df:10:5e:7f:2c:e3:9d:45:b3:af:ea:ba:30:5c:59 Signature Algorithm: sha256WithRSAEncryption Issuer: emailAddress=contact@digestsecurity.com, C=ZD, ST=W, L=NY, O=DGS Software, OU=IT, CN=Digest Validity Not Before: May 20 08:32:39 2019 GMT Not After : Dec 31 23:59:59 2039 GMT Subject: emailAddress=contact@digestsecurity.com, C=ZD, ST=W, L=NY, O=DGS, OU=IT, CN=Digest Security Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b0:76:07:05:ab:77:1f:fa:5f:2c:b8:91:ba:e2: c8:20:5b:8f:51:af:ad:f6:db:6d:c6:29:1f:87:ff: 0b:b4:b8:0e:48:12:1f:ea:31:5f:29:cb:38:81:75: 51:dc:45:6c:aa:64:30:cc:97:2f:6a:15:9e:4f:e2: 0c:1b:b0:d0:ff:b0:97:d5:b9:95:d7:e3:11:6a:74: 0e:80:96:b6:e2:91:3d:3e:81:f5:f5:24:9d:67:50: ac:70:7d:ea:94:26:54:e2:2a:db:ca:a2:14:0b:4f: 3b:1d:79:a5:38:30:e4:95:30:7a:48:8a:aa:a5:71: fb:e5:dd:20:cc:07:b1:1b:18:29:94:bd:c2:6c:50: 4e:37:67:15:a2:cb:6f:73:1f:d8:fd:93:58:fb:34: dc:8e:d2:4d:f3:66:21:f1:ed:40:19:2b:46:6f:58: 2f:cd:a8:8b:3f:7d:a8:1a:f8:91:03:da:dd:02:0f: 56:ef:b7:fb:2c:7b:e4:cd:58:49:ad:cd:c9:69:af: 97:b0:be:d7:ce:2f:3b:50:22:80:24:e4:06:8e:72: fb:9f:e7:b4:77:07:cb:dc:bf:f5:0d:54:b5:0c:69: 7e:cf:40:52:d6:36:07:8b:e2:3f:d1:1c:15:aa:68: bb:cd:eb:1a:36:7c:6f:ff:77:fa:e6:73:f3:10:46: 2d:cd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE 2.5.29.1: 0...........w...........0..1)0'..*.H.......contact@digestsecurity.com1.0...U....ZD1 0...U....W1.0...U....NY1.0...U. ..DGS Software1.0...U....IT1.0..U....Digest...6...}..M..a9..6 Signature Algorithm: sha256WithRSAEncryption ab:62:92:fb:80:8f:b2:7c:d9:e8:20:46:68:b7:10:87:e0:00: fd:f1:88:85:95:70:99:fb:b6:45:05:b3:cf:05:8c:65:d3:4e: 74:dd:8c:f4:a7:00:f4:53:0c:ba:cf:fb:c4:57:49:08:12:18: e8:96:50:b8:73:e2:9c:09:81:48:93:c1:7c:dc:2b:76:a3:50: da:8c:71:16:f7:21:7a:35:a9:e0:1b:cd:3b:7e:e6:3d:75:16: 60:ea:bd:96:57:f9:aa:5c:65:61:f2:9f:35:10:0c:95:d3:82: d4:94:04:3b:77:41:22:30:0d:bd:62:c8:89:38:a0:e8:89:96: 51:49:25:a7:93:44:bb:99:3a:14:92:15:2e:22:e2:45:27:a8: c3:ac:8f:c2:ac:19:1a:85:d4:b6:22:f9:50:5e:aa:55:a1:9f: 42:76:77:e6:10:15:55:75:e9:bc:55:67:71:c0:ac:f7:dd:51: d5:e7:1a:ea:9e:11:e0:1f:d3:ae:da:03:80:e4:32:dc:2e:29: b7:08:95:b2:88:3c:0c:ba:e2:c1:1a:14:e6:86:a5:ed:27:de: b9:15:7b:c7:18:94:b4:e7:96:34:5c:91:3c:5d:2f:01:65:26: f4:0c:1d:e2:4c:ef:07:ac:0a:3a:91:4b:1e:72:a6:74:a0:37: 65:5a:c4:50
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
0e 19 9b 4d ac d0 94 04 19 1b e4 29 c4 6a d1 71 |...M.......).j.q| 3a 13 f2 10 |:... |
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- 5A:DF:10:5E:7F:2C:E3:9D:45:B3:AF:EA:BA:30:5C:59
- RSA-SHA256: nil
- #2
- emailAddress: contact@digestsecurity.com
- C: ZD
- ST: W
- L: NY
- O: DGS Software
- OU: IT
- CN: Digest
- 2019-05-20 08:32:39 UTC: 2039-12-31 23:59:59 UTC
- #4
- emailAddress: contact@digestsecurity.com
- C: ZD
- ST: W
- L: NY
- O: DGS
- OU: IT
- CN: Digest Security
- #5
- rsaEncryption: nil
- B0:76:07:05:AB:77:1F:FA:5F:2C:B8:91:BA:E2:C8:20:
5B:8F:51:AF:AD:F6:DB:6D:C6:29:1F:87:FF:0B:B4:B8:
0E:48:12:1F:EA:31:5F:29:CB:38:81:75:51:DC:45:6C:
AA:64:30:CC:97:2F:6A:15:9E:4F:E2:0C:1B:B0:D0:FF:
B0:97:D5:B9:95:D7:E3:11:6A:74:0E:80:96:B6:E2:91:
3D:3E:81:F5:F5:24:9D:67:50:AC:70:7D:EA:94:26:54:
E2:2A:DB:CA:A2:14:0B:4F:3B:1D:79:A5:38:30:E4:95:
30:7A:48:8A:AA:A5:71:FB:E5:DD:20:CC:07:B1:1B:18:
29:94:BD:C2:6C:50:4E:37:67:15:A2:CB:6F:73:1F:D8:
FD:93:58:FB:34:DC:8E:D2:4D:F3:66:21:F1:ED:40:19:
2B:46:6F:58:2F:CD:A8:8B:3F:7D:A8:1A:F8:91:03:DA:
DD:02:0F:56:EF:B7:FB:2C:7B:E4:CD:58:49:AD:CD:C9:
69:AF:97:B0:BE:D7:CE:2F:3B:50:22:80:24:E4:06:8E:
72:FB:9F:E7:B4:77:07:CB:DC:BF:F5:0D:54:B5:0C:69:
7E:CF:40:52:D6:36:07:8B:E2:3F:D1:1C:15:AA:68:BB:
CD:EB:1A:36:7C:6F:FF:77:FA:E6:73:F3:10:46:2D:CD: 0x010001
- X509v3 extensions
- basicConstraints
- true
- nil
- 2.5.29.1
f8 ef ea e5 a0 1b 08 77 ca dc cf f0 17 b6 d2 a4 |.......w........|
- #0
- emailAddress: contact@digestsecurity.com
- C: ZD
- ST: W
- L: NY
- O: DGS Software
- OU: IT
- CN: Digest
88 36 d7 a3 9d 7d fa 9c 4d bf 85 61 39 c5 fc 36 |.6...}..M..a9..6|
- #0
- basicConstraints
- RSA-SHA256:
ab 62 92 fb 80 8f b2 7c d9 e8 20 46 68 b7 10 87 |.b.....|.. Fh...| e0 00 fd f1 88 85 95 70 99 fb b6 45 05 b3 cf 05 |.......p...E....| 8c 65 d3 4e 74 dd 8c f4 a7 00 f4 53 0c ba cf fb |.e.Nt......S....| c4 57 49 08 12 18 e8 96 50 b8 73 e2 9c 09 81 48 |.WI.....P.s....H| 93 c1 7c dc 2b 76 a3 50 da 8c 71 16 f7 21 7a 35 |..|.+v.P..q..!z5| a9 e0 1b cd 3b 7e e6 3d 75 16 60 ea bd 96 57 f9 |....;~.=u.`...W.| aa 5c 65 61 f2 9f 35 10 0c 95 d3 82 d4 94 04 3b |.\ea..5........;| 77 41 22 30 0d bd 62 c8 89 38 a0 e8 89 96 51 49 |wA"0..b..8....QI| 25 a7 93 44 bb 99 3a 14 92 15 2e 22 e2 45 27 a8 |%..D..:....".E'.| c3 ac 8f c2 ac 19 1a 85 d4 b6 22 f9 50 5e aa 55 |..........".P^.U| a1 9f 42 76 77 e6 10 15 55 75 e9 bc 55 67 71 c0 |..Bvw...Uu..Ugq.| ac f7 dd 51 d5 e7 1a ea 9e 11 e0 1f d3 ae da 03 |...Q............| 80 e4 32 dc 2e 29 b7 08 95 b2 88 3c 0c ba e2 c1 |..2..).....<....| 1a 14 e6 86 a5 ed 27 de b9 15 7b c7 18 94 b4 e7 |......'...{.....| 96 34 5c 91 3c 5d 2f 01 65 26 f4 0c 1d e2 4c ef |.4\.<]/.e&....L.| 07 ac 0a 3a 91 4b 1e 72 a6 74 a0 37 65 5a c4 50 |...:.K.r.t.7eZ.P|
- 2
- 1
- unnamed
- #0
- emailAddress: contact@digestsecurity.com
- C: ZD
- ST: W
- L: NY
- O: DGS Software
- OU: IT
- CN: Digest
- 5A:DF:10:5E:7F:2C:E3:9D:45:B3:AF:EA:BA:30:5C:59
- #0
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- messageDigest:
a9 46 f6 76 14 b7 b6 b0 8a 22 30 be b9 3a 22 50 |.F.v....."0..:"P| db 22 7d 00 |."}. |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
3c 4a af e8 c5 f8 fe b8 6d f0 37 1e 1a 09 51 2f |
| 6e 15 12 99 1b bd 0d 48 c7 b5 28 9e c8 75 d5 7c |n......H..(..u.|| 4b 31 23 05 f7 32 88 57 49 bb eb cd 1a 9c 1b f6 |K1#..2.WI.......| 2a 2e 40 b3 d3 8e c9 94 84 f8 93 6f 95 44 07 5c |*.@........o.D.\| be d8 17 1c b6 bf 28 38 95 24 2d ed cc 30 57 76 |......(8.$-..0Wv| 7c f6 bb e0 20 d4 e6 61 05 4d 6c ab 09 40 94 11 ||... ..a.Ml..@..| 92 c8 da 5e 6b 2f 62 b2 d5 ef d0 7e 5c 4c e1 3d |...^k/b....~\L.=| 21 da e6 e5 95 45 15 9f 05 9f 95 6f 3e 31 47 45 |!....E.....o>1GE| 62 b5 50 cd 61 12 11 f8 cc 91 ba ac 0c 3a aa c2 |b.P.a........:..| dd fe f8 8d 10 af ac 20 83 26 b2 19 aa a6 99 0a |....... .&......| 14 34 f2 6f a4 27 0c 5c cc a7 dc ff 35 5e 89 db |.4.o.'.\....5^..| 07 e3 8d d9 9a 1f ec 5f 84 4e b9 e9 64 94 a5 39 |......._.N..d..9| 41 ff f9 a4 6b 12 a3 83 99 9c 1e 4c 61 e3 51 50 |A...k......La.QP| ed f3 72 12 7f 67 3f 8c a2 ba 27 6d 03 74 d8 97 |..r..g?...'m.t..|
- unnamed
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK