sync-taskbar[.]exe[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

sync-taskbar.exe.7z
Size

5.1MB
MD5

1d1ff2f549c17f1e413b95307acb67b3
SHA1

c782c206fc98f29ee886204538cb6cdbea58ff1f
SHA256

7579a6fae5e5e3e7c7579dd5bd082de4a564d612bd9496240944194497e303b8
SHA512

f64214975147bc638f8e5aeb3152434913b36c7ac834b502678c03630d0699c3451dc2fac91b125d94a8bad530c586199cb4debd4ca344b86f0a3584afd38673
SSDEEP

98304:kBaB0hW8aJ4G31h7nX5jdWUEoqar/A4wQMxtpqxVonl/B8NtR8vwdOfDQBPcPOJ0:kFhna9LzTWUEoKQMx+8xBT+x1

Score

N/A

Malware Config

Signatures

Files

sync-taskbar.exe.7z
.7z

Password: infected
sync-taskbar.exe
.exe windows x64

Password: infected

a760552ff5b6c1d06df8a844cdcf96e5

Code Sign

38:6e:e5:f3:a1:a0:e4:ba:0d:59:77:40:0d:87:90:e9
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22/07/2019, 00:00

Not After

21/07/2022, 23:59

Subject

SERIALNUMBER=1861016,CN=Sync.com Inc.,O=Sync.com Inc.,POSTALCODE=M2H 3N5,STREET=105 - 155 Gordon Baker Road,L=Toronto,ST=Ontario,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13074f6e746172696f,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:66:44:4b:b1:c7:d7:9c:75:8d:f2:bc:ab:1d:34:a9:41:40:9b:58:31:4e:01:af:ac:87:b6:31:28:ad:70:2e
Signer

Actual PE Digest

31:66:44:4b:b1:c7:d7:9c:75:8d:f2:bc:ab:1d:34:a9:41:40:9b:58:31:4e:01:af:ac:87:b6:31:28:ad:70:2e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=1861016,CN=Sync.com Inc.,O=Sync.com Inc.,POSTALCODE=M2H 3N5,STREET=105 - 155 Gordon Baker Road,L=Toronto,ST=Ontario,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13074f6e746172696f,1.3.6.1.4.1.311.60.2.1.3=#13024341

09/09/2022, 12:44
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpGetProxyForUrl

ole32

CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
RevokeDragDrop
ReleaseStgMedium
CoLockObjectExternal
RegisterDragDrop
PropVariantClear
OleSetClipboard
CoInitialize
CoCreateInstance
OleUninitialize
OleInitialize
OleGetClipboard
OleFlushClipboard
DoDragDrop
OleIsCurrentClipboard

freeimage

FreeImage_SetOutputMessage
FreeImage_Initialise

gdi32

ExtCreatePen
EqualRgn
GetRgnBox
PtInRegion
CreatePolygonRgn
LineTo
RectInRegion
GetCharABCWidthsW
GetTextExtentExPointW
CreateICW
GetSystemPaletteEntries
EnumFontFamiliesExW
SetAbortProc
CreateDCW
StartDocW
EndDoc
StartPage
EndPage
GetMetaFileBitsEx
SetMetaFileBitsEx
CloseEnhMetaFile
CopyEnhMetaFileW
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
GetWinMetaFileBits
PlayEnhMetaFile
SetWinMetaFileBits
GetPaletteEntries
GetNearestPaletteIndex
GetDIBColorTable
CreateDIBSection
GetDIBits
CreatePalette
CreateDIBitmap
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolyBezier
Polyline
Polygon
ExtTextOutW
ModifyWorldTransform
SetWorldTransform
GetWorldTransform
SetStretchBltMode
SetROP2
StretchDIBits
SetPolyFillMode
SetPixel
GetLayout
SetMapMode
SetGraphicsMode
ExtSelectClipRgn
RoundRect
Rectangle
PolyPolygon
CreateRectRgnIndirect
CombineRgn
GetPixel
CreatePen
ExtFloodFill
CreatePatternBrush
StretchBlt
CreateSolidBrush
SetTextColor
SetBkMode
OffsetRgn
GetRegionData
ExtCreateRegion
GdiFlush
SetBrushOrgEx
SelectPalette
RealizePalette
ExcludeClipRect
CreateRectRgn
GetTextMetricsW
AddFontResourceExW
GetOutlineTextMetricsW
SetLayout
Pie
MaskBlt
GetObjectType
GetClipBox
GetBkColor
Ellipse
Arc
GetStockObject
CreateFontIndirectW
SetBkColor
SelectObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetObjectW
BitBlt
CreateBitmap
GetDeviceCaps
CreateHatchBrush
GetTextExtentPoint32W
SelectClipRgn
MoveToEx
CreateBitmapIndirect

shell32

SHFileOperationW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHGetMalloc
ShellExecuteExW
CommandLineToArgvW
SHChangeNotify
ord709
SHGetFolderPathW
ShellExecuteW
Shell_NotifyIconW
ord6
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
ExtractIconExW
ExtractIconW

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW

rpcrt4

RpcStringFreeW
UuidToStringA
RpcStringFreeA
UuidCreate
UuidFromStringW
UuidToStringW

shlwapi

PathFindFileNameW
AssocQueryStringW
SHAutoComplete

rstrtmgr

RmRegisterResources
RmGetList
RmEndSession
RmStartSession
RmShutdown
RmRestart

kernel32

GetProcessAffinityMask
SetProcessAffinityMask
EnumResourceNamesW
GetFileType
GetWindowsDirectoryW
CopyFileW
GetFileTime
GetLongPathNameW
SetFileTime
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReadDirectoryChangesW
SetHandleInformation
CreatePipe
SetNamedPipeHandleState
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableW
IsDebuggerPresent
GlobalMemoryStatusEx
GetVersionExW
LoadResource
LockResource
SizeofResource
FindResourceW
GetProfileStringW
GetComputerNameW
IsValidCodePage
GetCPInfo
Process32FirstW
GetThreadContext
GetACP
GetLocaleInfoW
IsValidLocale
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
ExpandEnvironmentStringsW
GetDriveTypeW
GetLogicalDriveStringsW
GetCurrentThread
IsBadReadPtr
IsBadStringPtrA
LocalAlloc
CreateFileMappingA
SetEnvironmentVariableW
GetCurrentDirectoryW
GetDateFormatW
GetTimeFormatW
EnumSystemLocalesW
GetFileSizeEx
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindFirstFileExW
GetCommandLineA
GetFileInformationByHandle
DeviceIoControl
GetOverlappedResult
CancelIo
CreateHardLinkW
CreateEventA
GetHandleInformation
DuplicateHandle
SwitchToThread
CreateNamedPipeA
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
SuspendThread
GetExitCodeThread
TerminateThread
SetThreadPriority
CreateSemaphoreW
ReleaseMutex
ReleaseSemaphore
SetErrorMode
SetCurrentDirectoryW
ReadConsoleOutputCharacterA
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
WriteConsoleW
WriteConsoleA
AttachConsole
GetStdHandle
GlobalLock
GlobalUnlock
CreateSemaphoreA
SetConsoleMode
ReadConsoleA
SwitchToFiber
DeleteFiber
GlobalSize
ExitProcess
SetLastError
MulDiv
OpenFileMappingW
SystemTimeToTzSpecificLocalTime
WritePrivateProfileStringW
GetPrivateProfileStringW
GlobalAlloc
GetModuleFileNameW
GetTempFileNameW
CreateDirectoryW
CreateProcessW
SetEvent
SetUnhandledExceptionFilter
DebugBreak
RtlCaptureContext
DecodePointer
InitializeCriticalSectionAndSpinCount
RaiseException
CreateThread
QueryPerformanceFrequency
lstrlenW
GetLocalTime
FindNextFileW
FindFirstFileW
GetCurrentThreadId
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
AreFileApisANSI
ReadFile
HeapCreate
HeapFree
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GlobalMemoryStatus
CreateMutexW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
ResetEvent
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
GetSystemTimeAsFileTime
GetSystemTime
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
FreeConsole
lstrlenA
lstrcatA
lstrcpyA
lstrcmpA
WinExec
GetModuleFileNameA
GetVersionExA
GetCurrentProcessId
Sleep
FindNextFileA
FindFirstFileA
FindClose
Process32Next
Process32First
CreateToolhelp32Snapshot
MultiByteToWideChar
FileTimeToSystemTime
GlobalFree
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
GetDiskFreeSpaceExW
GetCommandLineW
SetFileAttributesW
GetShortPathNameW
FormatMessageA
GetLastError
K32GetProcessImageFileNameW
K32EnumProcesses
VerifyVersionInfoW
MoveFileExW
GetModuleHandleA
OpenProcess
GetProcessTimes
CloseHandle
VerSetConditionMask
WideCharToMultiByte
GetShortPathNameA
GetVersion
GetLongPathNameA
CreateEventW
WaitForSingleObject
GetProcAddress
GetModuleHandleW
GetDriveTypeA
GetTimeZoneInformation
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetStdHandle
RemoveDirectoryW
SetFilePointerEx
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
GetStringTypeW
LCMapStringW
CompareStringW
EncodePointer
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
Process32NextW

user32

CheckMenuRadioItem
SetRect
GetSysColorBrush
SetMenuItemInfoW
GetMenuItemID
GetSubMenu
CheckMenuItem
GetMenuState
DrawFrameControl
DrawEdge
ChildWindowFromPoint
GetComboBoxInfo
EnumChildWindows
MsgWaitForMultipleObjects
EndDialog
CopyRect
SetRectEmpty
DrawStateW
ShowCaret
HideCaret
GetWindowTextLengthW
keybd_event
IsMenu
IsRectEmpty
OffsetRect
GetClassInfoW
CreateIconFromResourceEx
DestroyIcon
LoadCursorFromFileW
LoadCursorW
SetMenu
PostMessageW
RegisterWindowMessageW
DrawFocusRect
DrawTextW
FindWindowExW
SetForegroundWindow
EnableMenuItem
GetSystemMenu
DrawMenuBar
GetDialogBaseUnits
CreateDialogIndirectParamW
IsZoomed
BringWindowToTop
IsIconic
FlashWindowEx
SetLayeredWindowAttributes
RegisterClassW
SetWindowPlacement
RemoveMenu
SetMenuInfo
InsertMenuItemW
RegisterClipboardFormatW
GetClipboardFormatNameW
GetProcessDefaultLayout
DrawIconEx
GetDoubleClickTime
LoadAcceleratorsW
CreateAcceleratorTableW
GetWindowPlacement
SetWindowRgn
GetDlgItem
CreateDialogParamW
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetParent
GetParent
PtInRect
InflateRect
FillRect
DestroyAcceleratorTable
ChildWindowFromPointEx
WindowFromPoint
ScreenToClient
ClientToScreen
SetCursor
SetCursorPos
TranslateAcceleratorW
ValidateRgn
UnionRect
GetWindowTextW
MessageBeep
GetClassNameW
GetMessageW
PostThreadMessageW
ValidateRect
GetWindowDC
BeginPaint
EndPaint
ChangeDisplaySettingsExW
CreateMenu
MonitorFromPoint
GetMonitorInfoW
EnumDisplayMonitors
OpenClipboard
CloseClipboard
EnumClipboardFormats
SetWindowTextW
EnableScrollBar
ScrollWindow
RedrawWindow
GetUpdateRgn
UpdateWindow
GetMenuItemInfoW
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetKeyState
GetFocus
SetFocus
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
EmptyClipboard
IsClipboardFormatAvailable
AnimateWindow
CreateWindowExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
GetMessageTime
GetMessagePos
UnregisterHotKey
RegisterHotKey
PeekMessageW
DispatchMessageW
TranslateMessage
CreateIconIndirect
ReleaseDC
GetIconInfo
LoadImageW
LoadIconW
LoadBitmapW
GetSystemMetrics
SetWindowLongPtrW
GetDesktopWindow
wsprintfW
NotifyWinEvent
GetWindowLongPtrW
InvalidateRect
SendMessageW
GetWindow
SetWindowLongW
GetWindowLongW
MapWindowPoints
GetWindowRect
GetClientRect
MoveWindow
MessageBoxW
GetActiveWindow
CharNextW
InsertMenuW
AppendMenuW
UnregisterClassW
LoadStringW
GetWindowThreadProcessId
GetClassNameA
EnumWindows
SetWindowLongPtrA
GetWindowLongPtrA
GetCursorPos
MessageBoxA
GetMenuItemInfoA
TrackPopupMenu
GetMenuItemCount
DestroyMenu
CreatePopupMenu
CreateDialogParamA
ShowWindow
DestroyWindow
IsWindow
wsprintfA
GetForegroundWindow
MonitorFromWindow
GetDC
AdjustWindowRectEx
ShowCursor
WaitForInputIdle
ExitWindowsEx
SetTimer
KillTimer
DdeInitializeW
EnumDisplaySettingsW
ModifyMenuW
DdeUninitialize
DdeConnect
DdeDisconnect
DdePostAdvise
DdeNameService
GetProcessWindowStation
GetUserObjectInformationW
DdeClientTransaction
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeGetLastError
DdeCreateStringHandleW
DdeQueryStringW
DdeFreeStringHandle
GetSysColor
DestroyCursor

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW
CommDlgExtendedError
PageSetupDlgW
ChooseFontW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

comctl32

ord17
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Replace
ImageList_AddMasked
ImageList_Remove
ImageList_GetImageCount
ImageList_Draw
ImageList_GetIconSize
ImageList_Create
ImageList_Destroy
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ord16
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_Add

oleaut32

VariantTimeToSystemTime
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetVartype
VarBstrFromCy
SystemTimeToVariantTime
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
VariantInit
SysStringLen
SysFreeString
SysAllocString
SafeArrayGetDim

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
FreeSid
GetEffectiveRightsFromAclW
GetNamedSecurityInfoA
GetNamedSecurityInfoW
GetSecurityInfo
CreateProcessAsUserW
DuplicateTokenEx
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RevertToSelf
SetSecurityDescriptorDacl
LogonUserW
OpenThreadToken
PrivilegeCheck
LookupPrivilegeValueA
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
AllocateAndInitializeSid

oleacc

CreateStdAccessibleObject

uxtheme

IsThemePartDefined
IsAppThemed
IsThemeActive
GetThemeSysFont
GetThemeSysColor
GetThemeInt
GetThemePartSize
GetThemeFont
GetThemeMargins
GetCurrentThemeName
GetThemeBackgroundExtent
SetWindowTheme
DrawThemeParentBackground
GetThemeColor
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundContentRect
DrawThemeBackground
CloseThemeData
OpenThemeData

msimg32

AlphaBlend
GradientFill

ws2_32

send
gethostname
sendto
recvfrom
WSAIoctl
setsockopt
getsockopt
WSASetLastError
__WSAFDIsSet
getnameinfo
freeaddrinfo
getaddrinfo
ntohl
WSAStartup
WSACleanup
accept
bind
closesocket
connect
gethostbyname
ioctlsocket
getsockname
inet_addr
listen
recv
select
shutdown
socket
WSAGetLastError
getpeername
htonl
htons
ntohs
getservbyname

wldap32

ord46
ord211
ord60
ord217
ord143
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord301
ord50
ord200

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

Sections

.text
Size: 13.6MB - Virtual size: 13.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.5MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 575KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a760552ff5b6c1d06df8a844cdcf96e5

Code Sign

38:6e:e5:f3:a1:a0:e4:ba:0d:59:77:40:0d:87:90:e9Certificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

31:66:44:4b:b1:c7:d7:9c:75:8d:f2:bc:ab:1d:34:a9:41:40:9b:58:31:4e:01:af:ac:87:b6:31:28:ad:70:2eSigner

Signature Validations

Verification

09/09/2022, 12:44 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

winhttp

ole32

freeimage

gdi32

shell32

version

rpcrt4

shlwapi

rstrtmgr

kernel32

user32

comdlg32

winspool.drv

comctl32

oleaut32

advapi32

oleacc

uxtheme

msimg32

ws2_32

wldap32

crypt32

Sections

.text Size: 13.6MB - Virtual size: 13.6MB

.rdata Size: 4.7MB - Virtual size: 4.7MB

.data Size: 2.5MB - Virtual size: 3.2MB

.pdata Size: 575KB - Virtual size: 575KB

.idata Size: 35KB - Virtual size: 35KB

.tls Size: 1024B - Virtual size: 804B

.gfids Size: 3KB - Virtual size: 2KB

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 152KB - Virtual size: 151KB

.reloc Size: 237KB - Virtual size: 237KB

38:6e:e5:f3:a1:a0:e4:ba:0d:59:77:40:0d:87:90:e9
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

31:66:44:4b:b1:c7:d7:9c:75:8d:f2:bc:ab:1d:34:a9:41:40:9b:58:31:4e:01:af:ac:87:b6:31:28:ad:70:2e
Signer

09/09/2022, 12:44
Valid: false

.text
Size: 13.6MB - Virtual size: 13.6MB

.rdata
Size: 4.7MB - Virtual size: 4.7MB

.data
Size: 2.5MB - Virtual size: 3.2MB

.pdata
Size: 575KB - Virtual size: 575KB

.idata
Size: 35KB - Virtual size: 35KB

.tls
Size: 1024B - Virtual size: 804B

.gfids
Size: 3KB - Virtual size: 2KB

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 152KB - Virtual size: 151KB

.reloc
Size: 237KB - Virtual size: 237KB