agreement[.]doc

Sharing

Copy URL

Twitter E-mail

General

Target

agreement.doc
Size

9.2MB
MD5

d10d5479ed53dfc54848cfb49db50a33
SHA1

923db9110acaa3cfc6ebccdc6731c24e8125202c
SHA256

fa7940992acc1756e044e9be2f691bca6d5c7a3ffeab88fe28c276c2bbf5ef80
SHA512

f1596d58cb1a647c531b24bf52561d1b7c6e60477aa2dd145fda09131b168c920f9d6800b58acd9956944d5c9809e6542e4a482ad29ee340a2a7d17335309681
SSDEEP

196608:XYyGI6vthooJMAAP/4AMEVSc7OnJbZY/+hU8STk0p2u97OnmKKpjYv:Utz2AAP/4nEsVq/DxwIRnKKpjg

Score

N/A

Malware Config

Signatures

Files

agreement.doc
.zip
CheckYourServer.jpg
GartnerDefinitions.docx.encrypted
.7z
GartnerDefinitions.docx
.docx office2007
OpenCL.dll
.dll windows x64

a49b97b1fe38e2145a32ebfbe71045b0

Code Sign

07:8d:20:05:56:2f:f8:aa:98:e1:2b:41:f6:85:ed:77
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03-09-2018 00:00

Not After

05-09-2019 12:00

Subject

SERIALNUMBER=HE341088,CN=DICE ROLL SOLUTIONS LTD.,O=DICE ROLL SOLUTIONS LTD.,L=Limassol,C=CY,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024359

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:65:8e:5b:91:39:8f:a2:80:0c:91:93:d4:0f:7c:5b:18:90:6d:53:76:a5:b3:61:7d:3d:0b:49:7b:53:03:09
Signer

Actual PE Digest

f0:65:8e:5b:91:39:8f:a2:80:0c:91:93:d4:0f:7c:5b:18:90:6d:53:76:a5:b3:61:7d:3d:0b:49:7b:53:03:09

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=HE341088,CN=DICE ROLL SOLUTIONS LTD.,O=DICE ROLL SOLUTIONS LTD.,L=Limassol,C=CY,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024359

15-09-2022 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegEnumValueA
RegOpenKeyExA
RegCloseKey

kernel32

InitOnceExecuteOnce
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
GetProcessHeap
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
Sleep
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
HeapReAlloc
HeapSize
LCMapStringEx
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW

Exports

Exports

clBuildProgram
clCompileProgram
clCreateBuffer
clCreateCommandQueue
clCreateCommandQueueWithProperties
clCreateContext
clCreateContextFromType
clCreateFromGLBuffer
clCreateFromGLRenderbuffer
clCreateFromGLTexture
clCreateFromGLTexture2D
clCreateFromGLTexture3D
clCreateImage
clCreateImage2D
clCreateImage3D
clCreateKernel
clCreateKernelsInProgram
clCreatePipe
clCreateProgramWithBinary
clCreateProgramWithBuiltInKernels
clCreateProgramWithSource
clCreateSampler
clCreateSamplerWithProperties
clCreateSubBuffer
clCreateSubDevices
clCreateUserEvent
clEnqueueAcquireGLObjects
clEnqueueBarrier
clEnqueueBarrierWithWaitList
clEnqueueCopyBuffer
clEnqueueCopyBufferRect
clEnqueueCopyBufferToImage
clEnqueueCopyImage
clEnqueueCopyImageToBuffer
clEnqueueFillBuffer
clEnqueueFillImage
clEnqueueMapBuffer
clEnqueueMapImage
clEnqueueMarker
clEnqueueMarkerWithWaitList
clEnqueueMigrateMemObjects
clEnqueueNDRangeKernel
clEnqueueNativeKernel
clEnqueueReadBuffer
clEnqueueReadBufferRect
clEnqueueReadImage
clEnqueueReleaseGLObjects
clEnqueueSVMFree
clEnqueueSVMMap
clEnqueueSVMMemFill
clEnqueueSVMMemcpy
clEnqueueSVMUnmap
clEnqueueTask
clEnqueueUnmapMemObject
clEnqueueWaitForEvents
clEnqueueWriteBuffer
clEnqueueWriteBufferRect
clEnqueueWriteImage
clFinish
clFlush
clGetCommandQueueInfo
clGetContextInfo
clGetDeviceIDs
clGetDeviceInfo
clGetEventInfo
clGetEventProfilingInfo
clGetExtensionFunctionAddress
clGetExtensionFunctionAddressForPlatform
clGetGLObjectInfo
clGetGLTextureInfo
clGetImageInfo
clGetKernelArgInfo
clGetKernelInfo
clGetKernelWorkGroupInfo
clGetMemObjectInfo
clGetPipeInfo
clGetPlatformIDs
clGetPlatformInfo
clGetProgramBuildInfo
clGetProgramInfo
clGetSamplerInfo
clGetSupportedImageFormats
clLinkProgram
clReleaseCommandQueue
clReleaseContext
clReleaseDevice
clReleaseEvent
clReleaseKernel
clReleaseMemObject
clReleaseProgram
clReleaseSampler
clRetainCommandQueue
clRetainContext
clRetainDevice
clRetainEvent
clRetainKernel
clRetainMemObject
clRetainProgram
clRetainSampler
clSVMAlloc
clSVMFree
clSetCommandQueueProperty
clSetEventCallback
clSetKernelArg
clSetKernelArgSVMPointer
clSetKernelExecInfo
clSetMemObjectDestructorCallback
clSetUserEventStatus
clUnloadCompiler
clUnloadPlatformCompiler
clWaitForEvents

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenEXE.exe
.exe windows x64

b28b9048643876873aa830c2c7e1105f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateProcessA
GetLastError
WaitForSingleObject
CloseHandle
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW

vcruntime140

memset
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vfprintf
__p__commode
_set_fmode
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_initterm_e
_crt_atexit
__p___argv
terminate
__p___argc
exit
_cexit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_set_app_type
_seh_filter_exe
_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RansomwareBackground.jpg
SetWallpaper.exe
.exe windows x86

0d42efcdc926f1765803297e7d72c95f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
LocalFree
Beep
FreeEnvironmentStringsA
GetStdHandle
SetHandleCount
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
CloseHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
HeapAlloc
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
FlushFileBuffers
SetFilePointer

user32

SystemParametersInfoA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Virsec Probe Deployment.docx.encrypted
.7z
encrypt.bat
index.html
.html
ncat.exe
.exe windows x86

6eefd92bffbfb27f378b81c09ca96786

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket
WSASocketA
getsockopt
sendto
getsockname
WSAStartup
bind
ntohl
gethostname
socket
setsockopt
recvfrom
listen
connect
WSACreateEvent
WSAEventSelect
WSACloseEvent
shutdown
select
recv
WSASetLastError
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
send
accept
closesocket
__WSAFDIsSet
getpeername

advapi32

CryptReleaseContext
CryptAcquireContextA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptGenRandom

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

gdi32

SelectObject
CreateCompatibleBitmap
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateDCA

kernel32

GetFileInformationByHandle
GetFullPathNameA
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
CreateFileW
RtlUnwind
HeapSize
GetLocaleInfoW
GetCurrentDirectoryW
DeleteCriticalSection
GetStartupInfoW
SetHandleCount
LoadLibraryW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
SetCurrentDirectoryW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
GetCPInfo
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
GetDriveTypeW
FindNextFileA
FatalAppExitA
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateProcessA
GetStdHandle
SetHandleInformation
CreateFileA
CloseHandle
CreateNamedPipeA
GetLastError
CreatePipe
TerminateProcess
GetExitCodeProcess
ExitProcess
GetOverlappedResult
WriteFile
ResetEvent
WaitForMultipleObjects
ReadFile
CreateThread
GetModuleFileNameA
GetModuleHandleA
FormatMessageA
DuplicateHandle
GetCurrentProcess
Sleep
SetStdHandle
PeekNamedPipe
GetCurrentThreadId
FindFirstFileA
GetFileType
MultiByteToWideChar
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
SetLastError
HeapFree
WriteConsoleW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
DecodePointer
EncodePointer
SetConsoleCtrlHandler
HeapAlloc
InterlockedExchange
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCommandLineA
HeapSetInformation
HeapReAlloc
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetTimeZoneInformation
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ransomware.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a49b97b1fe38e2145a32ebfbe71045b0

Code Sign

07:8d:20:05:56:2f:f8:aa:98:e1:2b:41:f6:85:ed:77Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

f0:65:8e:5b:91:39:8f:a2:80:0c:91:93:d4:0f:7c:5b:18:90:6d:53:76:a5:b3:61:7d:3d:0b:49:7b:53:03:09Signer

Signature Validations

Verification

15-09-2022 14:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 5KB - Virtual size: 13KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 800B

.reloc Size: 1024B - Virtual size: 754B

b28b9048643876873aa830c2c7e1105f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 396B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 28B

0d42efcdc926f1765803297e7d72c95f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 4KB

6eefd92bffbfb27f378b81c09ca96786

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

user32

gdi32

kernel32

Sections

07:8d:20:05:56:2f:f8:aa:98:e1:2b:41:f6:85:ed:77
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

f0:65:8e:5b:91:39:8f:a2:80:0c:91:93:d4:0f:7c:5b:18:90:6d:53:76:a5:b3:61:7d:3d:0b:49:7b:53:03:09
Signer

15-09-2022 14:52
Valid: false

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 13KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 1024B - Virtual size: 754B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 396B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 28B

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 294KB - Virtual size: 293KB

.data
Size: 39KB - Virtual size: 61KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 52KB - Virtual size: 52KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 12B