f3309cee727125dd085554053759382276936d35f55884595bc29862c5414fe6

Sharing

Copy URL Twitter E-mail

General

Target

f3309cee727125dd085554053759382276936d35f55884595bc29862c5414fe6
Size

107KB
MD5

6000637b5afe8b709f8b2cfc862b338b
SHA1

9977ecf7e15f797e289066a195e787776dd06ea8
SHA256

f3309cee727125dd085554053759382276936d35f55884595bc29862c5414fe6
SHA512

e882fbe31795bae7c9643543035b679cde4365447fbd14a28fcc1e8d437fec4caa14a3500a1f29e85d2d374bc994e08e511f8d5f55d9a2f9cb74df3f299cefe2
SSDEEP

768:bCOo+5gFjwIxGIeDiVhrc0diPAQB3DpkpsbMDRG0lLCZDECmHnSEECmHnSOECmHO:bCU6FjwmGXDWjIA8FkpI6VLCZwiQCj2s

Score

N/A

Malware Config

Signatures

Files

f3309cee727125dd085554053759382276936d35f55884595bc29862c5414fe6
.exe windows x86

42d4b41a6d61f22d87cdaedf219040f0

Code Sign

0c:56:73:10:d4:5f:71:9d:47:8d:95:9b:ee:2f:7b:ee
Certificate

Issuer

CN=kf3algmdhede1ag12iagbef2m3lh2ibiijeigkhielafhfclkck1bfl13ki3j3ffiemijfge2c1fej3hkabahd2iked3jclhcadmi2iafmfl3jmaje2j1f2jifkdfjfhekakb1melgglccdiek3mhbhmdm3gfhgak1lf2jmbfdjg1d1fkimldceekbmagf3eiih2clemmbij1kee2kbfk2ag2icddiah3fmc1l1mjfj3kg2dggaebad2cjh33hgfhhhjge23j2emfg3ghke3fcdm1gibkm3mhg2jc32hmblejm1im1ml3mhcgkjcm1f2lhme2hbjc2eh1hieb23iclbkjjeikfbebfdjchlaa1m3didmgfkcljf3d2kdblmihdkcbjmm11jefblikbbddcdfe2cdll1mc3chklf3chdmkfabdl1amdk33fkdk2hffm2mcifdkmmicf1gffa1ehjkhjgjm3aliimc12jdefmfifmmljahbmmdgiakkki2gk1gik1bafa2biil3hlkhb22dgkhgka3l3kckjkcbg1j2dh3amf2bchd1fmm1migg3ckflja2k2jjkbk1jihg3b2ckdcimm1jimdf2cl23e2gckcjmggjhbadffaiijghddlbcjfmghehbfajhgigkm2eamij2jehbk1lhegf2ffdmddghghcigdmjkjfmfbcjmc21fjjlfealg3kdlkabb1emi2lafje2g2afmbklae2emmagadkhm2gjeail3akjbcdaka1djdeacfkjhbhmh2bldcemhlg1imbb1cicimifemiigaib3jgebg2dbfke3fclaffa1fh1mf2l2jhka3hbbjec13mcafe3akcl1dlbdkeddakjfejekfljlleel3dbhklmdfilakdgbgbdgefk1adkmcmmhbegl3ddcjkdjihgjkhlkkfh21jikcbjbihcek1jdhlgdj1mfgbgikfkk1bfcmea11hjha3bgg223mhjda3kekghek1g2gf1gfhcijccagaha2iij1kmbgj1f1gmgkkjlbjcidbc3ijmeggmdkhda2cdmlc2bhjcf2faibkjeglll1i2egfebgjiafbagb12cj3ciimmjieabaleei2ichhe2kmhhab3fhhafeli2bljabkjehhgb2ihiekjhadmj1gdlfm3keceehhcid1gi1jjijimhdfhalabf3gakmfae2cl3ljbck1132bii1kicmdgmkeabelmigcmllaahbhldbjdgjjc1kijieb1jbhhdbmbfi311bmhca2f2gj3fldf2121chdckkmb1i3cl1el2ekhmfgchaaed1madfgma11mljdje2mjdbabj31gdjjcl2a1lfciem2jlkj3kb33bk31ma33c3bkh23dmccgh2ajaej23h3a323f1j2kemehhcd1b2ljg1ieglfdbg1jlgfda13mmclglchjlm2d1ilklekl3j33jlmcjhjbidie2kkdcihihechjlbcf1ladb21jfhajli3ml1me2kl2hill1kh2imdmh23cjfiiebfbmc3ediaiamcgcdid32fkmhhdkc2fehddfa22mll1323f1edmba3mhe3id3dg2fjmg2fehidbk31jamha1eagaeg2fc2gach3chj1b2lhmhajhjfdk1aeigjaf3aigambajfhcilbcmgd2c1jabbh3agfkbcgjkjg1c3jakj3bidmjg2d3lliaf1hdcfamh31jfem1d1aajf3mcldieagda1kcccmch2hjhldgmmcl2c2g1fgfmkemhgema1gggkci3bhgkbadjjadf3k3b1am2ih23bdekfkch2hflde11aflikmjjdlb2dggf3mcdblkkbhghlhdcjacjlfgga2f2k2jkgaemd2jhdejddaeaj3mkf33dbj1a1b3iiihl1ljadalmggbfdcefmaeika21akf1daj2fjkjmefl1md1adf3f3gejag1femi11db31bg1amcdfelbbhhfamfd1b33llmchjjblicckeafcgaaamibgc1h2i1dgllkbmebelg12km3dmd31ehbcgbld32em13dclmfk2cj2kimhbmlmmckf3h3ejaiddafhbhemfekfmclkbhgemcfmejkmd3d3gkafecgg2blcdbiha32fk1iece13h21dblmgihdggmb1bhbieffgiblj1eahm1k3ggk11ldgd1jacbhghmlddgjfkmfdggcdl1daak3313ibaggglid2gbjad2gkf1mmjgk2j3bjb21jcga3ca1dk3fbjbekfbaj3kil3mcjbk2jj2deg23abki131lg3kgcaeaec3mfdelhgfbif2immd1j211jj1hddc3kdbmaaajbelll3aafik2gc2hcdi1dfdhflfmkkfllllcmleh11fhf1b1k2ebhfkgfdhjfdmh331jje3g3difgegm2ed2hj1a12b23cba3cac2ig1ml3ehdficle2elccl2djfgc3bca3h1chlecbehdaaj21cidda2lhd33fdjbfmk3fijelielkl1fh3c2bgjahdcm1l1diglkdjcb21dkfkffh1cbcmefg1k3ldcc1jcfdid3lj31ikkhlhb2ghdfdjg3kmhdhmfabf2bafkhcbbmbkbjfdeh3mih13je2b2cbj3d1dimmk2cfbfiafc1ikifck33glld3balcjechh33heie3ehcagchmbakiib1ccikahlb133gelfjebg2hchbla1cjjgmgik1i3cf1bhc1maficaa3mlhekecblhacdeim221edlkcm2j2eeekdk3fha2iielelc12d1iebmac1lhbkk3keaffeieimebea1haj2jilh32bgff2kddjadfjamia3jbhklglghemg1iiemebhlh1bilbhlejdldkjjec2iedamcbmfejaklhahj2l3e3ffl1k12egh1eif2il1cdbcc2lbhkf3dfkechflii2cmmma2jefcdd1dhi2hdk3m33ikhccic1gh3kmg2m2del2dgagea11m1dg1ee1dfaimejela11lhkhgmbf31ma13mc1jlbadgkd1213fhijc3bfmmhd1dk1edggjdmflddj2khjd1kfed3gdi2fkikjhfmlmfjkla2if1113h32a3b33al3 5123333

Not Before

20/12/2012, 18:35

Not After

31/12/2039, 23:59

Subject

CN=kf3algmdhede1ag12iagbef2m3lh2ibiijeigkhielafhfclkck1bfl13ki3j3ffiemijfge2c1fej3hkabahd2iked3jclhcadmi2iafmfl3jmaje2j1f2jifkdfjfhekakb1melgglccdiek3mhbhmdm3gfhgak1lf2jmbfdjg1d1fkimldceekbmagf3eiih2clemmbij1kee2kbfk2ag2icddiah3fmc1l1mjfj3kg2dggaebad2cjh33hgfhhhjge23j2emfg3ghke3fcdm1gibkm3mhg2jc32hmblejm1im1ml3mhcgkjcm1f2lhme2hbjc2eh1hieb23iclbkjjeikfbebfdjchlaa1m3didmgfkcljf3d2kdblmihdkcbjmm11jefblikbbddcdfe2cdll1mc3chklf3chdmkfabdl1amdk33fkdk2hffm2mcifdkmmicf1gffa1ehjkhjgjm3aliimc12jdefmfifmmljahbmmdgiakkki2gk1gik1bafa2biil3hlkhb22dgkhgka3l3kckjkcbg1j2dh3amf2bchd1fmm1migg3ckflja2k2jjkbk1jihg3b2ckdcimm1jimdf2cl23e2gckcjmggjhbadffaiijghddlbcjfmghehbfajhgigkm2eamij2jehbk1lhegf2ffdmddghghcigdmjkjfmfbcjmc21fjjlfealg3kdlkabb1emi2lafje2g2afmbklae2emmagadkhm2gjeail3akjbcdaka1djdeacfkjhbhmh2bldcemhlg1imbb1cicimifemiigaib3jgebg2dbfke3fclaffa1fh1mf2l2jhka3hbbjec13mcafe3akcl1dlbdkeddakjfejekfljlleel3dbhklmdfilakdgbgbdgefk1adkmcmmhbegl3ddcjkdjihgjkhlkkfh21jikcbjbihcek1jdhlgdj1mfgbgikfkk1bfcmea11hjha3bgg223mhjda3kekghek1g2gf1gfhcijccagaha2iij1kmbgj1f1gmgkkjlbjcidbc3ijmeggmdkhda2cdmlc2bhjcf2faibkjeglll1i2egfebgjiafbagb12cj3ciimmjieabaleei2ichhe2kmhhab3fhhafeli2bljabkjehhgb2ihiekjhadmj1gdlfm3keceehhcid1gi1jjijimhdfhalabf3gakmfae2cl3ljbck1132bii1kicmdgmkeabelmigcmllaahbhldbjdgjjc1kijieb1jbhhdbmbfi311bmhca2f2gj3fldf2121chdckkmb1i3cl1el2ekhmfgchaaed1madfgma11mljdje2mjdbabj31gdjjcl2a1lfciem2jlkj3kb33bk31ma33c3bkh23dmccgh2ajaej23h3a323f1j2kemehhcd1b2ljg1ieglfdbg1jlgfda13mmclglchjlm2d1ilklekl3j33jlmcjhjbidie2kkdcihihechjlbcf1ladb21jfhajli3ml1me2kl2hill1kh2imdmh23cjfiiebfbmc3ediaiamcgcdid32fkmhhdkc2fehddfa22mll1323f1edmba3mhe3id3dg2fjmg2fehidbk31jamha1eagaeg2fc2gach3chj1b2lhmhajhjfdk1aeigjaf3aigambajfhcilbcmgd2c1jabbh3agfkbcgjkjg1c3jakj3bidmjg2d3lliaf1hdcfamh31jfem1d1aajf3mcldieagda1kcccmch2hjhldgmmcl2c2g1fgfmkemhgema1gggkci3bhgkbadjjadf3k3b1am2ih23bdekfkch2hflde11aflikmjjdlb2dggf3mcdblkkbhghlhdcjacjlfgga2f2k2jkgaemd2jhdejddaeaj3mkf33dbj1a1b3iiihl1ljadalmggbfdcefmaeika21akf1daj2fjkjmefl1md1adf3f3gejag1femi11db31bg1amcdfelbbhhfamfd1b33llmchjjblicckeafcgaaamibgc1h2i1dgllkbmebelg12km3dmd31ehbcgbld32em13dclmfk2cj2kimhbmlmmckf3h3ejaiddafhbhemfekfmclkbhgemcfmejkmd3d3gkafecgg2blcdbiha32fk1iece13h21dblmgihdggmb1bhbieffgiblj1eahm1k3ggk11ldgd1jacbhghmlddgjfkmfdggcdl1daak3313ibaggglid2gbjad2gkf1mmjgk2j3bjb21jcga3ca1dk3fbjbekfbaj3kil3mcjbk2jj2deg23abki131lg3kgcaeaec3mfdelhgfbif2immd1j211jj1hddc3kdbmaaajbelll3aafik2gc2hcdi1dfdhflfmkkfllllcmleh11fhf1b1k2ebhfkgfdhjfdmh331jje3g3difgegm2ed2hj1a12b23cba3cac2ig1ml3ehdficle2elccl2djfgc3bca3h1chlecbehdaaj21cidda2lhd33fdjbfmk3fijelielkl1fh3c2bgjahdcm1l1diglkdjcb21dkfkffh1cbcmefg1k3ldcc1jcfdid3lj31ikkhlhb2ghdfdjg3kmhdhmfabf2bafkhcbbmbkbjfdeh3mih13je2b2cbj3d1dimmk2cfbfiafc1ikifck33glld3balcjechh33heie3ehcagchmbakiib1ccikahlb133gelfjebg2hchbla1cjjgmgik1i3cf1bhc1maficaa3mlhekecblhacdeim221edlkcm2j2eeekdk3fha2iielelc12d1iebmac1lhbkk3keaffeieimebea1haj2jilh32bgff2kddjadfjamia3jbhklglghemg1iiemebhlh1bilbhlejdldkjjec2iedamcbmfejaklhahj2l3e3ffl1k12egh1eif2il1cdbcc2lbhkf3dfkechflii2cmmma2jefcdd1dhi2hdk3m33ikhccic1gh3kmg2m2del2dgagea11m1dg1ee1dfaimejela11lhkhgmbf31ma13mc1jlbadgkd1213fhijc3bfmmhd1dk1edggjdmflddj2khjd1kfed3gdi2fkikjhfmlmfjkla2if1113h32a3b33al3 5123333

Extended Key Usages

ExtKeyUsageCodeSigning

d1:da:f6:4b:b5:27:07:95:57:db:34:5c:65:6c:2d:2c:20:27:7d:82
Signer

Actual PE Digest

d1:da:f6:4b:b5:27:07:95:57:db:34:5c:65:6c:2d:2c:20:27:7d:82

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=kf3algmdhede1ag12iagbef2m3lh2ibiijeigkhielafhfclkck1bfl13ki3j3ffiemijfge2c1fej3hkabahd2iked3jclhcadmi2iafmfl3jmaje2j1f2jifkdfjfhekakb1melgglccdiek3mhbhmdm3gfhgak1lf2jmbfdjg1d1fkimldceekbmagf3eiih2clemmbij1kee2kbfk2ag2icddiah3fmc1l1mjfj3kg2dggaebad2cjh33hgfhhhjge23j2emfg3ghke3fcdm1gibkm3mhg2jc32hmblejm1im1ml3mhcgkjcm1f2lhme2hbjc2eh1hieb23iclbkjjeikfbebfdjchlaa1m3didmgfkcljf3d2kdblmihdkcbjmm11jefblikbbddcdfe2cdll1mc3chklf3chdmkfabdl1amdk33fkdk2hffm2mcifdkmmicf1gffa1ehjkhjgjm3aliimc12jdefmfifmmljahbmmdgiakkki2gk1gik1bafa2biil3hlkhb22dgkhgka3l3kckjkcbg1j2dh3amf2bchd1fmm1migg3ckflja2k2jjkbk1jihg3b2ckdcimm1jimdf2cl23e2gckcjmggjhbadffaiijghddlbcjfmghehbfajhgigkm2eamij2jehbk1lhegf2ffdmddghghcigdmjkjfmfbcjmc21fjjlfealg3kdlkabb1emi2lafje2g2afmbklae2emmagadkhm2gjeail3akjbcdaka1djdeacfkjhbhmh2bldcemhlg1imbb1cicimifemiigaib3jgebg2dbfke3fclaffa1fh1mf2l2jhka3hbbjec13mcafe3akcl1dlbdkeddakjfejekfljlleel3dbhklmdfilakdgbgbdgefk1adkmcmmhbegl3ddcjkdjihgjkhlkkfh21jikcbjbihcek1jdhlgdj1mfgbgikfkk1bfcmea11hjha3bgg223mhjda3kekghek1g2gf1gfhcijccagaha2iij1kmbgj1f1gmgkkjlbjcidbc3ijmeggmdkhda2cdmlc2bhjcf2faibkjeglll1i2egfebgjiafbagb12cj3ciimmjieabaleei2ichhe2kmhhab3fhhafeli2bljabkjehhgb2ihiekjhadmj1gdlfm3keceehhcid1gi1jjijimhdfhalabf3gakmfae2cl3ljbck1132bii1kicmdgmkeabelmigcmllaahbhldbjdgjjc1kijieb1jbhhdbmbfi311bmhca2f2gj3fldf2121chdckkmb1i3cl1el2ekhmfgchaaed1madfgma11mljdje2mjdbabj31gdjjcl2a1lfciem2jlkj3kb33bk31ma33c3bkh23dmccgh2ajaej23h3a323f1j2kemehhcd1b2ljg1ieglfdbg1jlgfda13mmclglchjlm2d1ilklekl3j33jlmcjhjbidie2kkdcihihechjlbcf1ladb21jfhajli3ml1me2kl2hill1kh2imdmh23cjfiiebfbmc3ediaiamcgcdid32fkmhhdkc2fehddfa22mll1323f1edmba3mhe3id3dg2fjmg2fehidbk31jamha1eagaeg2fc2gach3chj1b2lhmhajhjfdk1aeigjaf3aigambajfhcilbcmgd2c1jabbh3agfkbcgjkjg1c3jakj3bidmjg2d3lliaf1hdcfamh31jfem1d1aajf3mcldieagda1kcccmch2hjhldgmmcl2c2g1fgfmkemhgema1gggkci3bhgkbadjjadf3k3b1am2ih23bdekfkch2hflde11aflikmjjdlb2dggf3mcdblkkbhghlhdcjacjlfgga2f2k2jkgaemd2jhdejddaeaj3mkf33dbj1a1b3iiihl1ljadalmggbfdcefmaeika21akf1daj2fjkjmefl1md1adf3f3gejag1femi11db31bg1amcdfelbbhhfamfd1b33llmchjjblicckeafcgaaamibgc1h2i1dgllkbmebelg12km3dmd31ehbcgbld32em13dclmfk2cj2kimhbmlmmckf3h3ejaiddafhbhemfekfmclkbhgemcfmejkmd3d3gkafecgg2blcdbiha32fk1iece13h21dblmgihdggmb1bhbieffgiblj1eahm1k3ggk11ldgd1jacbhghmlddgjfkmfdggcdl1daak3313ibaggglid2gbjad2gkf1mmjgk2j3bjb21jcga3ca1dk3fbjbekfbaj3kil3mcjbk2jj2deg23abki131lg3kgcaeaec3mfdelhgfbif2immd1j211jj1hddc3kdbmaaajbelll3aafik2gc2hcdi1dfdhflfmkkfllllcmleh11fhf1b1k2ebhfkgfdhjfdmh331jje3g3difgegm2ed2hj1a12b23cba3cac2ig1ml3ehdficle2elccl2djfgc3bca3h1chlecbehdaaj21cidda2lhd33fdjbfmk3fijelielkl1fh3c2bgjahdcm1l1diglkdjcb21dkfkffh1cbcmefg1k3ldcc1jcfdid3lj31ikkhlhb2ghdfdjg3kmhdhmfabf2bafkhcbbmbkbjfdeh3mih13je2b2cbj3d1dimmk2cfbfiafc1ikifck33glld3balcjechh33heie3ehcagchmbakiib1ccikahlb133gelfjebg2hchbla1cjjgmgik1i3cf1bhc1maficaa3mlhekecblhacdeim221edlkcm2j2eeekdk3fha2iielelc12d1iebmac1lhbkk3keaffeieimebea1haj2jilh32bgff2kddjadfjamia3jbhklglghemg1iiemebhlh1bilbhlejdldkjjec2iedamcbmfejaklhahj2l3e3ffl1k12egh1eif2il1cdbcc2lbhkf3dfkechflii2cmmma2jefcdd1dhi2hdk3m33ikhccic1gh3kmg2m2del2dgagea11m1dg1ee1dfaimejela11lhkhgmbf31ma13mc1jlbadgkd1213fhijc3bfmmhd1dk1edggjdmflddj2khjd1kfed3gdi2fkikjhfmlmfjkla2if1113h32a3b33al3 5123333

03/10/2022, 12:44
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
VirtualAlloc
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetTimeFormatW
WideCharToMultiByte
OpenProcess
GetStdHandle
GetConsoleScreenBufferInfo
CloseHandle
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
lstrcpynW
FindFirstFileW
FindClose
SetLastError
lstrcmpW
lstrcatW
lstrcmpiW
GetLastError
CompareStringW
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
GetProcAddress
GetComputerNameW
MultiByteToWideChar
VirtualQuery
VirtualFree
lstrlenW
GetSystemWindowsDirectoryW
LocalFree
LocalAlloc
GetCurrentProcess
WaitForMultipleObjects
CreateThread
OpenEventW
CreateEventW
SetEvent
CreateMutexW
GetCommandLineW
GetVersionExW
QueryPerformanceCounter
GetStartupInfoA
GetNumberFormatW
lstrcpyW
LoadLibraryA
CreateHardLinkA
VirtualQueryEx
GetCurrencyFormatA
FindFirstVolumeW
CreateFileMappingW
SetConsoleDisplayMode
IsSystemResumeAutomatic
Process32NextW
GetTapeStatus
ReadConsoleInputA
lstrcpy
ReadFileEx
DeleteVolumeMountPointW
UnlockFileEx
GetTempFileNameA
Module32First
FreeUserPhysicalPages
CopyFileA
SetThreadContext
SetLocaleInfoA
lstrlen
GlobalFindAtomW
GetDiskFreeSpaceW
FindVolumeMountPointClose
GetPrivateProfileIntW
FatalAppExitA
VirtualLock
OpenJobObjectA
lstrcmpi
GetExitCodeProcess
SetFileApisToANSI
HeapWalk
FindNextFileA
CreateNamedPipeA
GetPrivateProfileStringA
SignalObjectAndWait
CopyFileExW
lstrlenA
Process32Next
FindAtomA
DosDateTimeToFileTime
SetLocaleInfoW
BuildCommDCBAndTimeoutsA
ReleaseSemaphore
ReadConsoleInputW
GetThreadLocale
WriteConsoleOutputW
SetErrorMode
FindFirstFileExW
InterlockedExchangeAdd
LoadModule
SetCommMask
EnumSystemLanguageGroupsA
CreateTapePartition
DeleteTimerQueueEx
DeleteTimerQueue
GetUserDefaultLCID
FlushViewOfFile
WaitNamedPipeA
PostQueuedCompletionStatus
SetCalendarInfoW
ResetEvent
EnumCalendarInfoExA
GetTempPathA
GetNamedPipeHandleStateW
Heap32First
Thread32First
LeaveCriticalSection
HeapSize
GetOEMCP
GetShortPathNameA
HeapCreate
ClearCommBreak
GetPrivateProfileStringW
GetThreadSelectorEntry
FreeLibraryAndExitThread
ReleaseMutex
GetPrivateProfileSectionW
GetFileAttributesA
Beep
GetTimeZoneInformation
GetStringTypeA
GetStartupInfoW
SetupComm
WaitNamedPipeW
SetHandleInformation
GetMailslotInfo
_lopen
TerminateThread
SetSystemTimeAdjustment
HeapCompact
GetLongPathNameW
AssignProcessToJobObject
WriteConsoleW
FreeEnvironmentStringsW
DeleteFiber
IsBadCodePtr
GetProcessShutdownParameters
UnregisterWait
GetAtomNameW
Sleep
BuildCommDCBA
ReadConsoleOutputCharacterW
GetConsoleFontSize
SetTapeParameters

gdi32

GetStockObject

msvcrt

__set_app_type
_except_handler3
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
_wtol
malloc
realloc
wcsstr
free
__CxxFrameHandler
_wcsicmp
wcsncpy
_wgetcwd
_c_exit
_exit
_XcptFilter
_cexit
_controlfp
exit
calloc
wcstod
wcstol
wcsncmp
fflush
fprintf
wcschr
strtok
wcslen
_wcsnicmp
sprintf
wcstok
_iob
_vsnprintf
_acmdln
__getmainargs
_vsnwprintf
_ismbcalnum
_winver
_wexecve
wcscmp
_except_handler2
_unlock
_mbbtype
_snprintf
_wsopen
_wfindnext64
_mbctype
iswpunct
_chdir
log10
atexit
modf
_wspawnlpe
_getdcwd
_wexeclpe
_winminor
vfprintf
_beep
_wstat64
_cgets
_execv
wcstombs
log
_ismbcl1
_fcloseall
_CIsqrt
_mbstok
_tell
_jn
_memccpy
_wexecv
_toupper
_abnormal_termination
_strset
__threadid
_ecvt
_filelengthi64
_snwprintf
_CIlog
_chgsign
_ismbcsymbol
__p__winver
_memicmp
_mbstrlen
strrchr
_mbslwr
__unDNameEx
_mbsnset
atoi
vfwprintf
_telli64
memmove
_searchenv
_heapchk
_adj_fdivr_m32
_dstbias
_putw
_adj_fdiv_r
__p__pctype
_wcsupr
_ismbbkprint
__iscsymf
_ismbbtrail
_set_error_mode
ftell
fwprintf
_ismbbgraph
_wopen
_wperror
_inp
_safe_fprem
__p__dstbias
_wgetdcwd
_isatty
__fpecode
_wtoi64
_strdate
_lseeki64
_CIsinh
_rmtmp
_time64
_read
difftime
_eof
_wfreopen
_adj_fdivr_m16i

advapi32

RegOpenKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
RegSetValueExW
RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42d4b41a6d61f22d87cdaedf219040f0

Code Sign

0c:56:73:10:d4:5f:71:9d:47:8d:95:9b:ee:2f:7b:eeCertificate

Extended Key Usages

d1:da:f6:4b:b5:27:07:95:57:db:34:5c:65:6c:2d:2c:20:27:7d:82Signer

Signature Validations

Verification

03/10/2022, 12:44 Valid: false

Headers

File Characteristics

Imports

kernel32

gdi32

msvcrt

advapi32

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 51KB - Virtual size: 51KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

0c:56:73:10:d4:5f:71:9d:47:8d:95:9b:ee:2f:7b:ee
Certificate

d1:da:f6:4b:b5:27:07:95:57:db:34:5c:65:6c:2d:2c:20:27:7d:82
Signer

03/10/2022, 12:44
Valid: false

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 51KB - Virtual size: 51KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB