789b5a99ac3d37ebbccc16c786a679a9ef884b7a769838f67f45d27e57fc1316

Sharing

Copy URL Twitter E-mail

General

Target

789b5a99ac3d37ebbccc16c786a679a9ef884b7a769838f67f45d27e57fc1316
Size

715KB
MD5

274b742ee789b23d7259b2fc97fdd5fa
SHA1

b62f6a95f5e2ad590d9b84c0f01e56c32e303872
SHA256

789b5a99ac3d37ebbccc16c786a679a9ef884b7a769838f67f45d27e57fc1316
SHA512

d40b05f0821eb7561570fbbd62cfdcfd59db839cf8d8b76aa5486c212874406a627623736f9607773e6869a9b268583b8625b1d923aaf6c2f56056038afe3b37
SSDEEP

12288:TQtW2BEk5P/8IeRxXA3ZbjTcuqjXcg6BJWAdMXmm66h4mm7E:TQHikp0r7XUHc5bD67d6Omm7E

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

789b5a99ac3d37ebbccc16c786a679a9ef884b7a769838f67f45d27e57fc1316
.exe windows x86

1d69246714e9f11a8b3c2ac21e47d755

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:8a:8b:c0:b5:b8:df:88:bc:c7:11:b3:fd:a5:59:7d
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/08/2015, 00:00

Not After

09/08/2016, 23:59

Subject

CN=OOO \"PERVAYA LIGA\",O=OOO \"PERVAYA LIGA\",POSTALCODE=197110,STREET=PETROVSKAYA KOSA\, 9,L=Saint-Petersburg,ST=Saint-Petersburg,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c4:f0:52:b4:aa:32:ae:b6:a2:1b:e1:99:e3:91:21:aa:ef:01:60:9f
Signer

Actual PE Digest

c4:f0:52:b4:aa:32:ae:b6:a2:1b:e1:99:e3:91:21:aa:ef:01:60:9f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OOO \"PERVAYA LIGA\",O=OOO \"PERVAYA LIGA\",POSTALCODE=197110,STREET=PETROVSKAYA KOSA\, 9,L=Saint-Petersburg,ST=Saint-Petersburg,C=US

28/10/2022, 15:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

WindowFromPoint
GetScrollInfo
PostQuitMessage
CreateCursor
EnumPropsExA
SetDeskWallpaper
DrawAnimatedRects
GetInputDesktop
GetListBoxInfo
GetUpdateRgn
DrawCaptionTempA
GetMenuContextHelpId
DlgDirListW
GetListBoxInfo
SetCursor
InsertMenuA
DefFrameProcA
EqualRect
SetMenuItemInfoA
UnloadKeyboardLayout
OemToCharBuffW
DialogBoxParamA
GetTabbedTextExtentW
GetClassNameW
FlashWindow
LoadCursorFromFileW
SetWindowPos
BroadcastSystemMessageExA
ClipCursor
DrawTextW
DefWindowProcA
BroadcastSystemMessageExW
GetTabbedTextExtentA
CheckDlgButton
WindowFromPoint
RegisterDeviceNotificationW
DialogBoxParamW
SetWindowsHookW
GetPropA
GetMenuItemInfoA
GetCaretPos
UnregisterHotKey
DestroyAcceleratorTable
GetWindowLongW
ScreenToClient
ChangeMenuA
CreateIconFromResourceEx
GetMenu
CharNextExA
GetDlgItemInt
SetWindowTextA
GetScrollBarInfo
RealGetWindowClassW
DrawMenuBarTemp
LoadAcceleratorsA
RegisterDeviceNotificationA
GetNextDlgGroupItem
IsWindow
CheckMenuItem
SetMenu
LoadStringA
CharUpperA
PrintWindow
InvalidateRgn
RegisterClassExA
ExitWindowsEx
InsertMenuItemW
OpenWindowStationA
GetMessagePos
DefDlgProcA
DestroyWindow
GetWindowModuleFileNameW
RegisterWindowMessageA
ToUnicodeEx
AdjustWindowRect
SetForegroundWindow
WaitForInputIdle
EndDialog
GetDlgCtrlID
GetUserObjectSecurity
ShowScrollBar
IsCharAlphaW
GetUpdateRgn
CreateMenu
IsIconic
DialogBoxIndirectParamW
SetScrollInfo
SetClassLongA
IsRectEmpty
IsCharUpperW
RealGetWindowClassA
DlgDirSelectExW
IsCharAlphaA
ScrollWindowEx
UnhookWindowsHook
GetCursor
TileWindows
ReleaseDC
GetAltTabInfoA
GetGuiResources
GetWindowRgnBox
DrawCaption
ToAscii
GetInternalWindowPos
CallWindowProcA
RemoveMenu
TrackPopupMenu
LoadImageW
RegisterHotKey
SetActiveWindow
GetCapture
SetInternalWindowPos
CreateIconIndirect
OemToCharW
MapVirtualKeyExW
AllowForegroundActivation
ShowOwnedPopups
DrawIcon
SetProgmanWindow
CharNextW
DestroyMenu
BlockInput
SetCaretPos
MessageBoxIndirectW
EditWndProc
WinHelpW
SendNotifyMessageA
GetKeyNameTextA
FindWindowExA
EmptyClipboard
DefDlgProcW
DispatchMessageA
GetSubMenu
InvalidateRect
CharLowerW
DragObject
ChildWindowFromPoint
SetUserObjectInformationW
GetUserObjectInformationA
CreateIcon
DrawStateA
EndPaint
GetKeyNameTextW
GetKeyboardLayout
GetWindowDC
GetMenuState
SendMessageW
CreateCursor
OpenIcon
SendNotifyMessageW
CascadeChildWindows
GetScrollInfo
RegisterClipboardFormatW
LoadCursorFromFileA
wvsprintfW
InsertMenuW
IsDlgButtonChecked
CascadeWindows
GetWindowInfo
DrawFrameControl
IntersectRect
DrawAnimatedRects
PostThreadMessageA
RealChildWindowFromPoint
UnionRect
MapVirtualKeyW
PrivateExtractIconsA
TabbedTextOutA
LoadStringW
DrawMenuBar
MenuItemFromPoint
IsChild
CharPrevA
AdjustWindowRectEx
ArrangeIconicWindows
GetWindowModuleFileNameA
CopyAcceleratorTableA
CloseClipboard
EnumWindowStationsA
IsDialogMessage
MonitorFromRect
PostThreadMessageW
TranslateAcceleratorA
SetClassWord
CharLowerBuffA
DestroyCaret
MessageBoxA
OpenInputDesktop
CharToOemW
MoveWindow
UpdateWindow
ToUnicode
CloseDesktop
SetWindowRgn
DrawTextExW
InflateRect
EndTask
CreateAcceleratorTableW
CheckMenuRadioItem
GetInputState
GetWindowLongA
CharToOemBuffA
GetMenuStringW
SetSysColors
DestroyIcon
BringWindowToTop
SetFocus
SendDlgItemMessageW
ShowCaret
CharToOemBuffW
SetMenuDefaultItem
GetSysColor
SetWindowWord
wsprintfA
FillRect
AnyPopup
CallNextHookEx
SetParent
GetClassInfoExW
SetTimer
SetWindowsHookExW
EnumPropsExA
SendMessageTimeoutA
SendMessageCallbackA
GetClassInfoW
MapVirtualKeyA
GetIconInfo
PrivateExtractIconExW
ChangeDisplaySettingsA
SetProcessWindowStation
DefFrameProcW
CreateMDIWindowW
SendDlgItemMessageA
GetPropW
ShowCursor
EnableScrollBar
SetDebugErrorLevel
PostMessageA
UnregisterClassA
AttachThreadInput
ValidateRect
CreateDialogIndirectParamA
OffsetRect
DrawFrame
GetFocus
SendMessageCallbackW
GetMenuItemID
IsCharLowerW
ChangeDisplaySettingsW
FindWindowW
ChildWindowFromPointEx
SetClipboardViewer
IsWindowVisible
SetCaretBlinkTime
GetTopWindow
SetPropA
DrawTextA
DlgDirSelectExA
DispatchMessageW
ChangeDisplaySettingsExA
GetClipboardFormatNameW
TrackMouseEvent
ScrollWindow
GetClassInfoExA
AppendMenuA
SetMenuItemBitmaps
UnlockWindowStation
CharLowerBuffW
GetMessageA
SetSystemMenu
SetPropW
CharNextA
LockWorkStation
InvertRect
GetNextDlgTabItem
SetCursorContents
DrawTextExA
GetClipboardData
PaintDesktop
GetMouseMovePointsEx
FlashWindowEx
DlgDirListA
AppendMenuW
MessageBoxW
SendMessageTimeoutW
FrameRect
TranslateAcceleratorW
SetMenuContextHelpId
MenuWindowProcA
ShowWindow
EnableMenuItem
CreateIconFromResource
GetAltTabInfoW
WinHelpA
CloseWindow
wsprintfW
GetMenuStringA
GetWindowTextA
GetMenuInfo
OemToCharBuffA
wvsprintfA
TabbedTextOutW
RegisterClipboardFormatA
LoadIconW
OpenDesktopW
GetCursorInfo
EndMenu
GetDlgItem
GetMenuItemCount

kernel32

GetBinaryTypeW
GetDiskFreeSpaceExW
UnregisterWait
GetLocalTime
SetVolumeLabelW
GetDiskFreeSpaceA
GetProcessTimes
SystemTimeToTzSpecificLocalTime
CompareStringA
GetProfileIntA
GetLastError
GetACP
IsDBCSLeadByte
FreeUserPhysicalPages
FindFirstVolumeA
GetDefaultCommConfigA
IsProcessInJob
GetPrivateProfileIntW
FoldStringW
ReleaseActCtx
AllocateUserPhysicalPages
FindResourceExW
EnumDateFormatsExA
GetFileSizeEx
CreateEventA
GetCPInfo
GetTapeStatus
PeekNamedPipe
BuildCommDCBW
CreateTimerQueue
CreateTapePartition
UpdateResourceA
PrivCopyFileExW
CreateSemaphoreW
WinExec
EnumLanguageGroupLocalesW
AllocConsole
RtlCaptureContext
SetFileAttributesA
MulDiv
GetCurrentConsoleFont
GetSystemTime
GetProcessIoCounters
FindFirstFileExA
EnumResourceNamesA
QueryPerformanceFrequency
GetTimeFormatA
EnumCalendarInfoA
lstrcpyW
SetThreadUILanguage
DefineDosDeviceW
GlobalAddAtomW
lstrcpy
Beep
ReadConsoleInputExA
SetFileValidData
GetProcessShutdownParameters
GlobalFindAtomW
OpenFileMappingW
SetEnvironmentVariableW
UnmapViewOfFile
HeapSize
GetEnvironmentVariableA
OpenSemaphoreW
GetThreadTimes
GetStartupInfoW
FatalExit
GetConsoleMode
GetComPlusPackageInstallStatus
LoadResource
DeactivateActCtx
GetConsoleTitleW
SetDefaultCommConfigW
GetVolumePathNamesForVolumeNameA
SetComputerNameW
SetHandleCount
GetCurrentActCtx
CancelDeviceWakeupRequest
SetCommMask
ShowConsoleCursor
GetTimeZoneInformation
SystemTimeToFileTime
EndUpdateResourceA
GetThreadPriorityBoost
GetProfileIntA
DeleteAtom
EnterCriticalSection
GetNumberFormatW
InitializeCriticalSection
GetFileAttributesW
WriteTapemark
SetComputerNameExA
GetProfileIntW
FreeEnvironmentStringsW
FlushViewOfFile
CreateJobObjectW
lstrcpyA
GetSystemTimeAdjustment
lstrcpynA
GetCalendarInfoW
QueryPerformanceCounter
EnumTimeFormatsA
lstrcmpW
GetConsoleTitleA
LockFile
ConnectNamedPipe
SetThreadAffinityMask
RtlMoveMemory
SetLastError
ExpandEnvironmentStringsW
CreateThread
LZCopy
WritePrivateProfileStructA
SetFileApisToOEM
DeleteTimerQueueEx
FindFirstFileExW
GlobalReAlloc
ReleaseMutex
ResetEvent
SetTapePosition
SetNamedPipeHandleState
RemoveDirectoryA
AddAtomW
MoveFileWithProgressA
CreateMemoryResourceNotification
CreateDirectoryA
WriteConsoleA
FlushConsoleInputBuffer
ClearCommError
GetExitCodeThread
OpenFile
BuildCommDCBA
FileTimeToLocalFileTime
GlobalLock
GetFullPathNameW
GetProcessVersion
EnumCalendarInfoExW
InitializeCriticalSectionAndSpinCount
GetWriteWatch
GetFileAttributesExW
RtlUnwind
DeleteVolumeMountPointA
GetLongPathNameA
GetDateFormatA
CreateMailslotA
LocalHandle
WritePrivateProfileSectionW
LocalUnlock
GetConsoleOutputCP
CreateJobSet
FatalAppExitA
GetGeoInfoA
GetSystemDefaultLangID
CopyLZFile
GetFileAttributesExA
DisconnectNamedPipe
GetExitCodeProcess
TryEnterCriticalSection
GlobalFree
LoadLibraryExA
LocalAlloc
GlobalAlloc
GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

comdlg32

FindTextA
GetFileTitleW
GetFileTitleA
PrintDlgExW
PageSetupDlgW
GetOpenFileNameA
ChooseColorW
ReplaceTextW
dwOKSubclass
GetSaveFileNameW
PrintDlgA
dwLBSubclass
LoadAlterBitmap
CommDlgExtendedError
WantArrows
GetSaveFileNameA
GetOpenFileNameW
ChooseColorA
FindTextW
ReplaceTextA
ChooseFontA

oleaut32

VarXor
SafeArrayPutElement
DispGetParam
VarDateFromR4
VarI4FromUI2
VarI8FromDisp
VarUI2FromStr
VarR8FromDate
OleLoadPictureEx
VarBoolFromR4
VarI8FromI1
ClearCustData
VarCyFromI4
VarI2FromI1
VarDateFromR8
VarDecCmpR8
VarParseNumFromStr
LHashValOfNameSys
VarUI4FromI1
VarI1FromI2
SafeArrayGetDim
OACreateTypeLib2
VarDecMul
VARIANT_UserMarshal
VarDecRound
VarUI1FromUI8
SafeArrayDestroy
VarDateFromCy
SysFreeString
VarCyFromUI4
VarBstrCat
GetVarConversionLocaleSetting
SafeArrayGetIID
OleCreatePropertyFrame
VariantTimeToDosDateTime
SysAllocString
VarDecDiv
VarUI1FromDisp
SafeArrayCopyData
VarUI1FromDec
SafeArrayUnaccessData
VarRound
DispGetIDsOfNames
VarImp
VarDecFromDisp
SafeArrayCreateVectorEx
CreateDispTypeInfo
BSTR_UserSize
VarI2FromUI4
DllUnregisterServer
GetRecordInfoFromGuids
VariantClear
VarUI1FromCy
SafeArrayLock
VarI2FromR4
VarI4FromUI1
VarR8Pow
VarUI4FromDec
DosDateTimeToVariantTime
VarUI4FromI8
OleIconToCursor
VarI4FromUI4
VarI1FromDec
VarUdateFromDate
VarBoolFromI1
VarCyAdd
VarI2FromR8

winspool.drv

CloseSpoolFileHandle
FlushPrinter
AddFormA
EnumPrinterKeyA
EnumPrintProcessorsW
PrinterProperties
AddPrinterDriverW
PrinterMessageBoxW
DeletePrinterDataExW
EnumPrinterDataA
ConvertUnicodeDevModeToAnsiDevmode
EnumMonitorsA
EnumPrinterDataExW
PerfClose
DeletePrinterDataExA
QueryColorProfile
EnumPrintProcessorDatatypesA
FindFirstPrinterChangeNotification
EnumPrinterDataExA
ConvertAnsiDevModeToUnicodeDevmode
DeletePrintProvidorW
DocumentPropertySheets
DevQueryPrintEx
DeletePrinterConnectionW
DEVICEMODE
DeletePrinterKeyW
StartDocPrinterA
OpenPrinterA
DeletePrintProcessorW
DocumentPropertiesA
DevicePropertySheets
AddPortExA
AddPrinterDriverExA
AddPrintProcessorW
AddPrinterA
GetDefaultPrinterA
SetPrinterDataExA
SetFormW
DeletePortA
EnumPrintProcessorsA
EnumPrinterDataW
GetPrinterDriverA
DeviceCapabilitiesA
WritePrinter
AddMonitorA
SetJobW
DocumentEvent
GetPrinterDriverW
SetPortA
DeletePrintProcessorA
DeletePrinterDriverExA
PerfOpen
SetPrinterDataW
EndPagePrinter
DeviceMode
WaitForPrinterChange

version

VerLanguageNameA
GetFileVersionInfoSizeW
VerQueryValueA
VerQueryValueW
VerFindFileW
VerFindFileA
GetFileVersionInfoSizeA

ws2_32

listen
WSCUnInstallNameSpace
WSAAsyncSelect
WSASocketA
connect
WPUCompleteOverlappedRequest
WSAJoinLeaf
socket
WSACancelBlockingCall
WSADuplicateSocketW
WSAAsyncGetServByPort
WSALookupServiceBeginW
WSACancelAsyncRequest
recvfrom
closesocket
WSAInstallServiceClassW
WSASend
WSASetServiceW
WSCUpdateProvider
WSADuplicateSocketA
gethostname
WSCEnumProtocols
WSAAsyncGetHostByAddr
WSASetEvent
inet_ntoa
WSCDeinstallProvider
bind
WSAResetEvent
WSAEnumNameSpaceProvidersW
WSALookupServiceBeginA
WSAEnumNameSpaceProvidersA
WSARemoveServiceClass
WSCGetProviderPath
WSAHtons
WSCEnableNSProvider
select
send
WSAProviderConfigChange
WSAGetOverlappedResult
WSAStringToAddressW
WSANtohl
getprotobyname
shutdown
WSALookupServiceNextW
getnameinfo
getsockname
sendto
WSCInstallNameSpace
getservbyname
WSANSPIoctl
WSCInstallProvider
WSAGetServiceClassNameByClassIdW
recv
WSAEnumNetworkEvents
ntohl
WSAAsyncGetProtoByName
WSAIsBlocking
WSACleanup
gethostbyaddr
WSARecv
accept
WSASetLastError
WSAAsyncGetHostByName
WSARecvFrom
htonl
WSACloseEvent

comctl32

FlatSB_GetScrollProp
CreatePropertySheetPageW
PropertySheet
CreateStatusWindow
ImageList_AddMasked
ShowHideMenuCtl
CreateUpDownControl
GetMUILanguage
ImageList_BeginDrag
InitCommonControlsEx
ImageList_Replace
ImageList_Write
ImageList_GetFlags
ImageList_DrawEx
ImageList_Duplicate
ImageList_GetImageRect
MenuHelp
ImageList_GetDragImage
ImageList_ReplaceIcon
ImageList_AddIcon
ImageList_GetIconSize
DestroyPropertySheetPage
ImageList_SetFlags
FlatSB_SetScrollPos
CreatePropertySheetPage
LBItemFromPt
ImageList_SetDragCursorImage
DrawStatusText
FlatSB_ShowScrollBar
UninitializeFlatSB
ImageList_DragLeave
ImageList_Destroy
ImageList_LoadImage
ImageList_Copy
FlatSB_GetScrollRange
InitMUILanguage
ImageList_Read
InitializeFlatSB
MakeDragList
ImageList_LoadImageW
ImageList_DragMove
ImageList_LoadImageA
ImageList_SetBkColor
FlatSB_SetScrollProp
ImageList_GetIcon
FlatSB_GetScrollPos
InitCommonControls
PropertySheetA
FlatSB_GetScrollInfo
PropertySheetW
FlatSB_EnableScrollBar
ImageList_DragEnter
DrawInsert
ImageList_Merge
ImageList_Create

gdi32

SetBkColor
CreateFontIndirectA
CreateMetaFileW
GdiRealizationInfo
GetDeviceCaps
GetStockObject
SetViewportExtEx
PolylineTo
GetLogColorSpaceA
EngQueryEMFInfo
GetCurrentObject
GdiGetPageCount
SetPixelFormat
SetBitmapDimensionEx
QueryFontAssocStatus
GetRegionData
SetLayout
PlgBlt
CreatePen
GetEUDCTimeStampExW
SetWorldTransform
GetTextAlign
GdiReleaseLocalDC
GetMiterLimit
GetGlyphIndicesW
SetPaletteEntries
GdiDllInitialize
RealizePalette
GetCharWidthI
CreateCompatibleDC
SetMetaFileBitsEx
EngComputeGlyphSet
HT_Get8BPPFormatPalette
GetNearestColor
GetCharABCWidthsA
GetTextFaceA
GetTextExtentExPointW
RectVisible
GetCharacterPlacementA
GetICMProfileA
GetDeviceGammaRamp
SetPixel
SetMiterLimit
SetArcDirection
GdiAddGlsBounds
ChoosePixelFormat
ColorCorrectPalette
SetPolyFillMode
GdiGradientFill
EngUnicodeToMultiByteN
CreateScalableFontResourceA
DeleteObject
FrameRgn
EngBitBlt
DPtoLP
CreateDCA
GdiIsMetaPrintDC
CreateFontIndirectW
SelectBrushLocal
GdiResetDCEMF
StretchDIBits
ScaleWindowExtEx
EngFindResource
FlattenPath
SetColorAdjustment
GdiConvertToDevmodeW
CreateMetaFileA
ResetDCA
GdiAddGlsRecord
cGetTTFFromFOT
GetTransform

Sections

CODE
Size: 456KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX0
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d69246714e9f11a8b3c2ac21e47d755

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

5f:8a:8b:c0:b5:b8:df:88:bc:c7:11:b3:fd:a5:59:7dCertificate

Extended Key Usages

Key Usages

c4:f0:52:b4:aa:32:ae:b6:a2:1b:e1:99:e3:91:21:aa:ef:01:60:9fSigner

Signature Validations

Verification

28/10/2022, 15:04 Valid: false

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

oleaut32

winspool.drv

version

ws2_32

comctl32

gdi32

Sections

CODE Size: 456KB - Virtual size: 460KB

UPX0 Size: 9KB - Virtual size: 16KB

.idata Size: 22KB - Virtual size: 24KB

.text0 Size: 54KB - Virtual size: 56KB

UPX1 Size: 512B - Virtual size: 4KB

.text1 Size: 93KB - Virtual size: 96KB

BSS Size: 11KB - Virtual size: 12KB

.rsrc Size: 62KB - Virtual size: 62KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

5f:8a:8b:c0:b5:b8:df:88:bc:c7:11:b3:fd:a5:59:7d
Certificate

c4:f0:52:b4:aa:32:ae:b6:a2:1b:e1:99:e3:91:21:aa:ef:01:60:9f
Signer

28/10/2022, 15:04
Valid: false

CODE
Size: 456KB - Virtual size: 460KB

UPX0
Size: 9KB - Virtual size: 16KB

.idata
Size: 22KB - Virtual size: 24KB

.text0
Size: 54KB - Virtual size: 56KB

UPX1
Size: 512B - Virtual size: 4KB

.text1
Size: 93KB - Virtual size: 96KB

BSS
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 62KB - Virtual size: 62KB