a33bb11bff56ced27008f3256a725150564dc17923d121111e1665260e37ff1a

Sharing

Copy URL Twitter E-mail

General

Target

a33bb11bff56ced27008f3256a725150564dc17923d121111e1665260e37ff1a
Size

865KB
MD5

6f7b81b442461bfab966a44bfb8bce21
SHA1

91cb77347d91a4a69946a097082e0eda2d7feefb
SHA256

a33bb11bff56ced27008f3256a725150564dc17923d121111e1665260e37ff1a
SHA512

f655c73a9ae54b2dec1fe4165a96f05a64ede14949dca0413cd3bc778dcda74b7481e5ca1dfd3c82d66145d1edc756b2cac36f40bb6c630ce3db23bc7bf1e6de
SSDEEP

12288:DsRx05bwKCUt89R9Z+M7leGzXGF5S4Bv+JSzXXAAS8WGEIpCQ:yQb+v9LBeGzM5S4VciXXAAIhQ

Score

N/A

Malware Config

Signatures

Files

a33bb11bff56ced27008f3256a725150564dc17923d121111e1665260e37ff1a
.exe windows x86

83662ebec8c3bc66fc46356a5de215b4

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:2d:08:59:e3:9d:03:e5:f1:ef:45:bf:dc:91:00:f5
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/07/2015, 00:00

Not After

23/07/2016, 23:59

Subject

CN=\"ITIS\" OOO,O=\"ITIS\" OOO,POSTALCODE=194100,STREET=LESNOY PROSPEKT\, 65\, K.1 L.A\, 10N,L=Saint Petersburg,ST=Saint Petersburg REGOIN,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:ed:e2:a8:6d:e6:4a:dd:56:d1:9c:e8:d4:28:f4:7a:24:1a:28:bc
Signer

Actual PE Digest

05:ed:e2:a8:6d:e6:4a:dd:56:d1:9c:e8:d4:28:f4:7a:24:1a:28:bc

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=\"ITIS\" OOO,O=\"ITIS\" OOO,POSTALCODE=194100,STREET=LESNOY PROSPEKT\, 65\, K.1 L.A\, 10N,L=Saint Petersburg,ST=Saint Petersburg REGOIN,C=RU

28/10/2022, 15:08
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetAtomNameW
CreateTapePartition
GetStringTypeA
SystemTimeToTzSpecificLocalTime
VirtualQuery
ClearCommError
GetCompressedFileSizeW
GlobalFree
DelayLoadFailureHook
GetNamedPipeHandleStateA
SetFileShortNameW
WritePrivateProfileStringA
RtlMoveMemory
ReadConsoleOutputW
FlushViewOfFile
FreeConsole
GetConsoleDisplayMode
FatalExit
QueryDosDeviceA
FindNextVolumeW
GlobalFindAtomA
ResetEvent
Sleep
GetConsoleAliasesA
GlobalGetAtomNameW
GetCompressedFileSizeW
SetSystemTime
GetStringTypeA
GetNumberFormatA
ReleaseMutex
UnregisterWaitEx
EnumCalendarInfoA
CallNamedPipeA
FreeResource
VirtualLock
GetFullPathNameW
ChangeTimerQueueTimer
SetThreadExecutionState
SetCommState
OpenFileMappingW
SetThreadContext
GlobalGetAtomNameW
RemoveDirectoryA
LZRead
GlobalHandle
EnterCriticalSection
GetFileAttributesExA
GetLocaleInfoW
SetSystemPowerState
WritePrivateProfileSectionW
CopyFileExA
ExpandEnvironmentStringsA
ReplaceFileW
GetModuleHandleExA
PeekConsoleInputA
CreateThread
EnumLanguageGroupLocalesA
FindFirstVolumeMountPointA
GetDiskFreeSpaceW
SetFileAttributesA
SignalObjectAndWait
GetLocaleInfoW
EnumResourceTypesW
GetProfileStringW
Beep
GetPrivateProfileStringA
BackupSeek
SetHandleInformation
GetProfileStringA
GetLongPathNameA
DeleteTimerQueueTimer
CreateMailslotA
GetNumberOfConsoleMouseButtons
FillConsoleOutputCharacterA
GetConsoleAliasesW
LZCopy
SetProcessShutdownParameters
VirtualFree
AttachConsole
AddConsoleAliasA
ResetEvent
HeapQueryInformation
InterlockedExchange
FormatMessageA
CreateTimerQueue
GlobalLock
GetVolumeInformationA
CreateDirectoryA
FindClose
GetEnvironmentStringsA
LocalUnlock
FreeEnvironmentStringsW
OpenWaitableTimerW
SetFileApisToANSI
InitializeCriticalSectionAndSpinCount
GlobalFlags
IsProcessInJob
BackupRead
GetExitCodeThread
SleepEx
SetThreadPriority
VerLanguageNameA
TlsFree
GetOEMCP
GetBinaryTypeA
GetGeoInfoA
CopyFileA
IsBadReadPtr
OpenSemaphoreW
ReadConsoleW
GetSystemTime
SetProcessPriorityBoost
ReadConsoleOutputA
OpenFile
AllocConsole
GetStringTypeA
LZRead
GenerateConsoleCtrlEvent
GetCurrentDirectoryW
PeekConsoleInputA
LocalLock
InterlockedDecrement
FindFirstChangeNotificationA
GetConsoleOutputCP
SetLastError
SetEnvironmentVariableW
GetFileAttributesA
CreateFileMappingA
HeapCompact
GetCompressedFileSizeW
GetProcessHeap
SystemTimeToTzSpecificLocalTime
ExpandEnvironmentStringsW
GetConsoleWindow
TlsSetValue
ResetWriteWatch
EnumCalendarInfoW
GetLocalTime
RtlFillMemory
GlobalFindAtomW
GetProcessPriorityBoost
SetEndOfFile
DosPathToSessionPathA
PeekConsoleInputW
CopyLZFile
GetExpandedNameW
OutputDebugStringA
GetConsoleInputWaitHandle
FreeLibrary
WaitForMultipleObjects
GetLogicalDrives
GetConsoleFontInfo
GetDateFormatW
GetFileAttributesExW
EnumCalendarInfoExA
EnumResourceTypesA
SetPriorityClass
SetFileShortNameW
LocalSize
FindNextFileA
RtlCaptureStackBackTrace
VirtualFreeEx
BackupWrite
BuildCommDCBAndTimeoutsW
SetThreadUILanguage
Sleep
CreateNamedPipeW
SetEvent
CreateFileMappingW
AllocateUserPhysicalPages
SetFileTime
TzSpecificLocalTimeToSystemTime
DelayLoadFailureHook
ReadFile
FatalAppExitW
FlushInstructionCache
GetFullPathNameW
DebugBreak
WriteProfileStringW
GetUserDefaultLangID
LZCreateFileW
RtlZeroMemory
GetCommConfig
GetNamedPipeHandleStateA
MapViewOfFile
SetLocaleInfoW
GetProcessWorkingSetSize
GetVolumeInformationW
QueueUserWorkItem
LockResource
GetFileAttributesExA
GetThreadContext
GetTapePosition
GetProfileSectionA
WritePrivateProfileStringW
WritePrivateProfileStructW
CreateTimerQueueTimer
GlobalDeleteAtom
QueryDosDeviceW
GetCalendarInfoW
LocalFileTimeToFileTime
SetComputerNameW
GetDefaultCommConfigW
GlobalWire
SetCommConfig
CommConfigDialogA
LZSeek
GlobalSize
EnumSystemGeoID
DisableThreadLibraryCalls
lstrcatW
SetCurrentDirectoryA
GetStartupInfoW
FindFirstChangeNotificationW
MulDiv
CreateProcessA
HeapLock
lstrcatA
SetUnhandledExceptionFilter
RequestDeviceWakeup
RemoveDirectoryA
GetSystemInfo
CreateTapePartition
GetSystemDefaultLCID
WriteConsoleInputW
HeapUnlock
CopyFileW
GetProfileIntW
GetConsoleDisplayMode
FindActCtxSectionStringW
GetBinaryTypeW
CancelDeviceWakeupRequest
GetConsoleCP
TerminateThread
CreateHardLinkA
EnterCriticalSection
WideCharToMultiByte
GetModuleHandleExA
UnlockFileEx
ReadConsoleInputExW
FindVolumeMountPointClose
VerifyVersionInfoW
GetThreadPriorityBoost
DefineDosDeviceW
SearchPathA
CompareStringA
CreateJobObjectA
GetLargestConsoleWindowSize
SetLastConsoleEventActive
GlobalHandle
FindFirstVolumeMountPointW
GetConsoleCharType
GetNamedPipeInfo
SetThreadPriorityBoost
GetCPInfoExW
UnmapViewOfFile
EnumUILanguagesA
GetCurrentThread
EnumSystemLocalesA
EnumCalendarInfoExW
BeginUpdateResourceA
CreateActCtxW
VerLanguageNameW
PrepareTape
WaitForDebugEvent
GetNativeSystemInfo
GetThreadPriority
WriteFile
SetUserGeoID
WriteProfileSectionW
lstrcmp
CreateDirectoryW
GetUserGeoID
MoveFileWithProgressA
GetComPlusPackageInstallStatus
DeleteVolumeMountPointA
GetCPInfoExA
GetProcessVersion
GetPrivateProfileSectionA
GetSystemPowerStatus
GetCommProperties
GetProcessShutdownParameters
AssignProcessToJobObject
EnumSystemCodePagesW
SetComputerNameExW
HeapCreate
SetSystemTime
GetVolumePathNameA
GetCompressedFileSizeA
SetThreadLocale
SetVolumeLabelW
WriteConsoleOutputW
FoldStringA
IsBadHugeReadPtr
GetPrivateProfileStringW
GetThreadSelectorEntry
SearchPathW
EndUpdateResourceW
FileTimeToSystemTime
GetNumberOfConsoleInputEvents
FoldStringW
AddAtomA
WriteConsoleInputA
SetThreadContext
LockFile
GetSystemDirectoryW
CreateSemaphoreW
InitializeCriticalSection
OpenJobObjectW
ReadConsoleOutputW
SetSystemTimeAdjustment
GetDriveTypeW
SetCriticalSectionSpinCount
WritePrivateProfileSectionA
ClearCommBreak
GlobalGetAtomNameA
CancelIo
GetLastError
GlobalFree
TransactNamedPipe
lstrcpynW
FindFirstFileW
GetCurrentThread
FlushConsoleInputBuffer
GetConsoleSelectionInfo
CommConfigDialogW
GetNumberFormatA
EnumSystemCodePagesW
FindActCtxSectionStringA
RegisterWaitForSingleObject
GetFullPathNameW
GetNumberOfConsoleMouseButtons
IsDBCSLeadByte
SetTapePosition
FindFirstFileExA
HeapAlloc
FatalAppExitA
lstrcmp
CreateJobObjectW
GetLocaleInfoW
GetStartupInfoW
SetVolumeMountPointA
SetEndOfFile
ReadConsoleInputExW
FindFirstFileA
LocalFlags
GetFileSize
OutputDebugStringA
GetPrivateProfileStringW
ExitProcess
HeapSetInformation
InitializeCriticalSectionAndSpinCount
FindNextVolumeMountPointW
SearchPathA
GetExitCodeThread
ReplaceFile
WriteConsoleOutputCharacterA
DeactivateActCtx
GetVersionExA
GetShortPathNameA
GetFileAttributesExA
EnumResourceNamesA
EnumSystemLanguageGroupsA
ReadConsoleOutputCharacterW
EnterCriticalSection
SetVolumeLabelA
LeaveCriticalSection
DisableThreadLibraryCalls
GetSystemDefaultLangID
GetThreadSelectorEntry
FlushViewOfFile
BuildCommDCBA
EndUpdateResourceW
GetTimeFormatA
DeleteTimerQueue
CopyFileExA
GetFileAttributesA
GetNamedPipeInfo
UnregisterWaitEx
HeapLock
Sleep
SetSystemTime
DefineDosDeviceW
LZClose
GetConsoleCharType
CreateFileMappingA
EnumResourceLanguagesW
IsProcessorFeaturePresent
GetConsoleCP
AttachConsole
lstrlen
OpenWaitableTimerA
GetFullPathNameA
GetProfileIntA
WriteConsoleOutputAttribute
CreateDirectoryExA
GetCommState
FindActCtxSectionStringW
lstrcatW
GetPriorityClass
GlobalFindAtomW
CreateFileA
CopyFileA
WriteConsoleInputA
Heap32ListNext
FileTimeToLocalFileTime
lstrcmpA
ConvertDefaultLocale
SetProcessShutdownParameters
GetWriteWatch
SignalObjectAndWait
GlobalAddAtomA
IsProcessInJob
FillConsoleOutputCharacterA
GlobalFix
GetComputerNameExW
FindVolumeMountPointClose
CreateMailslotA
IsBadStringPtrW
TransmitCommChar
GetPrivateProfileSectionW
ReadConsoleOutputCharacterA
GetComputerNameA
FindVolumeClose
BackupWrite
PeekConsoleInputW
GetLongPathNameA
FlushInstructionCache
GlobalMemoryStatus
OpenFileMappingA
DeleteTimerQueueTimer
ReadConsoleA
GetVolumeNameForVolumeMountPointW
ReleaseSemaphore
CallNamedPipeW
GetTimeZoneInformation
FindNextVolumeW
SetCriticalSectionSpinCount
GetVolumePathNameA
EnumLanguageGroupLocalesA
FindFirstFileExW
GetPrivateProfileStructW
VirtualLock
FatalAppExitW
ReadConsoleOutputW
WritePrivateProfileStringA
GetLocalTime
CreateConsoleScreenBuffer
SetErrorMode
LocalUnlock
InterlockedExchange
GetConsoleKeyboardLayoutNameW
SetCurrentDirectoryA
EnumDateFormatsA
CreateDirectoryExW
GetComPlusPackageInstallStatus
FreeLibraryAndExitThread
GetVersionExW
GlobalGetAtomNameA
PulseEvent
GetOEMCP
GetCurrentDirectoryW
RtlZeroMemory
EnumTimeFormatsA
VirtualQueryEx
EnumDateFormatsExA
CreateWaitableTimerA
SetComPlusPackageInstallStatus
LockFileEx
ReadFileScatter
OpenFile
MoveFileA
OpenJobObjectA
GetVolumeInformationA
HeapFree
AddRefActCtx
FindAtomW
AllocConsole
GlobalUnWire
UnregisterWait
FoldStringW
ShowConsoleCursor
MoveFileW
GetTempPathA
WriteProfileStringA
LocalFileTimeToFileTime
CreateMailslotW
GetVersion
QueryDosDeviceW
PrivCopyFileExW
GetExpandedNameW
GlobalWire
GetModuleFileNameA
SetWaitableTimer
GetStringTypeExW
SetThreadExecutionState
GetPrivateProfileIntW
ScrollConsoleScreenBufferW
FindClose
WriteProfileSectionA

shlwapi

SHCopyKeyA
PathFindFileNameW
PathFindOnPathW
PathRemoveBlanksW
PathCanonicalizeA
PathUnquoteSpacesA
StrCatChainW
StrIsIntlEqualA
SHLoadIndirectString
StrRStrIA
AssocQueryKeyW
StrCSpnIA
SHDeleteEmptyKeyA

ole32

OleRegGetUserType
UpdateDCOMSettings
IsValidPtrOut
StgPropertyLengthAsVariant
CoCreateFreeThreadedMarshaler
StgOpenStorageEx
OleRun
CreateStdProgressIndicator
CoDeactivateObject
SetErrorInfo
HPALETTE_UserMarshal
CoUnmarshalHresult

comdlg32

PrintDlgExA
PageSetupDlgA

oleaut32

VarBoolFromDec
VarR8FromI8
VarI1FromUI1
QueryPathOfRegTypeLib
VarNot
DllRegisterServer
LoadRegTypeLib
VarI8FromUI8
VarBstrFromUI1
VarUI4FromR8
CreateTypeLib2
VarI2FromUI2

shell32

ShellExec_RunDLL
ShellAboutA
SHBrowseForFolderW
DragQueryPoint
WOWShellExecute
SHGetFolderLocation
Options_RunDLLA
ShellHookProc
RealShellExecuteA
FindExecutableW
ExtractIconExA
StrRStrIW
SheGetDirA

winspool.drv

EnumPrinterDataExW
OpenPrinterW
DocumentEvent
GetPrinterDriverA
DeleteMonitorW
DeletePrinterKeyA
FlushPrinter
AddMonitorW
DeletePrinterConnectionA
EnumMonitorsA
DeletePrinterDriverExA
AddFormW
EnumPrinterDataExA
DocumentPropertiesW
ConvertAnsiDevModeToUnicodeDevmode

advapi32

StartServiceW
GetSecurityInfoExW
PrivilegeCheck
RegDeleteValueW
CredProfileLoaded
RegisterEventSourceW
GetServiceDisplayNameA
LookupAccountNameA
LsaDeleteTrustedDomain
WriteEncryptedFileRaw
CredIsMarshaledCredentialW
ChangeServiceConfigA
AccessCheckByTypeAndAuditAlarmW
CryptEnumProviderTypesA
FreeEncryptionCertificateHashList
LsaSetSystemAccessAccount
CryptEnumProviderTypesW
RegQueryValueExA
LsaStorePrivateData
LsaOpenPolicy

gdi32

GdiCleanCacheDC

version

VerFindFileA
VerFindFileW
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW

wtsapi32

WTSVirtualChannelPurgeInput
WTSShutdownSystem
WTSVirtualChannelOpen
WTSTerminateProcess
WTSVirtualChannelWrite
WTSSendMessageA
WTSFreeMemory
WTSVirtualChannelPurgeOutput
WTSQueryUserToken
WTSCloseServer
WTSSetUserConfigW

ws2_32

htons
WSALookupServiceBeginW
setsockopt
listen
WSAAddressToStringW
WSALookupServiceBeginA
WSACleanup
htonl
WSASocketW
WSASetLastError
socket

user32

IsHungAppWindow

comctl32

PropertySheetA
InitMUILanguage
ImageList_GetBkColor
MenuHelp
ShowHideMenuCtl
ImageList_Replace
ImageList_LoadImageA
ImageList_Add
FlatSB_GetScrollProp
GetMUILanguage
DrawInsert
ImageList_Merge
ImageList_Remove
InitializeFlatSB

Exports

Exports

&K��N ;9�9ro�%"��g/s�;Z��ڄ�_� ��Р%�/ �yЕ"1��Q�l��]��K�[��`$�o�d~��O�oH7�t*M��֕)o�I;��䶯��OR[s��%�cKԯgft��g��i��+۟�|��jƪB��l�A��%��f�ÝTK�kd��#�遊�/tW�F�� |�W2�|��v��6] K��I ��\�B��\�"t�Vw��o� ��T�� @�C��l�7%�� N-.�-��ɷ%|�u]�.'q�t��]��?��{�)P�>�2��$[&�w|yk\;��wN�FN&S᝔c(B��Z\/Ry��0+�,�aEeI�.\G�'R�'��H�=��'�?�T"��D�m�O�m2[!S��Ne��y��'{��O,[ �n>2�)�mtߗ7�ۀ�͚co�^U��p�Ꝃz�T��/��b��PGK �Wed1j��2[.�`>��)d��I��q(�#��^�BYk�']/�&|�r*�~o��ÇQ��H�4|��Z��R��v�X��{dc�l�|ڻV�z�Y��g0и��i�B:p��J��4�3]�h��il� h�} ��پ��7�R��LN�܂@۬H05 � e�q�v�3gO��=K>��I9^�z]to:P�D�^8Bޤ�.%+Y�T�B[�zWsۄk��*��F>�Q��*�!>X�� 3��~i��2@ȕ��w��5��*z�T��-\}؄8��_�u�C-T ��3��or0�<s�փ��Xr�m��]* 'P٫̆��Ɗ�3/��'$b 7�҉؝q�i�Ͻ�W�{�\��B�U3�?f��0��y�]�u��]TA�~�JLB*z�� %g9��:#�乫��]o�c�#۠T��am�c=�#C`��G�k��_��e�h�')�G� ��H�;�x�L�o]w=��;��M��7��K��>bg�Z��2�L�?�-�l��a{PZ��A�>P5��-�p>��VcЩ�$�ѻ��/fң�z��:S��[ !��A>�<�nʰ��铟�ޑv��)@�Lb1S�F�.X��)�Q�z��^HF)u�K�F(�t��)��/>�3:��C.��U�-"b4:�8�n�*��X�Ki�q�4ʨ��q]2��N�uB�alT��ګ��w� �,��q��WR��L��tG[ȥ��0��ʜM'q�D�L��YG�f�� Fj�`��W��T� �B�l��09d��İܦ�ma�7siEL�@�!�Vé��E�2�?�#��7TJ9ux��V.5�l�7�G R`�V��h��2�k�'�޽?�( �� mx@��e��fdQ�W쿎M6k<2��c}��6�RᣫD��-�?��t��{.*��R��R�F�:�m��QP>�qm��;�1%��1�H��>�a|e�n� "��`8�H��W�~��?5UJJ;�Ɗˠ�x�ٴB7K�?2s��)�*O��n*W�;��F9֝�� +F�5�۳/ �K��@`Ö�?��II벍�Ϧߏ�P�8Ko�^F�� tS��]�� nu�V]�Dx��蓕��_42��Ǔֺfid��{�kP��>0�4\��t��.ℶ��_<Ni�D��5D�AV4��B|��I�3��7��e ��=Cnj-q<�BX�R7�w܅��<�#��o�F~�א©Q�Ѿh��a��[��Q�F�f�%:��L��H��\N��Dw�H1�E��j®2wL��u�뉞N�N��7uW�~��y��<�0�h�:��՝�?�)��E��e��]1@�.�>y��]��:$-S�-E��s��*tUG�Zv{d��:�b�4$�i��t�[��;H٘ѣRx`��D�E>��|`��S,vm�� ]�O�� PJ��-�b��S%�)��MC��l��4rO��-��5\�hǺ�7�^J&��h]��0B�f�M�x��F6*��C3��C��*�>�gj�=�?>:j8q#��1�f��P�<m��u�oV��y�Z��_t]{��~�>bWLF��Z��L��X!O��|��|z`:�$6��p@�� k�ux��B�G�� ;�h��$LB��2E�4�5��_�ĢN�3�Yi�q"X)�NU�IF."ZEr��cJiӜ��Z�?i<��x��Z�_�n ,s�g0cq��9,-$�<�j�u�O��C��NCN~�J�x�z�(�ˇ+�2�X�E�C7e�6�Đ��.�^�Fi��Jå��.rv��,A<�j˧z�� nE!j~�^d�E�S�]�'�H�4�Oz\��`��<��j��h ��,��7a@�S�i��$�c֞V�w|� Z��e63c��|��t�N�GĆ&�Iz�| U��*}�)��`<��^��p��tV>�5bU4~��jQK57�J��P�=1}j��t2��Ԋ��? �H]f��/>��U6g,��/ث\��IJ�~�~9��ڽ�X0��~D��:h?�`ܜH�0Nf=�_l#�%��n�ܿv��舉'P+��I��1�^�H��)a|��)��譱w��OB��s�_�"��F?��W��[-�K��}`U@-��ѭ[P�ON�3Ц��v�mW7��%2 �q��{2��T8b��^�v��X��,��-��1��,S"�L��Ϩ��.�$��?� ��i'zG\�0L�v�q?~��0R�gS��pz��;)�ЫV.f�y��P�G'�"�yKmATV��D|8:_c�%v"oRa��%��lD��&�M�e֦YH��}�Oe޿�#SY�Gӗ##�\Sܧ>xf�rP�mWB��d��,� �T�N��

Sections

CODE
Size: 446KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 895B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83662ebec8c3bc66fc46356a5de215b4

Code Sign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

d4:2d:08:59:e3:9d:03:e5:f1:ef:45:bf:dc:91:00:f5Certificate

Extended Key Usages

Key Usages

05:ed:e2:a8:6d:e6:4a:dd:56:d1:9c:e8:d4:28:f4:7a:24:1a:28:bcSigner

Signature Validations

Verification

28/10/2022, 15:08 Valid: false

Headers

File Characteristics

Imports

kernel32

shlwapi

ole32

comdlg32

oleaut32

shell32

winspool.drv

advapi32

gdi32

version

wtsapi32

ws2_32

user32

comctl32

Exports

Exports

Sections

CODE Size: 446KB - Virtual size: 445KB

DATA Size: 11KB - Virtual size: 11KB

BSS Size: - Virtual size: 895B

.idata Size: 19KB - Virtual size: 19KB

.text0 Size: 58KB - Virtual size: 58KB

.tls Size: 512B - Virtual size: 24B

.text1 Size: 106KB - Virtual size: 106KB

.reloc Size: 9KB - Virtual size: 9KB

.rsrc Size: 207KB - Virtual size: 206KB

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

d4:2d:08:59:e3:9d:03:e5:f1:ef:45:bf:dc:91:00:f5
Certificate

05:ed:e2:a8:6d:e6:4a:dd:56:d1:9c:e8:d4:28:f4:7a:24:1a:28:bc
Signer

28/10/2022, 15:08
Valid: false

CODE
Size: 446KB - Virtual size: 445KB

DATA
Size: 11KB - Virtual size: 11KB

BSS
Size: - Virtual size: 895B

.idata
Size: 19KB - Virtual size: 19KB

.text0
Size: 58KB - Virtual size: 58KB

.tls
Size: 512B - Virtual size: 24B

.text1
Size: 106KB - Virtual size: 106KB

.reloc
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 207KB - Virtual size: 206KB