youtube_1TGv4KlAeSkveX2hRQwP_fdWDv=report[.]docx[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

youtube_1TGv4KlAeSkveX2hRQwP_fdWDv=report.docx.zip
Size

45.3MB
MD5

06ac171555761b024d70cede26b09df6
SHA1

3067baa78ff429ad9f54618ae1f064ef11f8b3d5
SHA256

a29e7b3a492b2aab2c7b610c9c92cac6f66d70f42fcbedb5267e81226abe0ac8
SHA512

9d51054274d7ef7edb438a72fb24a2ac8aefcf39d6ad3266598de9574bd0a2baa0acd4742bb393c4bebdc2fc387cb70c8ae2358e6021b83892d04d82c553512d
SSDEEP

786432:iuBvG38x42yRYBnoewrWVkjM/TUgHMaZjgvD1T+2yInlCOJ0o3FFQV2VSbulK:ZTFsWVkjM4Pe0vJqsEuFFQcVSbulK

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/youtube_1TGv4KlAeSkveX2hRQwP_fdWDv=report.docx.scr	themida

Files

youtube_1TGv4KlAeSkveX2hRQwP_fdWDv=report.docx.zip
.zip
youtube_1TGv4KlAeSkveX2hRQwP_fdWDv=report.docx.scr
.exe windows x64

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:4b:79:66:14:d5:eb:90:86:cb:11:3d:91:4b:cc:dc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/01/2023, 00:00

Not After

15/01/2026, 23:59

Subject

CN=AVG Technologies USA\, LLC,O=AVG Technologies USA\, LLC,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:02:d3:58:9f:c3:88:2f:0f:57:3a:cd:3d:f7:3e:52:9d:0d:f8:02:70:d6:f7:96:12:0f:21:fc:68:d5:e0:5d
Signer

Actual PE Digest

c0:02:d3:58:9f:c3:88:2f:0f:57:3a:cd:3d:f7:3e:52:9d:0d:f8:02:70:d6:f7:96:12:0f:21:fc:68:d5:e0:5d

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=AVG Technologies USA\, LLC,O=AVG Technologies USA\, LLC,L=Redwood City,ST=California,C=US

03/02/2023, 18:04
Valid: true

Chain 1

CN=AVG Technologies USA\, LLC,O=AVG Technologies USA\, LLC,L=Redwood City,ST=California,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=AVG Technologies USA\, LLC,O=AVG Technologies USA\, LLC,L=Redwood City,ST=California,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
youtube_1TGv4KlAeSkveX2hRQwP_fdWDv=report.docx.temp
.exe windows x64

6d6c80f73d772085110826aa904ea980

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/02/2020, 00:00

Not After

17/02/2023, 12:00

Subject

CN=Rockstar Games\, Inc.,OU=Rockstar Games,O=Rockstar Games\, Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:d7:63:ed:2a:36:ce:8f:93:a5:a9:17:db:43:7d:c7:22:ef:b9:bc
Signer

Actual PE Digest

3f:d7:63:ed:2a:36:ce:8f:93:a5:a9:17:db:43:7d:c7:22:ef:b9:bc

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Rockstar Games\, Inc.,OU=Rockstar Games,O=Rockstar Games\, Inc.,L=New York,ST=New York,C=US

21/10/2022, 00:34
Valid: true

Chain 1

CN=Rockstar Games\, Inc.,OU=Rockstar Games,O=Rockstar Games\, Inc.,L=New York,ST=New York,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

PeekNamedPipe
GetFileInformationByHandle
SetStdHandle
ReadConsoleW
CreateSemaphoreW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FlushFileBuffers
GetCurrentDirectoryW
GetConsoleMode
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStartupInfoW
GetFileType
GetStdHandle
SetLastError
FindFirstFileExW
HeapReAlloc
GetFullPathNameW
GetModuleHandleExW
HeapSize
GetFullPathNameA
GetDriveTypeW
GetTimeZoneInformation
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
DecodePointer
EncodePointer
GetLocaleInfoW
ResetEvent
InitializeCriticalSection
GetFileTime
VerifyVersionInfoW
VerSetConditionMask
GetSystemTimeAsFileTime
CreateFileA
GetOverlappedResult
GetSystemDefaultUILanguage
VerifyVersionInfoA
OutputDebugStringA
SetThreadExecutionState
LocalFree
LocalAlloc
MoveFileExW
GetFileAttributesExW
SetFileAttributesW
RemoveDirectoryW
GetTempPathW
OutputDebugStringW
LoadLibraryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
SetFileTime
SetFilePointerEx
SetEndOfFile
TerminateProcess
WerSetFlags
QueryPerformanceCounter
CreateDirectoryW
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
WriteConsoleW
SetEnvironmentVariableA
TerminateThread
GetProcessId
CreateProcessW
GetSystemDirectoryW
lstrcmpA
SetNamedPipeHandleState
GetModuleHandleW
LoadLibraryExW
CreateSemaphoreA
CreateMutexA
GetSystemInfo
ReleaseMutex
ReleaseSemaphore
SetEvent
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ResumeThread
GetLastError
GetThreadPriority
SetThreadPriorityBoost
SetThreadPriority
GetThreadId
GetCurrentThreadId
GetCurrentThread
CreateThread
GetProcessAffinityMask
GetProcessHeap
TransactNamedPipe
GetConsoleWindow
GetModuleHandleA
HeapFree
HeapAlloc
OpenProcess
GetCurrentProcessId
ExitProcess
WriteFile
CloseHandle
GetModuleFileNameA
GetModuleFileNameW
GetCommandLineA
CreateFileW
CreateToolhelp32Snapshot
Process32First
Process32Next
GetDiskFreeSpaceExA
DeleteFileW
GetFileSize
ReadFile
FindClose
lstrcpyA
lstrcpyW
lstrcatW
lstrlenA
GetFileAttributesW
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WaitForMultipleObjects
GetDiskFreeSpaceExW
FindFirstChangeNotificationA
FindNextChangeNotification
FindCloseChangeNotification
WaitForSingleObject
FreeLibrary
GetProcAddress
GlobalMemoryStatusEx
GetSystemFirmwareTable
SetHandleInformation
GetNativeSystemInfo
CreatePipe
LoadLibraryA
CreateProcessA
GetEnvironmentVariableA
GetWindowsDirectoryA
GetVolumeInformationA
QueryPerformanceFrequency
GetVersionExA
WideCharToMultiByte
GetUserDefaultUILanguage
GetSystemDefaultLocaleName
GetWriteWatch
ResetWriteWatch
DeleteFileA
GetCurrentProcess
Sleep
SetFilePointer
CreateEventA
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQueryEx
WaitNamedPipeW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
VirtualQuery

user32

UpdateWindow
ShowWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
RegisterRawInputDevices
GetRawInputData
ClientToScreen
GetCursorPos
SetCursorPos
ShowCursor
MapVirtualKeyExW
MapVirtualKeyW
MapVirtualKeyA
GetKeyState
GetDoubleClickTime
SendMessageW
GetKeyboardLayout
GetKeyboardLayoutList
UnloadKeyboardLayout
ActivateKeyboardLayout
LoadKeyboardLayoutW
QueryDisplayConfig
EnumDisplaySettingsW
LockSetForegroundWindow
LoadCursorA
ClipCursor
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
CreateWindowExW
RegisterClassW
PostMessageA
PeekMessageW
DispatchMessageW
GetCursorInfo
GetMonitorInfoA
MonitorFromPoint
LoadIconA
GetParent
SetWindowLongPtrA
GetSystemMetrics
KillTimer
SetTimer
SetFocus
GetClientRect
GetWindowRect
AdjustWindowRect
GetWindowLongA
MessageBoxW
GetWindowLongPtrA
SystemParametersInfoA
GetDesktopWindow
DefWindowProcW
TranslateMessage
SetWindowPos

gfsdk_shadowlib.win64

?NV_ShadowLib_OpenDX@@YA?AW4NV_ShadowLib_Status@@PEAUNV_ShadowLib_Version@@QEIAUNV_ShadowLib_Ctx@@QEIAUID3D11Device@@QEIAUID3D11DeviceContext@@PEAUgfsdk_new_delete_t@@@Z
?NV_ShadowLib_GetVersion@@YA?AW4NV_ShadowLib_Status@@PEAUNV_ShadowLib_Version@@@Z
?NV_ShadowLib_DevModeToggleDebugEyeViewZShader@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAI_N@Z
?NV_ShadowLib_DevModeToggleDebugCascadeShader@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAI_N@Z
?NV_ShadowLib_ModulateBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAIPEAUID3D11RenderTargetView@@Ugfsdk_float3@@@Z
?NV_ShadowLib_RemoveBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAPEAI@Z
?NV_ShadowLib_ClearBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAI@Z
?NV_ShadowLib_RenderBufferUsingExternalMap@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAUNV_ShadowLib_ExternalMapDesc@@PEAUID3D11ShaderResourceView@@PEAIPEAUNV_ShadowLib_BufferRenderParams@@@Z
?NV_ShadowLib_FinalizeBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAIPEAPEAUID3D11ShaderResourceView@@@Z
?NV_ShadowLib_AddBuffer@@YA?AW4NV_ShadowLib_Status@@QEIAUNV_ShadowLib_Ctx@@PEAUNV_ShadowLib_BufferDesc@@PEAPEAI@Z

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW

dsound

ord9
ord8
ord1
ord3
ord6

bink2w64

BinkRequestStopAsyncThread
BinkWaitStopAsyncThread
BinkOpen
BinkSetMemory
BinkOpenDirectSound
BinkSetSoundSystem
BinkSetFrameRate
BinkGetFrameBuffersInfo
BinkRegisterFrameBuffers
BinkDoFrame
BinkNextFrame
BinkWait
BinkClose
BinkPause
BinkGoto
BinkGetKeyFrame
BinkSetVolume
BinkShouldSkip
BinkSetIO
BinkSetSoundTrack
BinkDoFrameAsyncWait
BinkDoFrameAsync
BinkStartAsyncThread

wininet

InternetCrackUrlW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetOpenW

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

psapi

GetModuleFileNameExA
GetModuleBaseNameA
EnumProcessModules

mf

MFCreateASFMediaSinkActivate
MFCreateASFProfile
MFCreateASFContentInfo
MFShutdownObject
MFCreatePresentationClock
MFGetService
MFCreateSourceResolver

mfplat

MFInitAMMediaTypeFromMFMediaType
MFCreateAttributes
MFShutdown
MFCreateMediaType
MFStartup
MFGetSystemTime
MFCreateSample
MFTEnum
MFCreateSystemTimeSource
MFCreateMemoryBuffer

msdmo

MoFreeMediaType

mfreadwrite

MFCreateSinkWriterFromURL
MFCreateSourceReaderFromMediaSource

propsys

PropVariantToUInt32
PropVariantToStringWithDefault
PSStringFromPropertyKey
PropVariantGetStringElem
PropVariantToInt64
PropVariantToUInt64

ws2_32

recv
listen
inet_addr
getsockname
ioctlsocket
connect
send
setsockopt
socket
gethostbyname
accept
ntohl
getnameinfo
WSAAddressToStringA
htonl
freeaddrinfo
closesocket
bind
getaddrinfo
shutdown
sendto
select
recvfrom
getsockopt
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
htons
ntohs
gethostname

crypt32

CryptQueryObject
CertFindCertificateInStore
CertGetNameStringA
CryptMsgGetParam

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

d3d9

D3DPERF_BeginEvent
D3DPERF_EndEvent

d3dcompiler_43

D3DReflect

gfsdk_txaa_alpharesolve.win64

TxaaOpenDX
TxaaResolveDX

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionStringW
ImmGetCandidateListW
ImmGetConversionStatus
ImmSetConversionStatus
ImmGetCompositionStringW

dinput8

DirectInput8Create

xinput1_3

ord2
ord3

bcrypt

BCryptSecretAgreement
BCryptDeriveKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroySecret
BCryptImportKeyPair
BCryptExportKey
BCryptDecrypt
BCryptEncrypt
BCryptGenerateKeyPair
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptDestroyHash
BCryptGenRandom
BCryptSetProperty
BCryptFinalizeKeyPair

rpcrt4

UuidCreateSequential

iphlpapi

GetBestRoute
GetIpForwardTable2
GetIpAddrTable
FreeMibTable

shlwapi

SHStrDupW

gdi32

DeleteDC
CreateDCA
ExtEscape
GetDeviceCaps
GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptAcquireContextA

shell32

ShellExecuteA
ShellExecuteExA
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetKnownFolderPath

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoInitialize
CoSetProxyBlanket
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoLockObjectExternal

oleaut32

VariantInit
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantClear
SysAllocString

Sections

.text
Size: 25.5MB - Virtual size: 25.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKBSS
Size: - Virtual size: 96B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 18.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKCONS
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 11.4MB - Virtual size: 11.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:4b:79:66:14:d5:eb:90:86:cb:11:3d:91:4b:cc:dcCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c0:02:d3:58:9f:c3:88:2f:0f:57:3a:cd:3d:f7:3e:52:9d:0d:f8:02:70:d6:f7:96:12:0f:21:fc:68:d5:e0:5dSigner

Signature Validations

Verification

03/02/2023, 18:04 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 150KB - Virtual size: 149KB

.idata Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 5.5MB

.boot Size: 3.0MB - Virtual size: 3.0MB

6d6c80f73d772085110826aa904ea980

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3dCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

3f:d7:63:ed:2a:36:ce:8f:93:a5:a9:17:db:43:7d:c7:22:ef:b9:bcSigner

Signature Validations

Verification

21/10/2022, 00:34 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gfsdk_shadowlib.win64

version

dsound

bink2w64

wininet

winmm

psapi

mf

mfplat

msdmo

mfreadwrite

propsys

ws2_32

crypt32

wintrust

wtsapi32

d3d9

d3dcompiler_43

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:4b:79:66:14:d5:eb:90:86:cb:11:3d:91:4b:cc:dc
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c0:02:d3:58:9f:c3:88:2f:0f:57:3a:cd:3d:f7:3e:52:9d:0d:f8:02:70:d6:f7:96:12:0f:21:fc:68:d5:e0:5d
Signer

03/02/2023, 18:04
Valid: true

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 150KB - Virtual size: 149KB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 5.5MB

.boot
Size: 3.0MB - Virtual size: 3.0MB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:65:f4:57:25:17:cb:cc:aa:8b:37:76:58:0a:8d:3d
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

3f:d7:63:ed:2a:36:ce:8f:93:a5:a9:17:db:43:7d:c7:22:ef:b9:bc
Signer

21/10/2022, 00:34
Valid: true

.text
Size: 25.5MB - Virtual size: 25.5MB

BINK
Size: 3KB - Virtual size: 3KB

BINKBSS
Size: - Virtual size: 96B

.rdata
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 2.3MB - Virtual size: 18.3MB

.pdata
Size: 1.0MB - Virtual size: 1.0MB

.tls
Size: 2KB - Virtual size: 2KB

BINKCONS
Size: 512B - Virtual size: 512B

.rsrc
Size: 183KB - Virtual size: 183KB

.reloc
Size: 495KB - Virtual size: 495KB

.text
Size: 11.4MB - Virtual size: 11.4MB