ForexwareCQGGateway64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ForexwareCQGGateway64.exe
Size

7.5MB
MD5

73bd784a9219d662278bcbffd58112d1
SHA1

6b3c1bdc384cb12b994a6dac9dceea8602bf33b3
SHA256

448831539e4d6018be9cb21bd8cdca9d72b3f3608104fa6d4a95367802a78079
SHA512

ae437756a0416a7ff769f9529b69e330af2988cdaca0e7ee8631f5f7200d603d92f10634bd8123a67614e7a9582a7119965bde4d09bd11068eed5b4de30adefb
SSDEEP

49152:3UVwASO4GtlqRjIU6iQreBCKho0b3K6eCduwjhbalvHJjqwLu5CHs75C1OsZT14D:Rs+zjEuwLW572t8eub7DWBOuFl+

Score

1^/10

Malware Config

Signatures

Files

ForexwareCQGGateway64.exe
.exe windows x64

1a12456cae50f76fce8753d2405297e3

Code Sign

0f:a9:92:c4:1b:9b:ed:2f:7c:ed:a6:71:04:dc:7e:4e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/01/2021, 00:00

Not After

24/01/2022, 23:59

Subject

CN=ForexWare LLC,OU=Unknown,O=ForexWare LLC,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:f9:f9:d6:19:3a:ee:45:b3:5b:bc:3b:f7:48:6d:5f:55:0b:07:d3:5e:8b:16:65:bd:70:d7:f3:7e:71:01:d2
Signer

Actual PE Digest

0d:f9:f9:d6:19:3a:ee:45:b3:5b:bc:3b:f7:48:6d:5f:55:0b:07:d3:5e:8b:16:65:bd:70:d7:f3:7e:71:01:d2

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ForexWare LLC,OU=Unknown,O=ForexWare LLC,L=Jersey City,ST=New Jersey,C=US

16/03/2023, 15:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

setsockopt
shutdown
socket
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSAPoll
htons
ntohs
inet_addr
ntohl
getaddrinfo
freeaddrinfo
sendto
recvfrom
recv
listen
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
WSAGetLastError
select
__WSAFDIsSet
WSACleanup
send
WSASetLastError
WSAStartup

winmm

timeGetTime

kernel32

OpenProcess
GetSystemInfo
K32EnumProcesses
GetCurrentProcessId
GetProcessTimes
WaitForMultipleObjects
CreateFileW
GetFileTime
GetModuleFileNameW
GetFileAttributesW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentThreadId
SystemTimeToTzSpecificLocalTime
GetSystemTime
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
GetCurrentDirectoryW
SetLastError
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
GetTickCount
ReleaseSRWLockExclusive
GetVersionExA
GetVersionExW
GetComputerNameW
GetSystemTimeAsFileTime
ResetEvent
ReleaseMutex
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
HeapAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetStdHandle
ReadFile
SystemTimeToFileTime
WaitForSingleObjectEx
WriteFile
CreateThread
SetThreadPriority
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
GetConsoleScreenBufferInfo
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetConsoleTextAttribute
GetConsoleMode
WriteConsoleW
FlushFileBuffers
SwitchToFiber
DeleteFiber
CreateFiber
GetModuleHandleExW
GetFileType
ConvertFiberToThread
QueryPerformanceCounter
ConvertThreadToFiber
LoadLibraryA
SetConsoleMode
ReadConsoleA
ReadConsoleW
MoveFileExW
FindResourceW
LoadResource
FindResourceExW
RaiseException
CloseHandle
HeapReAlloc
LockResource
SetEvent
GetLastError
Sleep
MultiByteToWideChar
CreateEventW
HeapSize
WaitForSingleObject
InitializeCriticalSectionEx
HeapFree
SizeofResource
GetEnvironmentVariableW
CreateMutexW
SetFilePointer
RemoveDirectoryW
GetFileAttributesExW
DeleteFileW
GetSystemDirectoryW
GetTempPathW
GetLongPathNameW
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xruntime_error@std@@YAXPEBD@Z
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_XGetLastError@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
_Xtime_get_ticks
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0facet@locale@std@@IEAA@_K@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?classic@locale@std@@SAAEBV12@XZ
?pubsync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1facet@locale@std@@MEAA@XZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?putback@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@AEAD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?getline@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEA_W_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD4@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Strcoll
?id@?$collate@D@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_BADOFF@std@@3_JB
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Strxfrm
_Thrd_id
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z

vcruntime140

__std_type_info_compare
__C_specific_handler
__vcrt_InitializeCriticalSectionEx
__std_type_info_name
__RTtypeid
__RTDynamicCast
memcmp
memset
__CxxFrameHandler3
_CxxThrowException
wcschr
wcsrchr
strchr
memchr
wcsstr
__std_exception_copy
__std_exception_destroy
__std_terminate
_purecall
memmove
strrchr
strstr
memcpy

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcscspn
wcsspn
tolower
wcsncpy_s
wcsnlen
isalpha
isspace
wcsncmp
isdigit
strncmp
_stricmp
_strnicmp
strncpy
strspn
strcspn
strcmp
wcstok
wmemcpy_s
toupper

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_wsystem
system
_invalid_parameter_noinfo_noreturn
terminate
_register_thread_local_exe_atexit_callback
_c_exit
__p___wargv
strerror_s
__p___argc
strerror
_exit
exit
_initterm_e
_initterm
_invalid_parameter_noinfo
_errno
_get_initial_wide_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
raise
_beginthreadex
_set_app_type
signal
_initialize_wide_environment
_configure_wide_argv

api-ms-win-crt-heap-l1-1-0

realloc
free
_callnewh
calloc
_set_new_mode
malloc

api-ms-win-crt-stdio-l1-1-0

fputs
__stdio_common_vswscanf
ftell
fseek
fread
_fileno
fgets
ferror
feof
setvbuf
fgetpos
ungetc
fsetpos
_fseeki64
fwrite
_set_fmode
_get_stream_buffer_pointers
_wfopen
_setmode
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__stdio_common_vfprintf
__p__commode
fgetwc
__stdio_common_vsprintf
__stdio_common_vsnwprintf_s
_setmaxstdio
fgetc
__stdio_common_vsprintf_s
fflush
fputc
__stdio_common_vfprintf_s
__stdio_common_vsscanf
__stdio_common_vfwprintf
fputws
__acrt_iob_func
fopen
fclose
fputwc
ungetwc

api-ms-win-crt-time-l1-1-0

_mktime64
_gmtime64
_time64
strftime
__daylight
__timezone
_localtime64_s
wcsftime
_gmtime64_s
_localtime64

api-ms-win-crt-convert-l1-1-0

strtoull
_wtol
_wtoi64
atoi
strtol
strtoll
_wtoi
strtoul
strtod
_wtoll
_wtof

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_stat64i32
_unlock_file

api-ms-win-crt-math-l1-1-0

round
pow
_dtest
_fdtest
__setusermatherr
ceil
floor
_copysign

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

iphlpapi

GetAdaptersInfo

api-ms-win-crt-environment-l1-1-0

getenv

crypt32

CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a12456cae50f76fce8753d2405297e3

Code Sign

0f:a9:92:c4:1b:9b:ed:2f:7c:ed:a6:71:04:dc:7e:4eCertificate

Extended Key Usages

Key Usages

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:f9:f9:d6:19:3a:ee:45:b3:5b:bc:3b:f7:48:6d:5f:55:0b:07:d3:5e:8b:16:65:bd:70:d7:f3:7e:71:01:d2Signer

Signature Validations

Verification

16/03/2023, 15:37 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

iphlpapi

api-ms-win-crt-environment-l1-1-0

crypt32

advapi32

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 99KB - Virtual size: 175KB

.pdata Size: 311KB - Virtual size: 310KB

.tls Size: 512B - Virtual size: 29B

.gfids Size: 512B - Virtual size: 64B

0f:a9:92:c4:1b:9b:ed:2f:7c:ed:a6:71:04:dc:7e:4e
Certificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:f9:f9:d6:19:3a:ee:45:b3:5b:bc:3b:f7:48:6d:5f:55:0b:07:d3:5e:8b:16:65:bd:70:d7:f3:7e:71:01:d2
Signer

16/03/2023, 15:37
Valid: false

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 99KB - Virtual size: 175KB

.pdata
Size: 311KB - Virtual size: 310KB

.tls
Size: 512B - Virtual size: 29B

.gfids
Size: 512B - Virtual size: 64B