New folder[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

New folder.zip
Size

28.6MB
MD5

28db264323973e3a4e1d19f41e7e3d30
SHA1

805fb01c202cc33b8638495b05605258a171c55a
SHA256

d0f8d804fd2b83114e531095cd563e7c8bedc4830558448fc7f7feca93a551c2
SHA512

b26c7e2eaf91b389bf088bef8037b7a6593caaadbb55822183a193954f2458ff13952f63fcadae74d3a3b4727eea28bd27255dfca31670c0d10a9d503c77f210
SSDEEP

786432:nCFv0U/OT5IlgRw3zmp62pUzkBroLy56FDPPAWlNWWNpK81N5wFPa:CeyOgzmtpUQkUsDPPASWWNQYXwFPa

Score

1^/10

Malware Config

Signatures

Files

New folder.zip
.zip
BDDarkSideDecryptor.exe
.exe windows x86

c0bf34e100d570b80b7dce11087a79bc

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:32:b8:a4:68:df:3b:34:c0:09:a7:74:9a:68:29:f0
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/11/2020, 00:00

Not After

05/12/2023, 23:59

Subject

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:02:a4:0e:13:21:fb:40:cc:eb:94:78:22:46:bc:8d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/12/2020, 00:00

Not After

05/12/2023, 23:59

Subject

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cd:bd:51:bd:ab:c8:87:61:03:a9:f4:b5:11:b5:7f:07:08:db:e8:c0:8a:27:f7:a3:f7:bb:01:fe:43:87:c8:39
Signer

Actual PE Digest

cd:bd:51:bd:ab:c8:87:61:03:a9:f4:b5:11:b5:7f:07:08:db:e8:c0:8a:27:f7:a3:f7:bb:01:fe:43:87:c8:39

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

27/04/2021, 09:09
Valid: true

Chain 1

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

8e:ca:fa:1e:f9:a5:f7:c8:62:df:9d:1e:6b:03:46:27:a7:f5:5a:5e
Signer

Actual PE Digest

8e:ca:fa:1e:f9:a5:f7:c8:62:df:9d:1e:6b:03:46:27:a7:f5:5a:5e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

27/04/2021, 09:09
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
GetCommandLineW
WriteFile
GetTempPathW
CreateFileW
CloseHandle
GetNativeSystemInfo
LoadResource
FindResourceW
CreateProcessW
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess

user32

wsprintfW
MessageBoxW

shell32

SHFileOperationW

vcruntime140

wcschr
__std_exception_destroy
memset
__current_exception
memcpy
_CxxThrowException
__std_exception_copy
_except_handler4_common
__current_exception_context

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_initterm
_c_exit
terminate
_cexit
_initterm_e
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
__p___argv
__p___argc
_controlfp_s
_exit
exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HitmanPro_x64.exe
.exe windows x64

2b1ae11ec9968601c8cbc262fb77ef9b

Code Sign

08:dd:b1:21:46:af:98:58:66:34:08:e9:86:29:82:8b
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/01/2021, 00:00

Not After

21/03/2023, 23:59

Subject

CN=SurfRight B.V.,O=SurfRight B.V.,L=Hengelo,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:c1:ba:de:f1:c7:ce:4d:a3:8c:32:54:a2:33:0f:a7:1b:8b:21:3f:af:ee:77:c9:e7:f7:45:65:7b:66:ba:d4
Signer

Actual PE Digest

10:c1:ba:de:f1:c7:ce:4d:a3:8c:32:54:a2:33:0f:a7:1b:8b:21:3f:af:ee:77:c9:e7:f7:45:65:7b:66:ba:d4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=SurfRight B.V.,O=SurfRight B.V.,L=Hengelo,C=NL

30/05/2022, 06:49
Valid: true

Chain 1

CN=SurfRight B.V.,O=SurfRight B.V.,L=Hengelo,C=NL

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleW
GetLastError
WaitForMultipleObjects
CreateEventW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
SignalObjectAndWait
TerminateThread
Sleep
VirtualAlloc
VirtualFree
OpenProcess
VirtualQueryEx
WaitForSingleObjectEx
CreateWaitableTimerW
SetWaitableTimer
GetVersion
LocalAlloc
LocalFree
GetProcAddress
GlobalMemoryStatus
FreeLibrary
Heap32ListNext
Heap32Next
QueryPerformanceCounter
Heap32First
Heap32ListFirst
GetTickCount
GetSystemTimeAsFileTime
Thread32First
Thread32Next
VirtualUnlock
LoadLibraryA
Process32FirstW
VirtualLock
Module32FirstW
GetSystemInfo
Process32NextW
CreateToolhelp32Snapshot
GetCurrentThreadId
Module32NextW
GetCurrentProcessId
QueryPerformanceFrequency
SetThreadPriority
GetCurrentThread
SystemTimeToFileTime
LocalFileTimeToFileTime
CompareFileTime
GetLocalTime
FileTimeToSystemTime
SetLastError
GetSystemDirectoryW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
CreateFileW
DeviceIoControl
GetFileInformationByHandle
GetModuleHandleA
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
OutputDebugStringW
WriteFile
ReadFile
PeekNamedPipe
WaitNamedPipeW
GetCalendarInfoW
GetFileSizeEx
FormatMessageW
FileTimeToLocalFileTime
GetLocaleInfoW
TryEnterCriticalSection
GetTempPathW
RemoveDirectoryW
FindFirstFileW
FindClose
FindNextFileW
GetFileAttributesW
GetCurrentProcess
RegisterWaitForSingleObject
UnregisterWaitEx
FlushFileBuffers
DisconnectNamedPipe
GetOverlappedResult
GetComputerNameW
GetFileAttributesExW
GetFileTime
SetFileTime
ResumeThread
GetCommandLineW
CreateProcessW
ConvertDefaultLocale
GetLogicalDriveStringsW
QueryDosDeviceW
SetThreadAffinityMask
DeleteFileW
GetModuleFileNameW
SetErrorMode
GetStdHandle
GetDriveTypeW
GetVolumeInformationW
GetFileSize
GetModuleHandleExA
SetFileAttributesW
CopyFileW
TerminateProcess
GetNumberFormatW
GetVersionExW
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetProcessTimes
LoadLibraryW
GlobalAlloc
OpenEventW
AllocConsole
LoadLibraryExW
MultiByteToWideChar
SetUnhandledExceptionFilter
VirtualProtect
VirtualQuery
OpenThread
SuspendThread
GetThreadContext
SetThreadContext
SearchPathW
GetSystemDirectoryA
LoadLibraryExA
DuplicateHandle
CreateSemaphoreW
ReleaseSemaphore
GetEnvironmentVariableW
WideCharToMultiByte
GetSystemWow64DirectoryW
GetSystemTime
GetExitCodeProcess
CreateHardLinkW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetVolumeInformationA
ExpandEnvironmentStringsW
SetHandleInformation
CreateNamedPipeW
ConnectNamedPipe
GetThreadPriority
GetLongPathNameW
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
MoveFileW
GetCurrentDirectoryW
GetCurrentDirectoryA
GlobalFree
SetEndOfFile
SetFilePointerEx
FormatMessageA
GetFullPathNameW
GetFullPathNameA
CreateFileA
CreateMutexW
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
UnlockFile
LockFile
UnlockFileEx
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
OutputDebugStringA
GetVersionExA
GetTempPathA
AreFileApisANSI
DeleteFileA
ExitProcess
SetNamedPipeHandleState
GetStringTypeW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleExW
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetACP
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetFileType
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
SetEnvironmentVariableW
SetEnvironmentVariableA
lstrlenA

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9.3MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NPE.exe
.exe windows x64

6e0dcaca7f0e80510d06b4087b95e6f7

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:be:91:35:61:37:61:3e:57:68:3e:60:3e:c5:38:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/05/2021, 00:00

Not After

21/05/2024, 23:59

Subject

CN=NortonLifeLock Inc.,OU=Norton Product Engineering - CM,O=NortonLifeLock Inc.,L=Tempe,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:17:85:6e:8e:34:bc:b7:30:de:59:cc:d4:ea:5a:b7:45:6e:72:07:67:c5:ed:d1:57:b8:38:9c:88:67:4c:8e
Signer

Actual PE Digest

5d:17:85:6e:8e:34:bc:b7:30:de:59:cc:d4:ea:5a:b7:45:6e:72:07:67:c5:ed:d1:57:b8:38:9c:88:67:4c:8e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=NortonLifeLock Inc.,OU=Norton Product Engineering - CM,O=NortonLifeLock Inc.,L=Tempe,ST=Arizona,C=US

07/07/2022, 19:40
Valid: true

Chain 1

CN=NortonLifeLock Inc.,OU=Norton Product Engineering - CM,O=NortonLifeLock Inc.,L=Tempe,ST=Arizona,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
ord74
DragQueryFileW
SHGetFileInfoW
ord727
ord190
ord155
SHOpenFolderAndSelectItems
SHGetKnownFolderPath
CommandLineToArgvW

rpcrt4

UuidToStringW
UuidCreate
UuidCompare
RpcStringFreeW
UuidFromStringW

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW

ws2_32

WSAGetLastError
inet_addr
WSAAddressToStringW
socket
htonl
htons
bind
closesocket
listen
ntohs
gethostbyname
inet_ntoa
accept
setsockopt
connect
select
recv
send
shutdown
gethostname
ioctlsocket
freeaddrinfo
getaddrinfo
__WSAFDIsSet
gethostbyaddr
getservbyport
getservbyname
WSASetLastError
WSAStartup
WSACleanup
WSAStringToAddressW

kernel32

lstrcmpW
OutputDebugStringW
WaitForMultipleObjectsEx
CreateSemaphoreA
Module32FirstW
Module32NextW
CreateMutexW
IsDebuggerPresent
FindFirstVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
GetFileType
FindNextVolumeW
GetVolumeInformationByHandleW
GetFileSize
SetEndOfFile
OpenMutexW
ReleaseMutex
TryEnterCriticalSection
CreateThread
TerminateThread
SetThreadPriority
GetThreadPriority
ExitThread
lstrlenW
GetSystemDefaultUILanguage
GetCommandLineW
lstrcpyW
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
CreateEventW
OpenEventW
SetEvent
ResetEvent
GetProcessTimes
RtlCaptureContext
CreateWaitableTimerW
CancelWaitableTimer
SetWaitableTimer
RegisterWaitForSingleObject
UnregisterWaitEx
lstrlenA
GlobalSize
WaitForMultipleObjects
CreateSemaphoreW
ReadProcessMemory
VirtualQuery
SetUnhandledExceptionFilter
SetFilePointerEx
LCMapStringW
TlsFree
GetCPInfo
RtlLookupFunctionEntry
RtlVirtualUnwind
DuplicateHandle
TerminateProcess
GetBinaryTypeW
GetUserGeoID
GetNumberFormatW
GetGeoInfoW
GetSystemWindowsDirectoryW
GetComputerNameW
LoadLibraryW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetDllDirectoryW
FlushFileBuffers
SystemTimeToTzSpecificLocalTime
GetLocalTime
GetTimeZoneInformation
GetUserDefaultUILanguage
GetFileTime
GetDriveTypeW
GetWindowsDirectoryW
GetCurrentDirectoryW
SetFilePointer
WriteFile
GetLongPathNameW
GetFullPathNameW
ReadFile
CompareStringW
InitializeCriticalSectionAndSpinCount
GetCurrentThread
GetTempPathW
QueryDosDeviceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetSystemTime
CreatePipe
MulDiv
GetModuleHandleExW
GetDiskFreeSpaceExW
GetDateFormatW
GetTimeFormatW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
InitializeCriticalSection
SetLastError
GetVolumeInformationW
GetSystemDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileExW
DeviceIoControl
GlobalMemoryStatusEx
GetCurrentProcess
GetExitCodeProcess
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoW
GetSystemInfo
ResumeThread
GetSystemDefaultLCID
ExpandEnvironmentStringsW
OpenProcess
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
WTSGetActiveConsoleSessionId
GetCurrentProcessId
ProcessIdToSessionId
WideCharToMultiByte
RemoveDirectoryW
GetFileSizeEx
GetSystemTime
SystemTimeToFileTime
CreateDirectoryW
WaitForSingleObject
FormatMessageW
LocalAlloc
CopyFileW
GetFileAttributesExW
FindNextFileW
FindFirstFileW
FindClose
GetFileAttributesW
GetTickCount
MultiByteToWideChar
lstrcmpiW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetErrorMode
RaiseException
DecodePointer
FileTimeToSystemTime
GetModuleHandleW
FileTimeToLocalFileTime
CompareFileTime
MoveFileW
CreateProcessW
CloseHandle
SetFileInformationByHandle
SetFileAttributesW
DeleteFileW
CreateFileW
GetModuleFileNameW
Sleep
WaitForSingleObjectEx
ReleaseSemaphore
LocalFree
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
TlsSetValue
TlsGetValue
TlsAlloc
FlushInstructionCache
QueueUserWorkItem
IsProcessorFeaturePresent
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
GetStringTypeW
lstrcmpA
LCMapStringA
WritePrivateProfileSectionW
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
FormatMessageA
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
GetTempPathA
GetTempFileNameA
GetLogicalDriveStringsW
GetPrivateProfileSectionW
BackupWrite
BackupRead
GetLocaleInfoA
GetSystemDirectoryA
LoadLibraryA
DeleteVolumeMountPointW
MapViewOfFileEx
GetVolumeNameForVolumeMountPointW
CreateProcessA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
QueryPerformanceFrequency
QueryPerformanceCounter
EncodePointer
RtlPcToFileHeader
LoadLibraryExA
VirtualProtect
GetFileInformationByHandle
EnumSystemLocalesW
IsValidLocale
WriteConsoleW
SetStdHandle
GetACP
GetStdHandle
GetConsoleCP
ReadConsoleW
GetConsoleMode
RtlUnwindEx
ExitProcess
GetCurrencyFormatW
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
LocalSize
CompareStringA
GetUserDefaultLangID
GetModuleFileNameA
AllocConsole

user32

EmptyClipboard
SetClipboardData
CloseClipboard
PostThreadMessageW
CharPrevW
MsgWaitForMultipleObjectsEx
IsWindowUnicode
GetMessageA
GetMessageW
DispatchMessageA
PeekMessageW
LoadIconW
IsCharAlphaNumericW
UnregisterClassW
CharNextW
LoadImageW
GetMenuItemCount
EnableMenuItem
GetSystemMenu
GetSystemMetrics
ShowWindow
DestroyWindow
IsWindow
PostMessageW
SendMessageW
wsprintfW
GetClipboardSequenceNumber
GetClipboardData
IsClipboardFormatAvailable
EnumClipboardFormats
CountClipboardFormats
RegisterClipboardFormatW
UpdateLayeredWindow
SetCaretPos
CreateCaret
GetKeyboardLayout
DestroyCaret
LoadStringW
RedrawWindow
RegisterClassW
BeginPaint
EndPaint
SetParent
AllowSetForegroundWindow
MessageBeep
DestroyIcon
DrawIconEx
GetIconInfo
CreateIconIndirect
GetSysColor
SetScrollInfo
DeferWindowPos
GetScrollInfo
WindowFromPoint
SetClassLongW
BeginDeferWindowPos
GetAsyncKeyState
GetCapture
IsChild
GetDoubleClickTime
MoveWindow
MessageBoxW
IsRectEmpty
SetCapture
EndDeferWindowPos
EnumThreadWindows
GetClassLongW
ReleaseCapture
InvalidateRect
EnumDisplayMonitors
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowPlacement
MonitorFromPoint
DeleteMenu
TrackPopupMenuEx
GetMenuItemID
KillTimer
IsZoomed
GetKeyState
GetWindowTextW
OffsetRect
EqualRect
GetLayeredWindowAttributes
GetFocus
GetAncestor
CreateWindowExW
IsMenu
GetMenuState
FlashWindowEx
UpdateWindow
EnableWindow
SetWindowTextW
SetTimer
NotifyWinEvent
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
AdjustWindowRectEx
WaitMessage
GetActiveWindow
GetWindowDC
SetFocus
PostQuitMessage
AnimateWindow
SetWindowLongW
RegisterClassExW
GetClassInfoExW
GetWindow
EnumDisplayDevicesW
LoadCursorFromFileA
DestroyCursor
SendMessageTimeoutW
CopyRect
SetCursor
SetClassLongPtrW
LoadCursorW
PtInRect
ScreenToClient
GetCursorPos
RegisterWindowMessageW
OpenClipboard
SetActiveWindow
SetWindowPos
SetForegroundWindow
GetForegroundWindow
FlashWindow
IsIconic
IsWindowVisible
FindWindowW
GetWindowLongW
FindWindowExW
AttachThreadInput
GetWindowThreadProcessId
MonitorFromWindow
ReleaseDC
ClientToScreen
GetDC
GetDesktopWindow
SystemParametersInfoW
DispatchMessageW
GetMessageTime
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
DefWindowProcW
TranslateMessage

gdi32

SaveDC
GetClipBox
RestoreDC
BitBlt
GetFontUnicodeRanges
EnumFontFamiliesExW
GetObjectA
GetGlyphIndicesW
SetViewportOrgEx
GetDeviceCaps
GetObjectW
SetLayout
GetStockObject
CreateBitmap
AddFontMemResourceEx
CreateCompatibleDC
CreateDIBSection
SelectObject
StartPage
EndDoc
CreateDCW
SetMapMode
StartDocW
EndPage
GetLayout
DeleteDC
DeleteObject
GetDIBits
CreateFontW

advapi32

AddAce
AccessCheck
SetThreadToken
EnableTraceEx
RegNotifyChangeKeyValue
DeleteService
ControlService
RegUnLoadKeyW
RegLoadKeyW
CloseEncryptedFileRaw
WriteEncryptedFileRaw
ReadEncryptedFileRaw
OpenEncryptedFileRawW
LookupAccountSidW
GetKernelObjectSecurity
ChangeServiceConfigW
QueryServiceConfigW
SetKernelObjectSecurity
LookupPrivilegeNameW
QueryServiceStatusEx
CloseServiceHandle
MakeAbsoluteSD
RegOpenKeyW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
ImpersonateSelf
RegEnumValueW
RegQueryValueExW
InitiateSystemShutdownW
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
CreateWellKnownSid
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
OpenThreadToken
ConvertSidToStringSidW
CreateProcessAsUserW
SetTokenInformation
StartServiceW
OpenServiceW
OpenSCManagerW
InitiateSystemShutdownExW
RegDisablePredefinedCache
QueryServiceStatus
MapGenericMask
SetSecurityInfo
GetSecurityInfo
DuplicateToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetAce
GetAclInformation
RegEnumKeyW
InitializeAcl
EqualSid
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
OpenProcessToken
EnumerateTraceGuids
QueryTraceW
FlushTraceW
StopTraceW
EnableTrace
StartTraceW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ControlTraceW
TraceMessage
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
ConvertStringSidToSidW
CreateServiceW
GetUserNameW

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoInitializeSecurity
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium
DoDragDrop
CoTaskMemAlloc
PropVariantCopy
PropVariantClear
StgCreateStorageEx
StgOpenStorageEx
StringFromIID
CoInitializeEx
CoSetProxyBlanket
CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemRealloc
OleRun
IIDFromString

oleaut32

SafeArrayCopy
SafeArrayCreateVector
SafeArrayRedim
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnlock
SafeArrayCreate
VariantCopyInd
SysStringByteLen
SysAllocStringByteLen
VarBstrFromDate
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
SysStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString
VarUI4FromStr
GetErrorInfo
SafeArrayDestroy

shlwapi

PathAddBackslashW
PathMatchSpecW
PathFileExistsW
UrlCanonicalizeW
UrlEscapeW
ord12
PathCombineW
PathFindOnPathW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathIsUNCServerW
SHDeleteKeyW
PathSkipRootW
PathIsUNCW
PathIsURLW
PathRemoveFileSpecW

imm32

ImmAssociateContextEx
ImmIsIME
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
ImmNotifyIME

gdiplus

GdipGetClipBoundsI
GdipSetPenLineJoin
GdipBitmapLockBits
GdipTranslateMatrix
GdipDrawString
GdipDrawPath
GdipFree
GdipCreateImageAttributes
GdipGetSmoothingMode
GdipTransformPoints
GdipClosePathFigure
GdipSetClipRectI
GdipSetPageUnit
GdipAddPathEllipse
GdipFillRectangle
GdipSetPixelOffsetMode
GdipDrawRectangle
GdipAddPathLineI
GdipDrawLine
GdipCreateFromHWND
GdipSetPenDashStyle
GdipGraphicsClear
GdipMultiplyWorldTransform
GdipSetPenDashArray
GdipGetPathWorldBounds
GdipFillPath
GdipShearMatrix
GdipFillPie
GdipSetStringFormatTrimming
GdipResetPath
GdipGetFontStyle
GdipCreateSolidFill
GdipSetPathGradientWrapMode
GdipGetCellDescent
GdipCreateFromHDC
GdipSetLinePresetBlend
GdipSetPenMiterLimit
GdipSetStringFormatLineAlign
GdipCreatePath
GdipCreateLineBrush
GdipSetPenEndCap
GdipBeginContainer2
GdipCreateTexture
GdipSetTextRenderingHint
GdipGetCellAscent
GdipDrawEllipse
GdipRestoreGraphics
GdipCloneBrush
GdipSetPenDashOffset
GdipMeasureString
GdipGetFontHeightGivenDPI
GdipGetImageGraphicsContext
GdipDrawPie
GdipFillRectangleI
GdipAddPathArc
GdipDeleteGraphics
GdipClonePath
GdipDrawArc
GdipDeleteStringFormat
GdipStartPathFigure
GdipGetFontSize
GdipGetImageWidth
GdipTranslateWorldTransform
GdipDeletePen
GdipCreateBitmapFromScan0
GdipAddPathString
GdipSetPathFillMode
GdipCreatePen1
GdipEndContainer
GdipSetSmoothingMode
GdipSetStringFormatAlign
GdipSetInterpolationMode
GdipDisposeImage
GdipCreateMatrix
GdipCreatePathGradientFromPath
GdipDeletePath
GdipDisposeImageAttributes
GdipAddPathBezier
GdipCreateMatrix2
GdipAlloc
GdipScaleMatrix
GdipRotateMatrix
GdipIsVisiblePathPoint
GdipDeleteBrush
GdipBitmapUnlockBits
GdipSetPenStartCap
GdipCloneImage
GdipDeleteMatrix
GdipFillRectanglesI
GdipSetPathGradientCenterPoint
GdipSetClipRect
GdipSetPathGradientTransform
GdipSetLineWrapMode
GdipDrawImageRectRect
GdipSaveGraphics
GdipAddPathArcI
GdipGetEmHeight
GdipAddPathRectangleI
GdipDrawDriverString
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromGraphics
GdipDrawImageI
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromLogfontA
GdipGetLineSpacing
GdipCreateFontFromDC
GdipDeleteFont
GdipAddPathLine
GdipMultiplyLineTransform
GdipCreateStringFormat
GdipDeleteFontFamily
GdipSetPathGradientPresetBlend
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipSetCompositingQuality
GdipGetFamily
GdipFillEllipse
GdipCreatePen2

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

msi

ord205

comdlg32

GetSaveFileNameW
CommDlgExtendedError
PrintDlgW
GetOpenFileNameW

Sections

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 269KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
downlaod.ps1
.ps1
startup.exe
.exe windows x86

48be680d38507861606a68535f1bb4d8

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:32:4d:b4:1f:39:59:90:85:27:7d:e7:1b:2e:e9:6b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/09/2021, 00:00

Not After

27/09/2023, 23:59

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:32:4d:b4:1f:39:59:90:85:27:7d:e7:1b:2e:e9:6b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/09/2021, 00:00

Not After

27/09/2023, 23:59

Subject

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bf:ab:0f:6a:0d:1d:45:8e:81:92:51:ff:45:1b:48:cf:9e:0e:fb:79:b7:f3:38:6d:64:f1:00:c1:ab:96:bd:3c
Signer

Actual PE Digest

bf:ab:0f:6a:0d:1d:45:8e:81:92:51:ff:45:1b:48:cf:9e:0e:fb:79:b7:f3:38:6d:64:f1:00:c1:ab:96:bd:3c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

23/03/2023, 16:05
Valid: true

Chain 1

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

15:e8:49:ec:94:e2:f0:a8:ec:00:37:61:10:83:e7:09:f4:94:41:08
Signer

Actual PE Digest

15:e8:49:ec:94:e2:f0:a8:ec:00:37:61:10:83:e7:09:f4:94:41:08

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

23/03/2023, 16:05
Valid: true

Chain 1

SERIALNUMBER=1027739867473,CN=Kaspersky Lab JSC,O=Kaspersky Lab JSC,L=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
RaiseException
ResetEvent
HeapAlloc
DeleteCriticalSection
GetProcessHeap
LocalAlloc
OpenProcess
DeleteFileW
RemoveDirectoryW
GetModuleFileNameW
GetLastError
GetCurrentProcessId
CreateProcessW
CreateFileW
ReadFile
FormatMessageW
ExpandEnvironmentStringsW
GetModuleHandleW
GetTempPathW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
LoadLibraryExW
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetModuleHandleA
GetCurrentProcess
GetCurrentDirectoryW
MoveFileW
GetLocalTime
Sleep
GetCurrentThreadId
SetUnhandledExceptionFilter
GetWindowsDirectoryW
CompareStringW
LoadLibraryW
SetLastError
TlsSetValue
VirtualProtect
VirtualAlloc
TlsAlloc
GetSystemInfo
FlushInstructionCache
TlsGetValue
TlsFree
GetTickCount
VirtualQuery
LoadLibraryExA
FindResourceExW
LoadResource
LockResource
SizeofResource
WriteFile
SetFilePointer
FindNextFileW
FindClose
MoveFileExW
GetTempFileNameW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WideCharToMultiByte
GetStringTypeW
FindFirstFileExW
SetFilePointerEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
WriteConsoleW

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0bf34e100d570b80b7dce11087a79bc

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0d:32:b8:a4:68:df:3b:34:c0:09:a7:74:9a:68:29:f0Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

0b:02:a4:0e:13:21:fb:40:cc:eb:94:78:22:46:bc:8dCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

cd:bd:51:bd:ab:c8:87:61:03:a9:f4:b5:11:b5:7f:07:08:db:e8:c0:8a:27:f7:a3:f7:bb:01:fe:43:87:c8:39Signer

Signature Validations

Verification

27/04/2021, 09:09 Valid: true

Chain 1

8e:ca:fa:1e:f9:a5:f7:c8:62:df:9d:1e:6b:03:46:27:a7:f5:5a:5eSigner

Signature Validations

Verification

27/04/2021, 09:09 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 9.5MB - Virtual size: 9.5MB

.reloc Size: 1024B - Virtual size: 884B

2b1ae11ec9968601c8cbc262fb77ef9b

Code Sign

08:dd:b1:21:46:af:98:58:66:34:08:e9:86:29:82:8bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

10:c1:ba:de:f1:c7:ce:4d:a3:8c:32:54:a2:33:0f:a7:1b:8b:21:3f:af:ee:77:c9:e7:f7:45:65:7b:66:ba:d4Signer

Signature Validations

Verification

30/05/2022, 06:49 Valid: true

Chain 1

Headers

DLL Characteristics

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0d:32:b8:a4:68:df:3b:34:c0:09:a7:74:9a:68:29:f0
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

0b:02:a4:0e:13:21:fb:40:cc:eb:94:78:22:46:bc:8d
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

cd:bd:51:bd:ab:c8:87:61:03:a9:f4:b5:11:b5:7f:07:08:db:e8:c0:8a:27:f7:a3:f7:bb:01:fe:43:87:c8:39
Signer

27/04/2021, 09:09
Valid: true

8e:ca:fa:1e:f9:a5:f7:c8:62:df:9d:1e:6b:03:46:27:a7:f5:5a:5e
Signer

27/04/2021, 09:09
Valid: false

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 9.5MB - Virtual size: 9.5MB

.reloc
Size: 1024B - Virtual size: 884B

08:dd:b1:21:46:af:98:58:66:34:08:e9:86:29:82:8b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

10:c1:ba:de:f1:c7:ce:4d:a3:8c:32:54:a2:33:0f:a7:1b:8b:21:3f:af:ee:77:c9:e7:f7:45:65:7b:66:ba:d4
Signer

30/05/2022, 06:49
Valid: true

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 80KB - Virtual size: 102KB

.pdata
Size: 117KB - Virtual size: 116KB

.rsrc
Size: 9.3MB - Virtual size: 9.3MB

.reloc
Size: 20KB - Virtual size: 19KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:be:91:35:61:37:61:3e:57:68:3e:60:3e:c5:38:bd
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

5d:17:85:6e:8e:34:bc:b7:30:de:59:cc:d4:ea:5a:b7:45:6e:72:07:67:c5:ed:d1:57:b8:38:9c:88:67:4c:8e
Signer

07/07/2022, 19:40
Valid: true

.text
Size: 8.5MB - Virtual size: 8.5MB

IPPCODE
Size: 114KB - Virtual size: 114KB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 269KB - Virtual size: 323KB

.pdata
Size: 349KB - Virtual size: 348KB

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 93KB - Virtual size: 93KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:32:4d:b4:1f:39:59:90:85:27:7d:e7:1b:2e:e9:6b
Certificate