Desktop[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Desktop.zip
Size

11.4MB
MD5

5d86b65e545d06d15e30a1abedf93530
SHA1

8fb3c5130fbd42bd1d58f52de7a57c4c3e9aa2b1
SHA256

e7bf6176eb0f048d92c32f88265fb268e1fcb95c010b8ac561a830b20be0b756
SHA512

840c5800d7c8fa028355e87d71a892dd9f159bb163acd9a5dd9b7ca2f4e3cb798fc1df72f3b3d892157bc6d05cddfe19aeda353b51a20c8f71bc2a68b156e423
SSDEEP

196608:W+3KoQgBGPNXVbT/NKykyvHdwjuTujHi+OgDWOzuAwLJCM4E3mMqG:W+3KoQHlbT/UykyEbLOgRzuAwLJCM4K/

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
static1/unpack001/d69dc8e0a175d54082c6f8650294e8a243536ca6183f4f62050f8bc017d05f67.exe	pyinstaller

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/4922d2660f30b4a1729b6861093b491a60ab49586545106b24af2840aa690ac5.exe
unpack001/79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe
unpack001/d69dc8e0a175d54082c6f8650294e8a243536ca6183f4f62050f8bc017d05f67.exe
unpack001/dff2cf279301edf6166a5f144b93922f245bbfe58030e0633497f4271f6a763f.exe
unpack001/e5420803485f33ca53c3314eb2a77370bf936083e5d32e1e0a53427731aed418.exe

Files

Desktop.zip
.zip

Password: infected
2bc78e0d14294e35e680b1a6d530adb0cdd04090e1f2bda2f7a4571b8265162d.exe
.exe windows x64

015c6cfe615d839fa3dadcd6c55887d2

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-03-2021 00:00

Not After

29-02-2024 23:59

Subject

CN=Beijing Huorong Network Technology Co.\, Ltd.,O=Beijing Huorong Network Technology Co.\, Ltd.,POSTALCODE=100012,STREET=3rd Floor\, Ruipu Building D\, Courtyard 15\, Hongjunying South Road\, Chao Yang District,L=Beijing Shi,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:ab:46:34:2e:f7:1f:1c:cb:f9:96:56:81:d7:54:cb:7e:5a:8b:bc:0a:26:d0:f2:70:5c:cd:b1:13:79:62:1c
Signer

Actual PE Digest

5b:ab:46:34:2e:f7:1f:1c:cb:f9:96:56:81:d7:54:cb:7e:5a:8b:bc:0a:26:d0:f2:70:5c:cd:b1:13:79:62:1c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
4922d2660f30b4a1729b6861093b491a60ab49586545106b24af2840aa690ac5.exe
.exe windows x64

98037a21875e194c60b139b37700bdeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesA
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadLocale
HeapAlloc
HeapFree
HeapQueryInformation
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
WideCharToMultiByte
WriteConsoleW
WriteFile

ntdll

RtlIpv6StringToAddressA

Sections

.text
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lorderf
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lprfn
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 92B

.trace
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voltbl
Size: 512B - Virtual size: 46B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4e14f58935961de4c602799826fe779776890a35ab1472ef4501377bfc413361.exe
.exe windows x64

b12a88a6d4dc103cbe09c45e281dcfec

Code Sign

7a:03:60:6f:fd:1a:7f:86:4c:03:b5:04:b7:ea:41:3c
Certificate

Issuer

CN=Microsoft Corporation,C=USA

Not Before

16-06-2023 11:13

Not After

30-12-2035 16:00

Subject

CN=Microsoft Corporation,C=USA

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:cf:65:b7:10:b2:49:7c:7a:03:fd:94:ed:96:44:33:02:5b:f2:9e
Signer

Actual PE Digest

64:cf:65:b7:10:b2:49:7c:7a:03:fd:94:ed:96:44:33:02:5b:f2:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
EnumSystemLocalesA
CloseHandle
CreateFileW
ReadConsoleW
ReadFile
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapSize
HeapValidate
GetSystemInfo
GetCurrentThread
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetProcessHeap
SetConsoleCtrlHandler
HeapFree
HeapReAlloc
HeapQueryInformation
WriteConsoleW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
RtlUnwind

ntdll

RtlIpv6StringToAddressA

Sections

.text
Size: 898KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
64b9d76ec0d30f2875691f8b230e5caf8cddfa50ba1a763d59680473b2be0a52.exe
.exe windows x64

b742a9a2aea725d3e2d8a21fc7ad4032

Code Sign

7a:03:60:6f:fd:1a:7f:86:4c:03:b5:04:b7:ea:41:3c
Certificate

Issuer

CN=Microsoft Corporation,C=USA

Not Before

16-06-2023 11:13

Not After

30-12-2035 16:00

Subject

CN=Microsoft Corporation,C=USA

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:50:3a:47:18:d6:b9:c5:eb:3d:84:92:ee:2b:cf:1c:7a:4c:f8:93
Signer

Actual PE Digest

13:50:3a:47:18:d6:b9:c5:eb:3d:84:92:ee:2b:cf:1c:7a:4c:f8:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetProcAddress
HeapCreate
HeapAlloc
EnumUILanguagesA
CreateFileW
ReadConsoleW
ReadFile
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapSize
HeapValidate
GetSystemInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetCurrentThread
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
HeapFree
HeapReAlloc
HeapQueryInformation
WriteConsoleW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
CloseHandle
RtlUnwind

ntdll

RtlIpv6StringToAddressA

Sections

.text
Size: 898KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
79f68c9a2d1fdd27465c2cc6e2e90da2e2a6d90a5346ab5b109b64fb7457b6ee.exe
.exe windows x64

336ea03f063d70d7828b1ca79d23bc32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlUnwindEx
GetACP
CloseHandle
LocalFree
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
VirtualFree
GetFullPathNameW
GetProcessHeap
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
SetFilePointerEx
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
GetLastError
GetModuleFileNameW
SetLastError
GetNativeSystemInfo
lstrlenA
CreateThread
CompareStringW
GetFileSizeEx
lstrcpyA
LoadLibraryA
ResetEvent
GetVersion
RaiseException
OpenProcess
FormatMessageW
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
LoadLibraryExW
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
SuspendThread
GetTickCount
lstrcmpiA
GetStartupInfoW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
GetLogicalProcessorInformation
IsValidLocale
TlsSetValue
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
CreateEventW
QueryFullProcessImageNameW
SetThreadLocale
GetThreadLocale

ole32

CoInitialize
CoUninitialize

user32

CharLowerBuffW
PeekMessageW
CharUpperW
GetSystemMetrics
wsprintfW
MessageBoxA
MessageBoxW
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
GetCursorPos

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

msvcrt

_strlwr

advapi32

CryptDeriveKey
CryptGetKeyParam
CryptSetKeyParam
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
RegOpenKeyExW
CryptGetHashParam
CryptReleaseContext
RegQueryValueExW
RegCloseKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptAcquireContextW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 49KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 584B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c984a9446b24e7a75a7b034c5074e483fce1cace1591119c1a462d0cb2d509d3.exe
.exe windows x64

b742a9a2aea725d3e2d8a21fc7ad4032

Code Sign

7a:03:60:6f:fd:1a:7f:86:4c:03:b5:04:b7:ea:41:3c
Certificate

Issuer

CN=Microsoft Corporation,C=USA

Not Before

16-06-2023 11:13

Not After

30-12-2035 16:00

Subject

CN=Microsoft Corporation,C=USA

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:10:f2:7c:f9:77:c1:2c:8f:c1:7d:42:75:76:d8:02:1b:ac:07:d6
Signer

Actual PE Digest

0b:10:f2:7c:f9:77:c1:2c:8f:c1:7d:42:75:76:d8:02:1b:ac:07:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetProcAddress
HeapCreate
HeapAlloc
EnumUILanguagesA
CreateFileW
ReadConsoleW
ReadFile
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapSize
HeapValidate
GetSystemInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetCurrentThread
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
HeapFree
HeapReAlloc
HeapQueryInformation
WriteConsoleW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
CloseHandle
RtlUnwind

ntdll

RtlIpv6StringToAddressA

Sections

.text
Size: 898KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d69dc8e0a175d54082c6f8650294e8a243536ca6183f4f62050f8bc017d05f67.exe
.exe windows x64

d170e2e5adcfc4c271f2eb78a565305e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
GetStartupInfoW
FreeLibrary
LoadLibraryExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
GetProcAddress
GetModuleFileNameW
SetDllDirectoryW
CreateProcessW
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RaiseException
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dff2cf279301edf6166a5f144b93922f245bbfe58030e0633497f4271f6a763f.exe
.exe windows x64

f0ea7b7844bbc5bfa9bb32efdcea957c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 563KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 801KB - Virtual size: 801KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e5420803485f33ca53c3314eb2a77370bf936083e5d32e1e0a53427731aed418.exe
.exe windows x86

1f992f6e403a8604f4a7627d72991953

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
CreateFileW
SetEnvironmentVariableA
FindFirstFileA
UnmapViewOfFile
GetLastError
CreateFileA
GetTimeZoneInformation
VirtualProtect
GetDriveTypeW
GetCurrentDirectoryW
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
QueryPerformanceCounter
WaitForMultipleObjects
PeekNamedPipe
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
CompareStringW
LCMapStringW
GetStringTypeW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
GetConsoleMode
GetConsoleCP
GetStdHandle
IsValidCodePage
VirtualAlloc
GetSystemInfo
InterlockedDecrement
InterlockedIncrement
lstrcpyA
ResumeThread
CreateProcessA
UpdateProcThreadAttribute
GetProcessHeap
HeapAlloc
InitializeProcThreadAttributeList
OpenProcess
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
VirtualQuery
HeapReAlloc
RaiseException
CreateThread
ExitThread
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapFree
ExitProcess
DecodePointer
EncodePointer
FindResourceExW
SearchPathA
Sleep
GetProfileIntA
InitializeCriticalSectionAndSpinCount
GetNumberFormatA
GetWindowsDirectoryA
GetTickCount
GetTempPathA
SetErrorMode
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiA
GetStringTypeExA
GetACP
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
CopyFileA
GlobalSize
FormatMessageA
LocalFree
lstrlenW
MulDiv
GetFullPathNameA
GetTempFileNameA
GetFileTime
GlobalGetAtomNameA
GlobalFindAtomA
GetVersionExA
LoadLibraryW
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
WaitForSingleObject
SetThreadPriority
GlobalUnlock
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
FindResourceA
FreeResource
GlobalFree
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetModuleFileNameA
GetLocaleInfoA
WideCharToMultiByte
CompareStringA
ActivateActCtx
LoadLibraryA
DeactivateActCtx
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleW
GetProcAddress
FreeLibrary
SetFileTime
WriteFile
CreateDirectoryA
GetFileAttributesA
LocalFileTimeToFileTime
lstrcatA
lstrlenA
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
SetFilePointer
ExpandEnvironmentStringsA
FindClose
DeleteFileA

user32

GetNextDlgGroupItem
SetCapture
InvalidateRgn
SetRect
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
LoadCursorA
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoA
KillTimer
RealChildWindowFromPoint
SetParent
GetSystemMenu
DeleteMenu
IsRectEmpty
IsZoomed
GetSystemMetrics
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
LoadImageA
DestroyIcon
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
IsIconic
InsertMenuItemA
CreatePopupMenu
IntersectRect
OffsetRect
BringWindowToTop
TranslateAcceleratorA
GetDC
SetRectEmpty
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
RegisterWindowMessageA
LoadIconW
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MessageBeep
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
CharUpperA
InflateRect
SetWindowPlacement
GetWindowPlacement
EnableWindow
SetTimer
UpdateWindow
PtInRect
GetWindowDC
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetMenuItemInfoA
LoadAcceleratorsW
LoadMenuW
GetKeyNameTextA
MapVirtualKeyA
UnionRect
WindowFromPoint
LockWindowUpdate
UnregisterClassA
SetWindowRgn
RedrawWindow
DestroyAcceleratorTable
NotifyWinEvent
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuA
GetMenuState
GetAsyncKeyState
SetCursorPos
SetClassLongA
DrawStateA
DrawIconEx
DrawEdge
DrawFrameControl
ReleaseDC
wsprintfA
PostQuitMessage
PostMessageA
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
EndDialog
SendMessageA
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
DrawFocusRect
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
CheckMenuItem
EnableMenuItem
CreateAcceleratorTableA
GetWindowRgn
DestroyCursor
DrawIcon
SubtractRect
MapVirtualKeyExA
IsCharLowerA
GetDoubleClickTime
CharUpperBuffA
CopyIcon
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageA
CreateMenu
IsMenu
UpdateLayeredWindow
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
CopyImage
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
RegisterClipboardFormatA
MonitorFromWindow

gdi32

SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
GetTextMetricsA
SetROP2
CreateDIBitmap
CreateRectRgnIndirect
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
PatBlt
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectA
GetObjectA
SetBkColor
GetTextExtentPoint32A
CreateBitmap
SetTextColor

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CryptImportKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt

shell32

DragFinish
DragQueryFileA
SHAddToRecentDocs
SHBrowseForFolderA
SHAppBarMessage
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetFileInfoA

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA
PathFindExtensionA

ole32

OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CoRevokeClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoGetClassObject
CoInitialize
CoCreateInstance
CoUninitialize
OleDuplicateData
ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoCreateGuid

oleaut32

SysStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
VarBstrFromDate
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SysFreeString

oledlg

ord8

wldap32

ord46
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord41

ws2_32

bind
ntohs
htons
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
getsockname

crypt32

CertFreeCertificateContext

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipDeleteGraphics
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipAlloc
GdipFree

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f96c9a248732ef1465a9bf5d838c3ff5b47c0330dbc05be28611fc1c7461f9e6.exe
.exe windows x64

b742a9a2aea725d3e2d8a21fc7ad4032

Code Sign

7a:03:60:6f:fd:1a:7f:86:4c:03:b5:04:b7:ea:41:3c
Certificate

Issuer

CN=Microsoft Corporation,C=USA

Not Before

16-06-2023 11:13

Not After

30-12-2035 16:00

Subject

CN=Microsoft Corporation,C=USA

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:2f:a0:55:96:bd:66:c9:38:0d:e5:b8:65:42:00:fa:8c:8b:a8:6b:41:36:ca:78:38:87:b2:98:e7:56:58:16
Signer

Actual PE Digest

b1:2f:a0:55:96:bd:66:c9:38:0d:e5:b8:65:42:00:fa:8c:8b:a8:6b:41:36:ca:78:38:87:b2:98:e7:56:58:16

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetProcAddress
HeapCreate
HeapAlloc
EnumUILanguagesA
CreateFileW
ReadConsoleW
ReadFile
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapSize
HeapValidate
GetSystemInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetCurrentThread
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
HeapFree
HeapReAlloc
HeapQueryInformation
WriteConsoleW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
CloseHandle
RtlUnwind

ntdll

RtlIpv6StringToAddressA

Sections

.text
Size: 898KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fe2da521d1ffb45f669a038f6c729378978c3c144e4008bdcd70cf4edc2c1bff.exe
.exe windows x64

f1756e7bfaee389836652ccf1e427fe1

Code Sign

7a:03:60:6f:fd:1a:7f:86:4c:03:b5:04:b7:ea:41:3c
Certificate

Issuer

CN=Microsoft Corporation,C=USA

Not Before

16-06-2023 11:13

Not After

30-12-2035 16:00

Subject

CN=Microsoft Corporation,C=USA

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:6c:f5:02:a1:93:ef:70:14:6c:cc:7c:60:27:4a:cf:79:78:de:cd
Signer

Actual PE Digest

f8:6c:f5:02:a1:93:ef:70:14:6c:cc:7c:60:27:4a:cf:79:78:de:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetModuleHandleA
EnumSystemLocalesA
CloseHandle
CreateFileW
ReadConsoleW
ReadFile
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapSize
HeapValidate
GetSystemInfo
GetCurrentThread
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetProcessHeap
SetConsoleCtrlHandler
HeapFree
HeapReAlloc
HeapQueryInformation
WriteConsoleW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
RtlUnwind

ntdll

RtlIpv6StringToAddressA

Sections

.text
Size: 897KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

015c6cfe615d839fa3dadcd6c55887d2

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

5b:ab:46:34:2e:f7:1f:1c:cb:f9:96:56:81:d7:54:cb:7e:5a:8b:bc:0a:26:d0:f2:70:5c:cd:b1:13:79:62:1cSigner

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 81KB - Virtual size: 80KB

.data Size: 512B - Virtual size: 192B

.rdata Size: 2KB - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 576B

.xdata Size: 1024B - Virtual size: 540B

.bss Size: - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 49KB - Virtual size: 48KB

98037a21875e194c60b139b37700bdeb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

Sections

.text Size: 367KB - Virtual size: 366KB

.rdata Size: 348KB - Virtual size: 348KB

.data Size: 20KB - Virtual size: 19KB

.pdata Size: 18KB - Virtual size: 18KB

.00cfg Size: 512B - Virtual size: 40B

.gxfg Size: 24KB - Virtual size: 23KB

.lorderf Size: 512B - Virtual size: 4B

.lprfn Size: 512B - Virtual size: 8B

.retplne Size: 512B - Virtual size: 92B

.trace Size: 4KB - Virtual size: 3KB

.voltbl Size: 512B - Virtual size: 46B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 13KB - Virtual size: 13KB

b12a88a6d4dc103cbe09c45e281dcfec

Code Sign

7a:03:60:6f:fd:1a:7f:86:4c:03:b5:04:b7:ea:41:3cCertificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

64:cf:65:b7:10:b2:49:7c:7a:03:fd:94:ed:96:44:33:02:5b:f2:9eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

Sections

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

7b:49:49:3c:c1:d5:e7:3e:4f:a9:eb:a4:cd:ba:3f:d6
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

5b:ab:46:34:2e:f7:1f:1c:cb:f9:96:56:81:d7:54:cb:7e:5a:8b:bc:0a:26:d0:f2:70:5c:cd:b1:13:79:62:1c
Signer

.text
Size: 81KB - Virtual size: 80KB

.data
Size: 512B - Virtual size: 192B

.rdata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 576B

.xdata
Size: 1024B - Virtual size: 540B

.bss
Size: - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 49KB - Virtual size: 48KB

.text
Size: 367KB - Virtual size: 366KB

.rdata
Size: 348KB - Virtual size: 348KB

.data
Size: 20KB - Virtual size: 19KB

.pdata
Size: 18KB - Virtual size: 18KB

.00cfg
Size: 512B - Virtual size: 40B

.gxfg
Size: 24KB - Virtual size: 23KB

.lorderf
Size: 512B - Virtual size: 4B

.lprfn
Size: 512B - Virtual size: 8B

.retplne
Size: 512B - Virtual size: 92B

.trace
Size: 4KB - Virtual size: 3KB

.voltbl
Size: 512B - Virtual size: 46B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 13KB - Virtual size: 13KB

7a:03:60:6f:fd:1a:7f:86:4c:03:b5:04:b7:ea:41:3c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

64:cf:65:b7:10:b2:49:7c:7a:03:fd:94:ed:96:44:33:02:5b:f2:9e
Signer

.text
Size: 898KB - Virtual size: 897KB

.rdata
Size: 438KB - Virtual size: 438KB

.data
Size: 56KB - Virtual size: 64KB

.pdata
Size: 36KB - Virtual size: 36KB

.idata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 337B

_RDATA
Size: 1024B - Virtual size: 546B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 18KB - Virtual size: 17KB

7a:03:60:6f:fd:1a:7f:86:4c:03:b5:04:b7:ea:41:3c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

13:50:3a:47:18:d6:b9:c5:eb:3d:84:92:ee:2b:cf:1c:7a:4c:f8:93
Signer

.text
Size: 898KB - Virtual size: 897KB

.rdata
Size: 438KB - Virtual size: 438KB

.data
Size: 56KB - Virtual size: 64KB

.pdata
Size: 36KB - Virtual size: 36KB

.idata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 337B

_RDATA
Size: 1024B - Virtual size: 546B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 18KB - Virtual size: 17KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 564KB - Virtual size: 564KB

.bss
Size: - Virtual size: 49KB

.idata
Size: 5KB - Virtual size: 5KB

.didata
Size: 512B - Virtual size: 260B

.tls
Size: - Virtual size: 584B

.rdata
Size: 512B - Virtual size: 109B

.reloc
Size: 68KB - Virtual size: 67KB

.pdata
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 160KB - Virtual size: 159KB

7a:03:60:6f:fd:1a:7f:86:4c:03:b5:04:b7:ea:41:3c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate