dd97a41338cf3aa342a91e083e46992379b9221a4bb96cb5e763154bbaa5664e[.]iso

Sharing

Copy URL

Twitter E-mail

General

Target

dd97a41338cf3aa342a91e083e46992379b9221a4bb96cb5e763154bbaa5664e.iso
Size

6.0MB
MD5

24eef331ca189dc8d8af56653aa0c4f2
SHA1

50ec1c8bc54fedd6c6e57e75957a82a3d7f343be
SHA256

dd97a41338cf3aa342a91e083e46992379b9221a4bb96cb5e763154bbaa5664e
SHA512

9b93d6b4c5dcb5862d567e1f5b25327f9f655d16e1bc248c97a0958a421257b4659ef03885f03bd696ed5205e4632bc1440ffa402fdd30523b4f0768b826f866
SSDEEP

49152:4nqviTBnF+tj07yogmAP8CkwS/BUFQwFQQCym4Ja2j6XU5kG5pCQFYOsqyUxnXPy:An37x8bpCQXP3kEeiGDp3Y/KUht

Score

1^/10

Malware Config

Signatures

Files

dd97a41338cf3aa342a91e083e46992379b9221a4bb96cb5e763154bbaa5664e.iso
.iso
Adobe.Acrobat.Dependencies.manifest
.xml
Schulungsleitfaden-CB-20230610.pdf.exe
.exe windows x64

e471c99b351c5cf3ea077a563b4afd98

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:52:96:f8:fc:d8:29:a7:5d:c9:42:94:f5:a4:15:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/04/2022, 00:00

Not After

01/05/2024, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e5:32:ef:5d:7b:ed:74:c1:09:d6:d2:11:41:07:a9:63:3d:7e:18:27:40:80:6b:91:6c:0c:9d:59:d3:bc:9d:8a
Signer

Actual PE Digest

e5:32:ef:5d:7b:ed:74:c1:09:d6:d2:11:41:07:a9:63:3d:7e:18:27:40:80:6b:91:6c:0c:9d:59:d3:bc:9d:8a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateEventA
GetCurrentThread
SetThreadPriority
TerminateThread
GetModuleFileNameA
GetModuleHandleA
GetSystemPowerStatus
LoadLibraryA
CreateFileA
FindFirstFileA
FindNextFileA
GetFinalPathNameByHandleW
SetFilePointer
GetSystemInfo
VirtualQueryEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadLibraryExA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
SetErrorMode
QueryPerformanceCounter
HeapSetInformation
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
CreateProcessW
GetSystemTime
GetSystemTimeAsFileTime
AddAtomW
SystemTimeToFileTime
QueryPerformanceFrequency
IsProcessorFeaturePresent
GetVersionExW
RtlUnwind
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
GetCurrentDirectoryW
MultiByteToWideChar
SetDllDirectoryW
LoadLibraryExW
GetExitCodeProcess
GetLongPathNameW
SetCurrentDirectoryW
GetTickCount
OpenMutexW
GetVolumeInformationW
GetModuleHandleW
CreateThread
CreateEventW
CreateMutexW
WaitForSingleObject
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitNamedPipeW
CreateNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
ReadFile
GetFileType
CreateFileW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
TerminateProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
GetStartupInfoW
lstrlenW
GetCurrentProcess
WriteConsoleW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
lstrcmpW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ExitProcess
SetStdHandle
GetConsoleOutputCP
FreeLibraryAndExitThread
RtlUnwindEx
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
GetLocaleInfoEx
GetCPInfo
CompareStringEx
GetTempPathW
CreateDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
VerifyVersionInfoW
lstrcmpiW
LocalFree
LocalAlloc
VerSetConditionMask
GetConsoleMode
WideCharToMultiByte
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
OpenProcess
GetCurrentThreadId
GetCurrentProcessId
Sleep
SetLastError
GetLastError
CloseHandle
OutputDebugStringW
OutputDebugStringA
WriteFile
GetFileAttributesA
GetCommandLineW
lstrcmpA
LCMapStringEx
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
RtlPcToFileHeader
GetStringTypeW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeSRWLock
IsValidLocale
QueryDosDeviceW
WaitForSingleObjectEx
QueryFullProcessImageNameW
GlobalHandle
CreatePipe
MulDiv
GlobalUnlock
GlobalSize
GlobalLock
OpenFileMappingW
OpenEventW
GetComputerNameExW
SetEnvironmentVariableW
CreateDirectoryExW
VirtualProtect
VirtualQuery
ExpandEnvironmentStringsW
ProcessIdToSessionId
GetProcessId
DuplicateHandle
GetProcessTimes
IsWow64Process
GetProductInfo
GetNativeSystemInfo
DeleteFileW
GetFileSizeEx
GetLocalTime
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
UnregisterWaitEx
RegisterWaitForSingleObject
QueryThreadCycleTime
GetThreadPriority
GetUserDefaultLangID
IsDebuggerPresent
GetThreadId
TlsGetValue
AcquireSRWLockExclusive
MoveFileExW
GetFileAttributesExW
CopyFileW
TlsAlloc
TlsFree
TlsSetValue
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
FlushFileBuffers
FindFirstFileExW
GetWindowsDirectoryW
lstrcmpiA
GetLocaleInfoW
GetDriveTypeW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
GetFileSize
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
GetVolumeInformationByHandleW
GetEnvironmentVariableW
GetProfileStringW
ReadProcessMemory
CreateIoCompletionPort
GetQueuedCompletionStatus
UnregisterWait
TerminateJobObject
PostQueuedCompletionStatus
SetInformationJobObject
IsProcessInJob
QueryInformationJobObject
ResumeThread
DebugBreak
GetUserDefaultLCID
GetUserDefaultLocaleName
SetHandleInformation
AssignProcessToJobObject
SignalObjectAndWait
CreateRemoteThread
CreateJobObjectW
VirtualFree
SearchPathW
ExitThread
FlushInstructionCache
VirtualAlloc
GetModuleHandleExA
GlobalAlloc
GlobalFree
GetTempFileNameW
GetExitCodeThread
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetFullPathNameW
GetFileTime
CompareFileTime
GetStdHandle

user32

GetMessageW
GetUserObjectInformationW
GetProcessWindowStation
SetProcessWindowStation
CreateWindowStationW
CreateDesktopW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
TranslateMessage
GetParent
MessageBoxW
RemovePropW
GetPropW
SetPropW
GetActiveWindow
GetDlgItem
SendMessageW
GetPropA
GetClassNameW
DispatchMessageW
DdeDisconnect
DdeConnect
DdeAddData
DdeCreateDataHandle
DdeQueryStringA
DdeGetData
EnumThreadWindows
IsWindowVisible
DdeFreeStringHandle
DdeCreateStringHandleW
DdeNameService
DdeUninitialize
DdeInitializeW
SetWindowLongPtrW
SendNotifyMessageW
RegisterWindowMessageA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
CreateWindowExW
RegisterClassExW
DefWindowProcW
RegisterWindowMessageW
LoadIconA
LoadCursorA
FindWindowA
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
GetThreadDesktop
PostThreadMessageW
IsWindowEnabled
MsgWaitForMultipleObjects
PeekMessageW
CloseWindowStation
GetFocus
MonitorFromWindow
GetMonitorInfoW
GetAsyncKeyState
EnumChildWindows
FindWindowExW
EnableWindow
WindowFromPoint
GetAncestor
GetShellWindow
GetRawInputDeviceInfoW
SetActiveWindow
CreateIconFromResourceEx
GetDC
GetWindowTextLengthW
ReleaseDC
RegisterClassW
GetWindowInfo
SetDlgItemTextW
GetRawInputDeviceList
DdeClientTransaction
LoadIconW
SendDlgItemMessageW
RegisterClipboardFormatW
GetClipboardData
IsClipboardFormatAvailable
EnumClipboardFormats
CountClipboardFormats
SetClipboardData
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClipboardSequenceNumber
GetClipboardOwner
GetPriorityClipboardFormat
GetOpenClipboardWindow
GetClipboardViewer
CloseWindow
LoadCursorW
GetWindowDC
SystemParametersInfoW
BeginPaint
EndPaint
GetClientRect
MoveWindow
UpdateWindow
AdjustWindowRectEx
IsChild
SetFocus
SetRect
MonitorFromRect
IsRectEmpty
GetClassInfoExW
GetWindowLongW
SetWindowLongW
GetSysColor
CallWindowProcW
RedrawWindow
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
SetCapture
ReleaseCapture
FillRect
InvalidateRect
InvalidateRgn
DestroyAcceleratorTable
MapWindowPoints
SetCursor
IsDialogMessageW
LoadBitmapW
MapDialogRect
SetWindowContextHelpId
CreateDialogIndirectParamW
PostQuitMessage
DefWindowProcA
DispatchMessageA
GetMessageA
UserHandleGrantAccess
GetWindow
EnumWindows
SetParent
GetWindowLongPtrW
GetWindowTextW
IsWindow
GetDesktopWindow
GetWindowRect
SetForegroundWindow
GetSystemMetrics
BringWindowToTop
SendMessageTimeoutW
EnumDesktopWindows
SetWindowTextW
GetForegroundWindow
CharNextW
EndDialog
DialogBoxParamW
GetGUIThreadInfo
GetWindowThreadProcessId
FindWindowW
AllowSetForegroundWindow
SwitchToThisWindow
KillTimer
SetTimer
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowPos
ShowWindow
UnregisterClassW
PostMessageW

advapi32

CryptGenKey
RegGetValueW
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegOpenKeyA
EqualSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyW
ReportEventW
RegisterEventSourceW
CloseEventLog
ConvertSidToStringSidW
MakeAbsoluteSD
InitiateSystemShutdownW
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
SetTokenInformation
GetSecurityDescriptorSacl
GetLengthSid
FreeSid
DuplicateTokenEx
CreateWellKnownSid
CopySid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteKeyExW
SystemFunction036
GetNamedSecurityInfoW
MapGenericMask
AccessCheck
OpenThreadToken
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorDacl
GetAce
SetKernelObjectSecurity
GetKernelObjectSecurity
InitializeSid
GetAclInformation
AddAce
RevertToSelf
RegDisablePredefinedCache
CreateRestrictedToken
DuplicateToken
CreateProcessAsUserW
SetThreadToken
CheckTokenMembership
RegDeleteTreeW
SaferiIsExecutableFileType
GetUserNameW
ImpersonateAnonymousToken
CryptAcquireContextA
CryptAcquireContextW
CryptReleaseContext
CryptImportKey
CryptDestroyKey
CryptGetProvParam
CryptSetProvParam
CryptGenRandom
CryptGetUserKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSignHashA
CryptSignHashW
CryptGetHashParam
CryptSetHashParam
CredReadW
CredFree
CredWriteW
CredDeleteW
CryptSetKeyParam
CryptContextAddRef

shlwapi

UrlIsW
PathCanonicalizeW
PathFileExistsW
PathRemoveBackslashW
PathAppendW
PathRemoveFileSpecW
PathFindExtensionA
PathCombineW
PathIsRelativeW
PathFindExtensionW
AssocQueryStringW
UrlGetPartW
PathIsDirectoryW
PathIsUNCW
PathFindFileNameW
PathAddBackslashW
PathCreateFromUrlW
UrlCanonicalizeW
UrlUnescapeW
PathIsUNCServerShareW
ord219
PathIsURLW

winhttp

WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpAddRequestHeaders

Exports

Exports

??4PreamblePatcher@sidestep@@QEAAAEAV01@$$QEAV01@@Z
??4PreamblePatcher@sidestep@@QEAAAEAV01@AEBV01@@Z
?AcrobatIsNearAbsoluteIndirectJump@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?AllocPageNear@PreamblePatcher@sidestep@@CAPEAXPEAX@Z
?AllocPreambleBlockNear@PreamblePatcher@sidestep@@SAPEAEPEAX@Z
?FreePreambleBlock@PreamblePatcher@sidestep@@SAXPEAE@Z
?Initialize@PreamblePatcher@sidestep@@CAXXZ
?IsMovWithDisplacement@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?IsNearAbsoluteCall@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?IsNearConditionalJump@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?IsNearRelativeCall@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?IsNearRelativeJump@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?IsShortConditionalJump@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?IsShortJump@PreamblePatcher@sidestep@@CA_NPEAEI@Z
?PatchMovWithDisplacement@PreamblePatcher@sidestep@@CA?AW4SideStepError@2@PEAEI0PEAII@Z
?PatchNearJumpOrCall@PreamblePatcher@sidestep@@CA?AW4SideStepError@2@PEAEI0PEAII@Z
?PatchShortConditionalJump@PreamblePatcher@sidestep@@CA?AW4SideStepError@2@PEAEI0PEAII@Z
?PatchShortJump@PreamblePatcher@sidestep@@CA?AW4SideStepError@2@PEAEI0PEAII@Z
?RawPatch@PreamblePatcher@sidestep@@SA?AW4SideStepError@2@PEAX0PEAPEAXPEBD@Z
?RawPatchWithStub@PreamblePatcher@sidestep@@CA?AW4SideStepError@2@PEAX0PEAEKPEAKPEBD@Z
?RawPatchWithStubAndProtections@PreamblePatcher@sidestep@@CA?AW4SideStepError@2@PEAX0PEAEKPEAKPEBD@Z
?ResolveTargetImpl@PreamblePatcher@sidestep@@CAPEAXPEAE0_N@Z
?Unpatch@PreamblePatcher@sidestep@@SA?AW4SideStepError@2@PEAX00@Z
?granularity_@PreamblePatcher@sidestep@@0JA
?initialized_@PreamblePatcher@sidestep@@0_NA
?pagesize_@PreamblePatcher@sidestep@@0JA
?preamble_pages_@PreamblePatcher@sidestep@@0PEAUPreamblePage@12@EA
AcroRd32IsBrokerProcess
GetHandleVerifier
GetWinstaDesktopInfo
IsSandboxedProcess

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 725KB - Virtual size: 725KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cryptbase.dll
.dll windows x64

4db0555c33b82c8c1fbf0af834d81337

Code Sign

33:00:00:02:5d:74:2a:12:5a:15:1b:70:74:00:00:00:00:02:5d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

31/01/2020, 19:26

Not After

22/01/2021, 19:26

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:92:bb:dd:44:5b:39:cd:83:4e:d9:fa:c1:b6:5a:75:31:28:68:7c:e5:30:43:47:0a:cf:c2:12:81:c8:c1:5b
Signer

Actual PE Digest

ea:92:bb:dd:44:5b:39:cd:83:4e:d9:fa:c1:b6:5a:75:31:28:68:7c:e5:30:43:47:0a:cf:c2:12:81:c8:c1:5b

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapAlloc
GetProcessHeap
DisableThreadLibraryCalls
GetModuleFileNameW
HeapFree
RtlCompareMemory
GetCurrentThreadId
GetLastError
WriteConsoleW
CreateFileW
HeapReAlloc
HeapSize
SetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
ExitProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
FlushFileBuffers
WriteFile
GetConsoleOutputCP
SetFilePointerEx
GetStringTypeW

Exports

Exports

SystemFunction001
SystemFunction002
SystemFunction003
SystemFunction004
SystemFunction005
SystemFunction028
SystemFunction029
SystemFunction034
SystemFunction036
SystemFunction040
SystemFunction041

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 445KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e471c99b351c5cf3ea077a563b4afd98

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:52:96:f8:fc:d8:29:a7:5d:c9:42:94:f5:a4:15:a4Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e5:32:ef:5d:7b:ed:74:c1:09:d6:d2:11:41:07:a9:63:3d:7e:18:27:40:80:6b:91:6c:0c:9d:59:d3:bc:9d:8aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

winhttp

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 66KB - Virtual size: 104KB

.pdata Size: 177KB - Virtual size: 176KB

.didat Size: 2KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 725KB - Virtual size: 725KB

.reloc Size: 18KB - Virtual size: 17KB

4db0555c33b82c8c1fbf0af834d81337

Code Sign

33:00:00:02:5d:74:2a:12:5a:15:1b:70:74:00:00:00:00:02:5dCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

ea:92:bb:dd:44:5b:39:cd:83:4e:d9:fa:c1:b6:5a:75:31:28:68:7c:e5:30:43:47:0a:cf:c2:12:81:c8:c1:5bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 445KB - Virtual size: 450KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.rdata2 Size: 1024B - Virtual size: 4KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:52:96:f8:fc:d8:29:a7:5d:c9:42:94:f5:a4:15:a4
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e5:32:ef:5d:7b:ed:74:c1:09:d6:d2:11:41:07:a9:63:3d:7e:18:27:40:80:6b:91:6c:0c:9d:59:d3:bc:9d:8a
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 66KB - Virtual size: 104KB

.pdata
Size: 177KB - Virtual size: 176KB

.didat
Size: 2KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 725KB - Virtual size: 725KB

.reloc
Size: 18KB - Virtual size: 17KB

33:00:00:02:5d:74:2a:12:5a:15:1b:70:74:00:00:00:00:02:5d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ea:92:bb:dd:44:5b:39:cd:83:4e:d9:fa:c1:b6:5a:75:31:28:68:7c:e5:30:43:47:0a:cf:c2:12:81:c8:c1:5b
Signer

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 445KB - Virtual size: 450KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.rdata2
Size: 1024B - Virtual size: 4KB