MDE_File_Sample_19d14c7a0192ff6fdc5290c714fcdd8701b3af207a167dd8c47038273b3d227a[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_19d14c7a0192ff6fdc5290c714fcdd8701b3af207a167dd8c47038273b3d227a.zip
Size

3.6MB
MD5

da42f611cd8bb3bab6d9496cacb4f716
SHA1

0616c4fc629af2b5f80b4fd94d6dc49f8f32f29d
SHA256

81dff2d14e86fa2b15333014c3213a9d6be0ec1a04dffebe3fc9fcc5330436f5
SHA512

eb714f20712162a0f71c64bdfffdd124efd8f17fa6c44e8fc7c3c73441832d02a37f8c316d62051e0c25335d6e0c2c660faba4370579f64b9de2d93d12980f79
SSDEEP

98304:zs7850QP3Sb1/eOhzYoWo+VSpIBgfHm16OYf3x3gC:WvGehU1RU+KG16h3x3p

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_19d14c7a0192ff6fdc5290c714fcdd8701b3af207a167dd8c47038273b3d227a.zip
.zip

Password: infected
$R0R6Y94.exe
.exe windows x86

e0be8d8ada7e3a3943b49f0a8a5bf445

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:89:c3:be:08:7a:a0:db:82:16:65:55
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19/11/2020, 13:53

Not After

20/11/2023, 13:53

Subject

SERIALNUMBER=516201936,CN=BONY INNOVATION LTD,O=BONY INNOVATION LTD,STREET=11 Hamanofim,L=Herzliya,ST=Tel Aviv,C=IL,1.2.840.113549.1.9.1=#0c1a626f6e79696e6f766174696f6e6c746440676d61696c2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#1302494c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:bb:5c:7b:9f:ae:58:fd:91:d2:19:41:09:20:a6:75:87:c4:55:bd
Signer

Actual PE Digest

9f:bb:5c:7b:9f:ae:58:fd:91:d2:19:41:09:20:a6:75:87:c4:55:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AreFileApisANSI
CloseHandle
CompareStringW
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileW
CreateProcessW
CreateThread
DecodePointer
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessId
GetProfileIntW
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapQueryInformation
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
MulDiv
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SearchPathW
SetEndOfFile
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
WritePrivateProfileStringW
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

user32

AdjustWindowRectEx
AppendMenuW
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
CharNextW
CharUpperBuffW
CharUpperW
CheckDlgButton
CheckMenuItem
ClientToScreen
CloseClipboard
CopyAcceleratorTableW
CopyIcon
CopyImage
CopyRect
CreateAcceleratorTableW
CreateDialogIndirectParamW
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyAcceleratorTable
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawStateW
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EnumDisplayMonitors
EnumWindows
EqualRect
FillRect
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetComboBoxInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuCheckMarkDimensions
GetMenuDefaultItem
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoW
GetNextDlgGroupItem
GetNextDlgTabItem
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowContextHelpId
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
GrayStringW
HideCaret
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
InvalidateRgn
InvertRect
IsCharLowerW
IsChild
IsClipboardFormatAvailable
IsDialogMessageW
IsIconic
IsMenu
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsW
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
LoadStringW
LockWindowUpdate
MapDialogRect
MapVirtualKeyExW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
ModifyMenuW
MonitorFromPoint
MonitorFromWindow
MoveWindow
NotifyWinEvent
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RealChildWindowFromPoint
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ReuseDDElParam
ScreenToClient
ScrollWindow
SendDlgItemMessageA
SendMessageW
SendNotifyMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetRectEmpty
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowContextHelpId
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SubtractRect
SystemParametersInfoW
TabbedTextOutW
ToUnicodeEx
TrackMouseEvent
TrackPopupMenu
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnpackDDElParam
UpdateLayeredWindow
UpdateWindow
ValidateRect
VkKeyScanW
WaitMessage
WinHelpW
WindowFromDC
WindowFromPoint

gdi32

AbortDoc
Arc
BitBlt
ChoosePixelFormat
CombineRgn
CopyMetaFileW
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateFontIndirectW
CreateFontW
CreateHatchBrush
CreatePalette
CreatePatternBrush
CreatePen
CreatePolyPolygonRgn
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
Ellipse
EndDoc
EnumFontFamiliesExW
EnumFontFamiliesW
Escape
ExcludeClipRect
ExtCreatePen
ExtFloodFill
ExtSelectClipRgn
ExtTextOutW
FillRgn
FrameRgn
GetBkColor
GetBoundsRect
GetClipBox
GetCurrentObject
GetDIBits
GetDeviceCaps
GetLayout
GetMapMode
GetNearestPaletteIndex
GetObjectType
GetObjectW
GetPaletteEntries
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextCharsetInfo
GetTextColor
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MoveToEx
OffsetClipRgn
OffsetRgn
OffsetViewportOrgEx
OffsetWindowOrgEx
PatBlt
PolyBezier
Polygon
Polyline
PtInRegion
PtVisible
RealizePalette
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectClipRgn
SelectObject
SelectPalette
SetArcDirection
SetBkColor
SetBkMode
SetDIBColorTable
SetLayout
SetMapMode
SetPaletteEntries
SetPixel
SetPixelFormat
SetPixelV
SetPolyFillMode
SetROP2
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StartDocW
StretchBlt
TextOutW

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueW
RegSetValueExW

shell32

DragFinish
DragQueryFileW
SHAppBarMessage
SHBrowseForFolderW
SHGetDesktopFolder
SHGetFileInfoW
SHGetKnownFolderPath
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteW

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_Draw
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_SetImageCount
InitCommonControlsEx

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoCreateInstance
CoDisconnectObject
CoFreeUnusedLibraries
CoGetClassObject
CoInitialize
CoInitializeEx
CoLockObjectExternal
CoRegisterMessageFilter
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
DoDragDrop
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleDuplicateData
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleLockRunning
OleTranslateAccelerator
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
StringFromGUID2

oleaut32

LoadTypeLi
OleCreateFontIndirect
OleLoadPicture
SafeArrayDestroy
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
VarBstrCmp
VarBstrFromDate
VarUdateFromDate
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit
VariantTimeToSystemTime

gdiplus

GdipAddPathArc
GdipAddPathBezier
GdipAddPathEllipse
GdipAddPathLine2
GdipAddPathLine
GdipAddPathPath
GdipAddPathRectangle
GdipAlloc
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCloneBitmapArea
GdipCloneBrush
GdipCloneImage
GdipCloneRegion
GdipClosePathFigure
GdipCombineRegionPath
GdipCombineRegionRegion
GdipCreateBitmapFromFile
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateMatrix
GdipCreatePath
GdipCreatePathGradientFromPath
GdipCreatePen2
GdipCreateRegionPath
GdipCreateSolidFill
GdipCreateStringFormat
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePen
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawEllipse
GdipDrawImageI
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawLine
GdipDrawPath
GdipDrawRectangle
GdipDrawString
GdipFillEllipse
GdipFillPath
GdipFillRectangle
GdipFillRegion
GdipFree
GdipGetBrushType
GdipGetCellDescent
GdipGetCompositingMode
GdipGetDpiY
GdipGetEmHeight
GdipGetFamily
GdipGetFontSize
GdipGetFontStyle
GdipGetGenericFontFamilySansSerif
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineTransform
GdipGetMatrixElements
GdipGetPathGradientPointCount
GdipGetPathGradientTransform
GdipGetPathWorldBounds
GdipGetRegionHRgn
GdipGetSmoothingMode
GdipGetStringFormatFlags
GdipGetTextureTransform
GdipGetWorldTransform
GdipGraphicsClear
GdipIsMatrixIdentity
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyWorldTransform
GdipResetClip
GdipResetWorldTransform
GdipRotateLineTransform
GdipRotateMatrix
GdipScaleLineTransform
GdipScaleMatrix
GdipScalePathGradientTransform
GdipSetClipPath
GdipSetClipRegion
GdipSetCompositingMode
GdipSetImageAttributesColorMatrix
GdipSetInterpolationMode
GdipSetLinePresetBlend
GdipSetLineTransform
GdipSetLineWrapMode
GdipSetMatrixElements
GdipSetPageUnit
GdipSetPathFillMode
GdipSetPathGradientCenterColor
GdipSetPathGradientCenterPoint
GdipSetPathGradientPresetBlend
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientTransform
GdipSetPathGradientWrapMode
GdipSetPenDashArray
GdipSetPenDashCap197819
GdipSetPenDashOffset
GdipSetPenDashStyle
GdipSetPenEndCap
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenStartCap
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetTextureTransform
GdipSetTextureWrapMode
GdipSetWorldTransform
GdipStartPathFigure
GdipTransformMatrixPoints
GdipTransformPath
GdipTranslateLineTransform
GdipTranslateMatrix
GdipTranslatePathGradientTransform
GdipTranslateTextureTransform
GdiplusShutdown
GdiplusStartup

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpSetTimeouts
WinHttpWriteData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

uxtheme

BeginBufferedPaint
BufferedPaintSetAlpha
CloseThemeData
DrawThemeBackground
DrawThemeParentBackground
DrawThemeText
EndBufferedPaint
GetCurrentThemeName
GetThemeColor
GetThemePartSize
GetThemeSysColor
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
OpenThemeData

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathRemoveFileSpecW
PathStripToRootW
ord12
StrFormatKBSizeW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

msimg32

AlphaBlend
TransparentBlt

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

dwmapi

DwmExtendFrameIntoClientArea
DwmIsCompositionEnabled

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

oledlg

OleUIBusyW

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 388B

.rsrc
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e0be8d8ada7e3a3943b49f0a8a5bf445

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

1f:89:c3:be:08:7a:a0:db:82:16:65:55Certificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

9f:bb:5c:7b:9f:ae:58:fd:91:d2:19:41:09:20:a6:75:87:c4:55:bdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

gdiplus

winhttp

version

uxtheme

shlwapi

winspool.drv

msimg32

oleacc

dwmapi

imm32

winmm

oledlg

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 773KB - Virtual size: 773KB

.data Size: 54KB - Virtual size: 77KB

.00cfg Size: 512B - Virtual size: 4B

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.voltbl Size: 512B - Virtual size: 388B

.rsrc Size: 6.4MB - Virtual size: 6.4MB

.reloc Size: 302KB - Virtual size: 302KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

1f:89:c3:be:08:7a:a0:db:82:16:65:55
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

9f:bb:5c:7b:9f:ae:58:fd:91:d2:19:41:09:20:a6:75:87:c4:55:bd
Signer

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 773KB - Virtual size: 773KB

.data
Size: 54KB - Virtual size: 77KB

.00cfg
Size: 512B - Virtual size: 4B

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 512B - Virtual size: 388B

.rsrc
Size: 6.4MB - Virtual size: 6.4MB

.reloc
Size: 302KB - Virtual size: 302KB