mimic | virus-files[.]zip

Resubmissions

08-08-2023 16:39

230808-t6fxgsfe9x 10

08-08-2023 16:13

230808-tpj8ksdh34 10

Sharing

Copy URL

Twitter E-mail

General

Target

virus-files.zip
Size

15.8MB
MD5

0c11768d49cd22ebee5b6ad3d7febcd6
SHA1

bb463da43458f7708aaea4931579503b067090d7
SHA256

e231cc1fb99fcca6bae8df59470f82136cb97b9f9c96a75d8cf7ab2ad4e222a0
SHA512

f440c98c762534e5203f0406c38185b164528df0a48296ee55eb5b7dd480f698023cbe95c663898dde6a2471970611055765f7b0dbb6cd127ee0516e45f9df59
SSDEEP

393216:owy0YNUtmKdreI8t7pMRRdusbu6SxpQ0uCsmTAwG3z4:5y0w8d/8/CRhbu6Sxy0uH4

Score

10^/10

mimic

Malware Config

Signatures

Detects Mimic ransomware 1 IoCs

resource	yara_rule
static1/unpack001/Amigodainapasik.exe	family_mimic

Mimic family
mimic

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7za.exe
unpack001/Amigodainapasik.exe

Files

virus-files.zip
.zip

Password: virus
7za.exe
.exe windows x86

Password: virus

b06a5d19aad48d0a521642c823535f92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopy
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantClear

user32

CharPrevExA
CharUpperW

advapi32

OpenProcessToken
GetFileSecurityW
SetFileSecurityW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
exit
_ftol
realloc
memset
strlen
wcscmp
wcsstr
strcmp
memmove
fputs
fputc
fflush
fgetc
fclose
_iob
free
_CxxThrowException
malloc
memcmp
_purecall
memcpy
__CxxFrameHandler
_isatty
_fileno

kernel32

CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
ResumeThread
SetFileAttributesW
WaitForSingleObject
InterlockedIncrement
VirtualFree
VirtualAlloc
GetOEMCP
LocalFileTimeToFileTime
SetConsoleMode
GetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
IsProcessorFeaturePresent
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
SetEndOfFile
WriteFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
ReadFile
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
DeviceIoControl
SetThreadAffinityMask

Sections

.text
Size: 652KB - Virtual size: 651KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Amigodainapasik.exe
.exe windows x86

Password: virus

ec5356d8e0f77a28432ffd3fb34115c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatW
lstrcpyW
CreateIoCompletionPort
CreateTimerQueue
GetCurrentProcess
SetProcessShutdownParameters
LocalAlloc
GetCurrentThread
LocalFree
GetSystemWindowsDirectoryW
QueryDosDeviceW
FindFirstFileW
SetPriorityClass
FindNextFileW
TerminateProcess
RemoveDirectoryW
FindClose
GetVersionExW
K32GetProcessImageFileNameW
DuplicateHandle
CreateToolhelp32Snapshot
GetExitCodeThread
ProcessIdToSessionId
Process32NextW
K32GetProcessMemoryInfo
Process32FirstW
GetNativeSystemInfo
LoadLibraryW
Module32FirstW
GetWindowsDirectoryW
GetProcAddress
WTSGetActiveConsoleSessionId
CreateProcessW
GetModuleHandleW
CreateRemoteThread
Module32NextW
QueryFullProcessImageNameW
K32GetMappedFileNameW
CreateFileMappingW
GetTickCount
lstrcmpW
IsWow64Process
VirtualQueryEx
InitializeCriticalSectionEx
RaiseException
DecodePointer
GetComputerNameExW
GlobalMemoryStatusEx
ReadProcessMemory
GetStdHandle
GetEnvironmentVariableW
GetFileType
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
QueryPerformanceCounter
GetSystemTimeAsFileTime
FormatMessageW
DeleteFiber
ConvertFiberToThread
FreeLibrary
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
CancelIo
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentProcessId
SetCurrentDirectoryW
Wow64RevertWow64FsRedirection
Sleep
OpenProcess
Wow64DisableWow64FsRedirection
GetCommandLineW
WideCharToMultiByte
GetLocalTime
PostQueuedCompletionStatus
GetFileInformationByHandle
SetFileAttributesW
GetFileAttributesW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
MapViewOfFile
CreateEventA
CreateFileMappingA
ResetEvent
SetEvent
CreateEventW
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateMutexW
WaitForMultipleObjects
AllocConsole
GetConsoleWindow
ReadFile
SetConsoleCP
GetFileTime
GetDriveTypeW
FindNextVolumeW
GetSystemTime
GetVolumePathNamesForVolumeNameW
CopyFileW
SystemTimeToFileTime
FindVolumeClose
SetVolumeMountPointW
GetDiskFreeSpaceExW
ExitThread
SetFileTime
IsValidLocale
GetConsoleOutputCP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetConsoleCtrlHandler
ExitProcess
ResumeThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
DeviceIoControl
lstrlenW
FindFirstVolumeW
GetLogicalDrives
GetVolumeInformationW
CreateDirectoryW
lstrcmpiW
MultiByteToWideChar
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
SwitchToThread
TryEnterCriticalSection
AreFileApisANSI
GetFullPathNameW
GetQueuedCompletionStatus
DeleteTimerQueue
DeleteCriticalSection
FindFirstFileExW
GetCurrentDirectoryW
QueryPerformanceFrequency
GetStringTypeW
CreateTimerQueueTimer
CreateFileW
GetFileSizeEx
GetModuleFileNameW
FlushFileBuffers
MoveFileW
SetFilePointerEx
CloseHandle
DeleteFileW
GetLastError
SetEndOfFile
WriteFile
HeapSize

user32

wsprintfW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
wvsprintfW
GetMessageW
UnregisterHotKey
PostMessageW
ShowWindow
PeekMessageW
RegisterHotKey

advapi32

ReportEventW
RevertToSelf
GetTokenInformation
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
ConvertSidToStringSidW
SetSecurityInfo
InitializeAcl
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
LookupPrivilegeNameW
RegCloseKey
GetSecurityDescriptorDacl
AdjustTokenPrivileges
GetSecurityDescriptorSacl
LookupPrivilegeValueW
QueryServiceStatusEx
DuplicateTokenEx
EnumServicesStatusW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
RegisterEventSourceW
DeregisterEventSource
RegGetValueW
EqualSid
CreateWellKnownSid
GetUserNameW
LookupAccountSidW
CloseServiceHandle
OpenSCManagerW
ControlService
EnumDependentServicesW
ChangeServiceConfigW
OpenServiceW
SetThreadToken

shell32

CommandLineToArgvW
SHCreateItemFromParsingName
SHEmptyRecycleBinW

ole32

CoSetProxyBlanket
CoTaskMemFree
CoGetObject
CoInitializeEx
CoCreateInstance
CoInitialize
CoInitializeSecurity
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

shlwapi

StrStrIA
PathFileExistsW
StrStrIW
PathRemoveFileSpecW
PathStripPathW
PathFindExtensionW
PathGetArgsW
PathRemoveExtensionW
StrStrW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ws2_32

gethostbyname
closesocket
WSAIoctl
bind
recv
send
WSASocketW
WSAStartup
socket
WSAAddressToStringW
WSAGetLastError
setsockopt
htons
WSACleanup
shutdown
inet_ntop
getsockopt
gethostname
WSASetLastError
inet_ntoa

iphlpapi

GetIpNetTable
GetAdaptersInfo

netapi32

NetShareEnum
NetApiBufferFree

mpr

WNetGetConnectionW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

rstrtmgr

RmGetList
RmShutdown
RmStartSession
RmRegisterResources
RmEndSession

everything32

Everything_GetNumResults
Everything_SetRequestFlags
Everything_Exit
Everything_CleanUp
Everything_GetLastError
Everything_QueryW
Everything_GetResultFullPathNameW
Everything_GetResultSize
Everything_DeleteRunHistory
Everything_SetSort
Everything_IsDBLoaded
Everything_SetSearchW

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Everything.db
Everything.exe
.exe windows x86

Password: virus

bb26afe15301b5fc5c7803c1150db133

Code Sign

0e:ae:3b:a4:9c:f8:c1:7c:12:57:cd:df:59:7d:a8:47
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-11-2020 00:00

Not After

17-03-2022 23:59

Subject

CN=voidtools,O=voidtools,L=Wilmington,ST=South Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:ba:fc:59:ba:b6:87:e2:7c:0e:ba:b8:55:aa:39:cd:39:a3:8b:7d:65:c3:27:71:59:bd:9c:62:b8:8c:f2:02
Signer

Actual PE Digest

09:ba:fc:59:ba:b6:87:e2:7c:0e:ba:b8:55:aa:39:cd:39:a3:8b:7d:65:c3:27:71:59:bd:9c:62:b8:8c:f2:02

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_GetIconSize
ImageList_DrawEx
_TrackMouseEvent
InitCommonControlsEx

ws2_32

WSAGetLastError
WSACleanup
closesocket
send
recv
socket
connect
WSAAsyncSelect
setsockopt
WSAStartup
shutdown
listen
bind
getpeername
ntohs
htons
gethostbyname
inet_addr
accept
getsockname

shlwapi

SHRegGetUSValueW
PathIsRootW
PathCombineW
PathRemoveFileSpecW

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
ExitProcess
SetConsoleScreenBufferSize
SetStdHandle
AllocConsole
FreeConsole
SetFilePointer
FileTimeToSystemTime
GetSystemTime
FreeResource
LockResource
LoadResource
SizeofResource
GetSystemDefaultLangID
LoadLibraryA
TerminateProcess
OpenProcess
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
SetErrorMode
MoveFileExW
GlobalFree
GlobalUnlock
WriteFile
GlobalAlloc
GetFileSize
GetThreadPriority
FreeLibrary
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
WaitForMultipleObjects
GetSystemInfo
GetVersionExA
LocalFree
LocalAlloc
ConnectNamedPipe
GetTimeZoneInformation
MulDiv
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedExchange
RtlUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
FlushFileBuffers
GetStdHandle
GetFileType
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
DeviceIoControl
GetOverlappedResult
ResetEvent
Sleep
FindNextChangeNotification
GetFileInformationByHandle
GetLocalTime
FindCloseChangeNotification
FindClose
GetSystemTimeAsFileTime
GetCurrentThread
SetThreadPriority
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
GetTickCount
LeaveCriticalSection
SetEvent
GetCommandLineW
GetCurrentThreadId
ReadFile
GetLastError
CloseHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
HeapDestroy
HeapCreate
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
GetCurrentProcessId
LCMapStringA
GetStringTypeA
GetLocaleInfoA
HeapSize
GlobalLock

user32

SetCursor
SetCapture
ChangeClipboardChain
DrawEdge
DrawFrameControl
EqualRect
GetSubMenu
GetMenu
SetClipboardViewer
EnumWindows
ActivateKeyboardLayout
IsDlgButtonChecked
SetScrollInfo
UpdateWindow
ScrollWindowEx
SetDlgItemInt
GetMenuItemID
RemoveMenu
GetMenuState
GetMenuDefaultItem
EnableMenuItem
AdjustWindowRect
GetSysColorBrush
OffsetRect
InvalidateRgn
MessageBeep
SetCursorPos
GetDlgItemInt
GetDlgCtrlID
GetDesktopWindow
ValidateRect
CreateIconIndirect
CreateMenu
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
KillTimer
GetDoubleClickTime
RegisterHotKey
UnregisterHotKey
PostQuitMessage
OpenIcon
GetForegroundWindow
IsWindowVisible
SetActiveWindow
BringWindowToTop
EnumChildWindows
CheckDlgButton
GetKeyboardLayoutList
GetScrollInfo
InvalidateRect
ClientToScreen
ScreenToClient
GetKeyState
IsIconic
GetWindowPlacement
IsZoomed
GetParent
CopyRect
EmptyClipboard
SetClipboardData
SetFocus
PtInRect
SetForegroundWindow
BeginPaint
EndPaint
OpenClipboard
CloseClipboard
FillRect
GetAsyncKeyState
GetClientRect
IsWindowEnabled
GetFocus
GetNextDlgTabItem
SetWindowPos
GetMenuItemCount
CreatePopupMenu
DeleteMenu
AdjustWindowRectEx
GetDlgItem
GetWindowRect
MapWindowPoints
IntersectRect
GetDC
ReleaseDC
WaitMessage
UnhookWindowsHookEx
CallNextHookEx
TranslateMessage
GetSystemMetrics
GetCapture
ReleaseCapture
ShowWindow
SetMenu
RedrawWindow
GetMessagePos
RegisterWindowMessageA
ReplyMessage
AttachThreadInput
GetCursorPos
GetSysColor
EndDialog
DestroyIcon
SetTimer
DestroyWindow
GetWindowThreadProcessId
IsWindow
GetKeyboardLayout
GetLastActivePopup

gdi32

StretchDIBits
BitBlt
CreateCompatibleDC
GetTextAlign
SetStretchBltMode
GetDeviceCaps
GetRegionData
SelectClipRgn
StretchBlt
SetTextAlign
CreateCompatibleBitmap
OffsetClipRgn
OffsetRgn
CombineRgn
GetDCOrgEx
GetRandomRgn
ExtCreateRegion
GetStockObject
GetNearestColor
CreateSolidBrush
CreateRectRgn
CreateDIBSection
GetCurrentObject
ExcludeClipRect
RectVisible
DeleteDC
SetBkMode
CreateBitmapIndirect
CreatePatternBrush
SetBrushOrgEx
SetBkColor
SetTextColor
PatBlt
SelectObject
GetDIBits
DeleteObject

comdlg32

CommDlgExtendedError

advapi32

RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
DeleteService
ControlService
RegOpenKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
QueryServiceConfigW
RegCloseKey
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CreateServiceW
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
SetServiceStatus

shell32

DragFinish
ord16
DragQueryPoint
SHGetDesktopFolder
DragAcceptFiles
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
RevokeDragDrop
DoDragDrop
ReleaseStgMedium
RegisterDragDrop

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Everything.ini
Everything.ini.an8uxv2w
Everything2.ini.an8uxv2w
Everything32.dll
.dll windows x86

Password: virus

e2215ab9e77ac89648f9e4c61dfefbfc

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:0f:a0:91:94:b2:2d:c5:1d:00:65:31:c9:c1:61:04
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-12-2021 00:00

Not After

17-03-2025 23:59

Subject

CN=voidtools,O=voidtools,L=Wilmington,ST=South Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:db:2c:5e:01:d1:64:e3:39:ae:cc:3b:a7:1b:f5:36:de:be:92:47:1d:1b:95:2b:db:7d:55:d0:96:bf:72:74
Signer

Actual PE Digest

4e:db:2c:5e:01:d1:64:e3:39:ae:cc:3b:a7:1b:f5:36:de:be:92:47:1d:1b:95:2b:db:7d:55:d0:96:bf:72:74

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
InitializeCriticalSection
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
LoadLibraryW
DeleteCriticalSection
GetModuleHandleW
CloseHandle
WaitForSingleObject
CreateThread
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize

user32

GetClassInfoExW
RegisterClassExW
CreateWindowExW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
WaitMessage
DestroyWindow
PostQuitMessage
DefWindowProcW
FindWindowW
SendMessageW

Exports

Exports

Everything_CleanUp
Everything_DeleteRunHistory
Everything_Exit
Everything_GetBuildNumber
Everything_GetLastError
Everything_GetMajorVersion
Everything_GetMatchCase
Everything_GetMatchPath
Everything_GetMatchWholeWord
Everything_GetMax
Everything_GetMinorVersion
Everything_GetNumFileResults
Everything_GetNumFolderResults
Everything_GetNumResults
Everything_GetOffset
Everything_GetRegex
Everything_GetReplyID
Everything_GetReplyWindow
Everything_GetRequestFlags
Everything_GetResultAttributes
Everything_GetResultDateAccessed
Everything_GetResultDateCreated
Everything_GetResultDateModified
Everything_GetResultDateRecentlyChanged
Everything_GetResultDateRun
Everything_GetResultExtensionA
Everything_GetResultExtensionW
Everything_GetResultFileListFileNameA
Everything_GetResultFileListFileNameW
Everything_GetResultFileNameA
Everything_GetResultFileNameW
Everything_GetResultFullPathNameA
Everything_GetResultFullPathNameW
Everything_GetResultHighlightedFileNameA
Everything_GetResultHighlightedFileNameW
Everything_GetResultHighlightedFullPathAndFileNameA
Everything_GetResultHighlightedFullPathAndFileNameW
Everything_GetResultHighlightedPathA
Everything_GetResultHighlightedPathW
Everything_GetResultListRequestFlags
Everything_GetResultListSort
Everything_GetResultPathA
Everything_GetResultPathW
Everything_GetResultRunCount
Everything_GetResultSize
Everything_GetRevision
Everything_GetRunCountFromFileNameA
Everything_GetRunCountFromFileNameW
Everything_GetSearchA
Everything_GetSearchW
Everything_GetSort
Everything_GetTargetMachine
Everything_GetTotFileResults
Everything_GetTotFolderResults
Everything_GetTotResults
Everything_IncRunCountFromFileNameA
Everything_IncRunCountFromFileNameW
Everything_IsAdmin
Everything_IsAppData
Everything_IsDBLoaded
Everything_IsFastSort
Everything_IsFileInfoIndexed
Everything_IsFileResult
Everything_IsFolderResult
Everything_IsQueryReply
Everything_IsVolumeResult
Everything_QueryA
Everything_QueryW
Everything_RebuildDB
Everything_Reset
Everything_SaveDB
Everything_SaveRunHistory
Everything_SetMatchCase
Everything_SetMatchPath
Everything_SetMatchWholeWord
Everything_SetMax
Everything_SetOffset
Everything_SetRegex
Everything_SetReplyID
Everything_SetReplyWindow
Everything_SetRequestFlags
Everything_SetRunCountFromFileNameA
Everything_SetRunCountFromFileNameW
Everything_SetSearchA
Everything_SetSearchW
Everything_SetSort
Everything_SortResultsByPath
Everything_UpdateAllFolderIndexes

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Everything64.dll.an8uxv2w
sdel.exe
.exe windows x86

Password: virus

bf6d322bc62d8bd901e253f67bc61c4e

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:1c:5c:9f:72:a3:9e:12:e1:c2:e9:8c:6f:d9:e5:c5:2b:d4:68:27:9e:8d:06:2f:e4:46:6e:b0:42:f1:40:3c
Signer

Actual PE Digest

c9:1c:5c:9f:72:a3:9e:12:e1:c2:e9:8c:6f:d9:e5:c5:2b:d4:68:27:9e:8d:06:2f:e4:46:6e:b0:42:f1:40:3c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetLastError
WaitForSingleObject
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
FindClose
CloseHandle
GetTickCount
FormatMessageW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetDiskFreeSpaceW
RemoveDirectoryW
GetFullPathNameW
CreateFileW
VirtualFree
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileW
VerifyVersionInfoW
WriteConsoleW
SetFilePointerEx
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
VirtualAlloc
VerSetConditionMask
GetCommandLineW
GetModuleHandleW
GetStdHandle
LocalAlloc
LocalFree
GetVersionExW
GetProcAddress
LoadLibraryExW
SetLastError
GetModuleFileNameW
GetFileType
ReadConsoleW
HeapSize
HeapReAlloc
SetFileAttributesW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DecodePointer
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
EncodePointer
RaiseException
SetStdHandle
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
GetStringTypeW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetACP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
FlushFileBuffers
GetConsoleCP
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
FindFirstFileExA
FindFirstFileExW
FindNextFileA

user32

LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
SendMessageW
DialogBoxIndirectParamW
EndDialog

gdi32

StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage

comdlg32

PrintDlgW

advapi32

CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
CryptGenRandom

Sections

.text
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sdel64.exe
.exe windows x64

Password: virus

ceb40ad3a90a0866598c1a508afb7265

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:87:30:b0:af:47:67:c5:c7:31:f2:61:9c:80:75:67:e8:bf:a6:8c:93:d4:31:aa:5f:8e:9c:d3:6e:99:9b:1c
Signer

Actual PE Digest

03:87:30:b0:af:47:67:c5:c7:31:f2:61:9c:80:75:67:e8:bf:a6:8c:93:d4:31:aa:5f:8e:9c:d3:6e:99:9b:1c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetLastError
WaitForSingleObject
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
FindClose
CloseHandle
GetTickCount
FormatMessageW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetDiskFreeSpaceW
RemoveDirectoryW
GetFullPathNameW
CreateFileW
VirtualFree
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileW
VerifyVersionInfoW
WriteConsoleW
SetFilePointerEx
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
VirtualAlloc
VerSetConditionMask
GetCommandLineW
GetModuleHandleW
GetStdHandle
LocalAlloc
LocalFree
GetVersionExW
GetProcAddress
LoadLibraryExW
SetLastError
GetModuleFileNameW
GetFileType
ReadConsoleW
HeapSize
HeapReAlloc
SetFileAttributesW
SetUnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
RtlUnwind
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
EncodePointer
RaiseException
RtlPcToFileHeader
SetStdHandle
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
GetStringTypeW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetACP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
FlushFileBuffers
GetConsoleCP
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
FindFirstFileExA
FindFirstFileExW
FindNextFileA

user32

LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
SendMessageW
DialogBoxIndirectParamW
EndDialog

gdi32

StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage

comdlg32

PrintDlgW

advapi32

CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
CryptGenRandom

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
session.tmp

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: virus

Password: virus

b06a5d19aad48d0a521642c823535f92

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 652KB - Virtual size: 651KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 2KB - Virtual size: 28KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 28KB

Password: virus

ec5356d8e0f77a28432ffd3fb34115c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

ws2_32

iphlpapi

netapi32

mpr

rstrtmgr

everything32

bcrypt

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 457KB - Virtual size: 456KB

.data Size: 14KB - Virtual size: 32KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 65KB - Virtual size: 64KB

Password: virus

bb26afe15301b5fc5c7803c1150db133

Code Sign

0e:ae:3b:a4:9c:f8:c1:7c:12:57:cd:df:59:7d:a8:47Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

09:ba:fc:59:ba:b6:87:e2:7c:0e:ba:b8:55:aa:39:cd:39:a3:8b:7d:65:c3:27:71:59:bd:9c:62:b8:8c:f2:02Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

ws2_32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

.text
Size: 652KB - Virtual size: 651KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 2KB - Virtual size: 28KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 28KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 457KB - Virtual size: 456KB

.data
Size: 14KB - Virtual size: 32KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 65KB - Virtual size: 64KB

0e:ae:3b:a4:9c:f8:c1:7c:12:57:cd:df:59:7d:a8:47
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

09:ba:fc:59:ba:b6:87:e2:7c:0e:ba:b8:55:aa:39:cd:39:a3:8b:7d:65:c3:27:71:59:bd:9c:62:b8:8c:f2:02
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 231KB - Virtual size: 230KB

.data
Size: 56KB - Virtual size: 60KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 58KB - Virtual size: 57KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:0f:a0:91:94:b2:2d:c5:1d:00:65:31:c9:c1:61:04
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

4e:db:2c:5e:01:d1:64:e3:39:ae:cc:3b:a7:1b:f5:36:de:be:92:47:1d:1b:95:2b:db:7d:55:d0:96:bf:72:74
Signer

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 4KB

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

c9:1c:5c:9f:72:a3:9e:12:e1:c2:e9:8c:6f:d9:e5:c5:2b:d4:68:27:9e:8d:06:2f:e4:46:6e:b0:42:f1:40:3c
Signer

.text
Size: 258KB - Virtual size: 257KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 9KB

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

03:87:30:b0:af:47:67:c5:c7:31:f2:61:9c:80:75:67:e8:bf:a6:8c:93:d4:31:aa:5f:8e:9c:d3:6e:99:9b:1c
Signer