b662f6771d488f1c51ce50746a0b90a483522410b010b5ab966f4754a3f367a7

Sharing

Copy URL Twitter E-mail

General

Target

b662f6771d488f1c51ce50746a0b90a483522410b010b5ab966f4754a3f367a7
Size

9.4MB
MD5

c38f7eed0076308045be12aa1441f06c
SHA1

4164d57b990f5b704469adbb8ed3d743f250eb76
SHA256

b662f6771d488f1c51ce50746a0b90a483522410b010b5ab966f4754a3f367a7
SHA512

06894463808f42860101b1349b9170e98c9440cb6d1dfb062822d29ad86a6efb4cbbdbadd2bb7ab0957e48e991d9e129bcd2903bbfa7a282cd5f6da1738e2887
SSDEEP

196608:LNnSkC01sxLbSvhYcSrCO+2KsN9j3p79Un6mJ1UsZ:LNSkCRVbSvCCoJJ9U6mJf

Score

1^/10

Malware Config

Signatures

Files

b662f6771d488f1c51ce50746a0b90a483522410b010b5ab966f4754a3f367a7
.dll regsvr32 windows x86

8a70446b846d35f4719d149757b311c1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:61:1c:8e:b8:a1:e9:b6:53:07:c1:76:04:88:1a:df
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/05/2022, 00:00

Not After

01/05/2024, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:ee:2c:5f:ca:5b:06:55:99:75:5c:31:dd:7a:f7:f0:7b:75:74:1f:96:f3:86:e3:dc:92:bf:85:69:17:cb:54
Signer

Actual PE Digest

16:ee:2c:5f:ca:5b:06:55:99:75:5c:31:dd:7a:f7:f0:7b:75:74:1f:96:f3:86:e3:dc:92:bf:85:69:17:cb:54

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetProcessImageFileNameW

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeSetEvent
waveInGetPosition
waveOutRestart
waveOutPause
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerClose
waveOutGetNumDevs
waveOutGetDevCapsW
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInReset
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
timeGetTime
mixerSetControlDetails
timeKillEvent
mixerOpen
mixerGetDevCapsA
waveInMessage
waveOutMessage
waveOutGetDevCapsA
mixerGetID
waveInGetDevCapsA

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetConnectA
InternetReadFile
InternetCloseHandle

crypt32

CryptVerifyMessageSignature
CryptGetMessageCertificates
CertCompareCertificate
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertFreeCertificateContext
CertCreateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext

oleaut32

LoadRegTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
SysFreeString
LoadTypeLi
SysStringLen

urlmon

CopyStgMedium

dsound

ord8
ord1

kernel32

DuplicateHandle
SetThreadPriority
TerminateThread
CreateWaitableTimerW
GetTempPathA
GetTempFileNameA
DeleteFileA
OpenThread
QueueUserAPC
SleepEx
GetModuleHandleExW
SetCurrentDirectoryW
GetCurrentDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
CompareFileTime
GetLongPathNameW
GetFileInformationByHandle
GetFileSizeEx
DeviceIoControl
SetFilePointerEx
lstrlenW
GetModuleFileNameA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetSystemWow64DirectoryW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesA
GetFileAttributesExW
GetVolumeInformationW
FreeResource
SizeofResource
OpenFile
_lwrite
_lclose
FindResourceA
GetEnvironmentVariableA
GetCurrentDirectoryA
TlsAlloc
TlsFree
FormatMessageW
GetStdHandle
GetFileType
GetSystemTimeAsFileTime
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetEnvironmentVariableW
GetConsoleMode
FindClose
ReadConsoleW
SetConsoleMode
SetConsoleCtrlHandler
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
GetStartupInfoW
UnhandledExceptionFilter
GetStringTypeW
LoadLibraryExA
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetExitCodeThread
OutputDebugStringW
ExitProcess
CancelIo
CreateNamedPipeW
GetNamedPipeInfo
ConnectNamedPipe
VirtualProtect
HeapWalk
HeapUnlock
HeapLock
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCurrencyFormatW
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
CompareStringW
GetProcessHeap
HeapFree
HeapAlloc
VerifyVersionInfoA
GetVersion
GetVersionExA
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerA
CreateEventA
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
UnregisterWaitEx
RegisterWaitForSingleObject
CreateToolhelp32Snapshot
GetModuleHandleExA
TerminateProcess
OpenProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetNativeSystemInfo
IsDebuggerPresent
GetCommandLineW
CreateProcessW
FormatMessageA
InterlockedExchangeAdd
CreateFileMappingW
CreateMutexW
CreateFileMappingA
CreateMutexA
ReleaseMutex
GetTempFileNameW
CreateSemaphoreW
ReleaseSemaphore
OutputDebugStringA
SystemTimeToFileTime
GetTimeZoneInformation
GetSystemTime
FindNextFileW
FindFirstFileW
EncodePointer
GetTempPathW
SetUnhandledExceptionFilter
GetUserDefaultLangID
GetUserDefaultUILanguage
VerifyVersionInfoW
MoveFileExW
DeleteFileW
GetFileAttributesW
CreateFileW
CreateFileA
GetSystemDirectoryW
GetSystemDirectoryA
FindResourceExW
FindResourceExA
CreateProcessA
SetFilePointer
ReadFile
WriteFile
GetFileSize
LoadResource
CreateThread
VirtualQuery
GlobalFree
LockResource
VerSetConditionMask
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
UnmapViewOfFile
MapViewOfFile
GetCurrentProcess
GetProcessTimes
GetModuleFileNameW
SetLastError
GetLocaleInfoW
LCMapStringW
GetTickCount
GetSystemInfo
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
SwitchToThread
RaiseException
DecodePointer
WaitForMultipleObjects
GetLastError
FreeLibrary
GetVersionExW
CreateEventW
CloseHandle
WaitForSingleObject
ResetEvent
SetEvent
GetModuleHandleW
SetThreadAffinityMask
GetCurrentThread
IsDBCSLeadByte
GetCPInfo
GetACP
TlsSetValue
MultiByteToWideChar
ExitThread
HeapSize
GetProcessAffinityMask
GetCurrentProcessId
InterlockedDecrement
GetModuleHandleA
LoadLibraryW
LoadLibraryA
GetProcAddress
DebugBreak
TryEnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TlsGetValue
Sleep
InterlockedCompareExchange
InterlockedExchange
GetDriveTypeW
PeekNamedPipe
GetConsoleCP
FreeLibraryAndExitThread
HeapReAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEndOfFile
GetThreadTimes
Thread32First
Thread32Next
ReadConsoleA

user32

IsZoomed
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
MoveWindow
GetActiveWindow
GetSystemMenu
DeleteMenu
InvalidateRect
GetWindowTextW
GetWindowTextLengthW
MapWindowPoints
GetWindow
EnumDisplaySettingsW
WaitForInputIdle
UnregisterClassA
GetMessageTime
AttachThreadInput
EnableWindow
CheckMenuItem
RegisterClassA
GetAncestor
SetParent
SetActiveWindow
SetWinEventHook
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
GetClassNameA
FindWindowExW
RemovePropW
RegisterClassW
GetUpdateRect
UpdateWindow
PostMessageA
RegisterWindowMessageA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetSubMenu
BeginPaint
EndPaint
MessageBoxW
SetCursorPos
GetCursorPos
WindowFromPoint
GetProcessWindowStation
GetDoubleClickTime
CreateWindowExW
DestroyWindow
ShowWindow
UnregisterClassW
OffsetRect
MonitorFromWindow
GetForegroundWindow
GetDesktopWindow
SetRect
UpdateLayeredWindow
GetWindowRect
GetWindowLongW
EnumDisplayDevicesA
ActivateKeyboardLayout
GetKeyboardLayout
DefWindowProcW
SendInput
ClientToScreen
PostQuitMessage
CallWindowProcW
RegisterClassExW
GetClassInfoExW
SetWindowLongW
LoadCursorW
SetFocus
CopyRect
GetWindowInfo
GetDC
ReleaseDC
RegisterClipboardFormatA
GetClipboardFormatNameA
SendMessageW
CreateWindowExA
GetFocus
GetQueueStatus
GetCapture
SetCapture
ReleaseCapture
SetTimer
EnableMenuItem
KillTimer
SendMessageTimeoutW
PostMessageW
SetWindowPos
DialogBoxParamW
DialogBoxIndirectParamW
EndDialog
GetDlgItem
GetKeyState
GetSystemMetrics
GetUserObjectInformationW
ValidateRect
RedrawWindow
SetPropW
GetPropW
SetWindowTextA
SetWindowTextW
GetClientRect
MessageBoxA
SetCursor
GetCursor
ScreenToClient
FillRect
SetRectEmpty
InflateRect
PtInRect
GetParent
FlashWindowEx
ShowWindowAsync
SetCaretPos
ShowCaret
DestroyCaret
CreateCaret
EnumDisplayDevicesW
IsClipboardFormatAvailable
EmptyClipboard
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetWindowThreadProcessId
IsWindow
PeekMessageW
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
RemoveMenu
SetMenuInfo
TrackPopupMenu
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
MapVirtualKeyW
ToAscii
GetKeyboardState
CharLowerW
CharUpperW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CloseWindow
GetMonitorInfoW
SystemParametersInfoW
LoadStringW
CreateIconIndirect
LoadImageW
DestroyIcon
LoadIconW

gdi32

GetTextColor
GetTextAlign
GetTextCharacterExtra
GetTextExtentPoint32A
GetTextExtentPoint32W
GetCurrentObject
GetClipRgn
GetBkMode
GetBkColor
EnumFontFamiliesA
CreateRectRgn
CreatePen
CreateFontIndirectA
GetICMProfileA
SetPixel
GetStockObject
CreateDCA
CreateBitmap
EnumFontFamiliesW
ExtTextOutW
GetObjectW
CreateDIBSection
GdiAlphaBlend
SetStretchBltMode
StretchBlt
SetBkColor
SelectObject
GetStretchBltMode
DeleteObject
CreateCompatibleBitmap
BitBlt
GdiFlush
DeleteDC
CreateCompatibleDC
PolyBezierTo
GetDIBits
GetClipBox
RectVisible
RealizePalette
SelectPalette
IntersectClipRect
LineTo
SelectClipRgn
SetBkMode
SetGraphicsMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
GetTextMetricsW
GetWorldTransform
SetWorldTransform
MoveToEx
ExtTextOutA
DPtoLP
CreatePalette
GetSystemPaletteEntries
CreateSolidBrush
Rectangle
RestoreDC
SaveDC
SetPolyFillMode
EnumFontFamiliesExW
GetFontData
CreateDCW
StretchDIBits
StartDocW
EndDoc
StartPage
EndPage
BeginPath
EndPath
FillPath
SelectClipPath
StrokePath
ExtCreatePen
GetDeviceCaps
CreateFontIndirectW
LPtoDP

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW
PrintDlgExW
PrintDlgW

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextA
RegOpenKeyA
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

SHFileOperationW
SHGetPathFromIDListW
SHGetFolderPathA
SHGetFolderLocation
SHBrowseForFolderW
SHGetSettings
SHAppBarMessage
ord165
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetDiskFreeSpaceExW
ShellExecuteW

ole32

OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
ReleaseStgMedium
OleUninitialize
CoInitialize
CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
OleInitialize
CreateBindCtx
MkParseDisplayName
PropVariantClear
CoUninitialize
CoTaskMemAlloc

ws2_32

WSACleanup
WSAStartup
socket
__WSAFDIsSet
bind
connect
getsockname
htonl
htons
inet_addr
inet_ntoa
closesocket
select
ioctlsocket
WSAGetLastError
getnameinfo
freeaddrinfo
getaddrinfo
getsockopt
shutdown
getpeername
gethostname
WSAAddressToStringA
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSASetLastError
getservbyname
getservbyport
ntohs
recv
recvfrom
WSAAsyncSelect
WSAIoctl
ntohl
WSASocketW
send
sendto
setsockopt
gethostbyaddr
gethostbyname

shlwapi

UrlCanonicalizeW
AssocQueryStringW
StrRStrIW
StrStrIW
PathRemoveFileSpecA

mscms

TranslateBitmapBits
CloseColorProfile
OpenColorProfileW
DeleteColorTransform
CreateColorTransformW

imm32

ImmGetContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetConversionStatus
ImmSetConversionStatus
ImmGetOpenStatus
ImmSetOpenStatus
ImmSetCompositionFontW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmReleaseContext

winspool.drv

GetPrinterW
OpenPrinterW
ClosePrinter

Exports

Exports

BrokerMainW
DllRegisterServer
DllUnregisterServer
FlashPlayer_34_0_0_295_FlashPlayer
Flash_DisableLocalSecurity
Flash_EnforceLocalSecurity
Java_ShockwaveFlash_CurrentFrame_stub
Java_ShockwaveFlash_FlashVersion_stub
Java_ShockwaveFlash_FrameLoaded_stub
Java_ShockwaveFlash_GetVariable_stub
Java_ShockwaveFlash_GotoFrame_stub
Java_ShockwaveFlash_IsPlaying_stub
Java_ShockwaveFlash_LoadMovie_stub
Java_ShockwaveFlash_Pan_stub
Java_ShockwaveFlash_PercentLoaded_stub
Java_ShockwaveFlash_Play_stub
Java_ShockwaveFlash_SetVariable_stub
Java_ShockwaveFlash_SetZoomRect_stub
Java_ShockwaveFlash_StopPlay_stub
Java_ShockwaveFlash_TCallFrame_stub
Java_ShockwaveFlash_TCallLabel_stub
Java_ShockwaveFlash_TCurrentFrame_stub
Java_ShockwaveFlash_TCurrentLabel_stub
Java_ShockwaveFlash_TGetProperty_stub
Java_ShockwaveFlash_TGotoFrame_stub
Java_ShockwaveFlash_TGotoLabel_stub
Java_ShockwaveFlash_TPlay_stub
Java_ShockwaveFlash_TSetProperty_stub
Java_ShockwaveFlash_TStopPlay_stub
Java_ShockwaveFlash_TotalFrames_stub
Java_ShockwaveFlash_Zoom_stub
NP_Acrobat_GetEntryPoints
NP_Acrobat_Initialize
NP_GetEntryPoints
NP_Initialize
NP_SetBrokerClient
NP_SetNPAPIHostProxy
NP_Shutdown
native_ShockwaveFlash_CurrentFrame
native_ShockwaveFlash_FlashVersion
native_ShockwaveFlash_FrameLoaded
native_ShockwaveFlash_GetVariable
native_ShockwaveFlash_GotoFrame
native_ShockwaveFlash_IsPlaying
native_ShockwaveFlash_LoadMovie
native_ShockwaveFlash_Pan
native_ShockwaveFlash_PercentLoaded
native_ShockwaveFlash_Play
native_ShockwaveFlash_SetVariable
native_ShockwaveFlash_SetZoomRect
native_ShockwaveFlash_StopPlay
native_ShockwaveFlash_TCallFrame
native_ShockwaveFlash_TCallLabel
native_ShockwaveFlash_TCurrentFrame
native_ShockwaveFlash_TCurrentLabel
native_ShockwaveFlash_TGetProperty
native_ShockwaveFlash_TGotoFrame
native_ShockwaveFlash_TGotoLabel
native_ShockwaveFlash_TPlay
native_ShockwaveFlash_TSetProperty
native_ShockwaveFlash_TStopPlay
native_ShockwaveFlash_TotalFrames
native_ShockwaveFlash_Zoom
register_ShockwaveFlash
unregister_ShockwaveFlash
unuse_ShockwaveFlash
unuse_netscape_plugin_Plugin
use_ShockwaveFlash
use_netscape_plugin_Plugin

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a70446b846d35f4719d149757b311c1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:61:1c:8e:b8:a1:e9:b6:53:07:c1:76:04:88:1a:dfCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

16:ee:2c:5f:ca:5b:06:55:99:75:5c:31:dd:7a:f7:f0:7b:75:74:1f:96:f3:86:e3:dc:92:bf:85:69:17:cb:54Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

version

winmm

wininet

crypt32

oleaut32

urlmon

dsound

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

shlwapi

mscms

imm32

winspool.drv

Exports

Exports

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 102KB - Virtual size: 1.0MB

.gfids Size: 1024B - Virtual size: 544B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 347KB - Virtual size: 346KB

.reloc Size: 275KB - Virtual size: 275KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:61:1c:8e:b8:a1:e9:b6:53:07:c1:76:04:88:1a:df
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

16:ee:2c:5f:ca:5b:06:55:99:75:5c:31:dd:7a:f7:f0:7b:75:74:1f:96:f3:86:e3:dc:92:bf:85:69:17:cb:54
Signer

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 102KB - Virtual size: 1.0MB

.gfids
Size: 1024B - Virtual size: 544B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 347KB - Virtual size: 346KB

.reloc
Size: 275KB - Virtual size: 275KB