Nova pasta[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Nova pasta.zip
Size

37.0MB
MD5

7a27bf281f883135a77689b471ea6712
SHA1

6dfbcfa74302e7dc1140790aef8e3d9481fa0e08
SHA256

66e6e687e685d9425668b3f86d4578b09b4b99e96bab8686bccb01a6c060edd0
SHA512

7cf014c1094fd160f314d7650282db75bd6060ef3417023f2f1f9b735743409eed4df7473c7b61ea12daf0f32b4099be0639d5c0db04e8da1adefa600a6daa65
SSDEEP

786432:eY3wtSaRK9aTfeiuim8+uqzauvIKOyTpryqHehePvm09gIPmnoUda:e0URK9SeiuimhDzXv11VicmnI+Xda

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nova pasta/Google.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/Nova pasta/fiddler2setup.exe	nsis_installer_1
static1/unpack001/Nova pasta/fiddler2setup.exe	nsis_installer_2

Files

Nova pasta.zip
.zip
Nova pasta/Google.exe
.exe windows:6 windows x64

00ec79d38140327a3c9e9df18f0ee262

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSectionEx
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowThreadProcessId
CharUpperBuffW

advapi32

OpenProcessToken

msvcp140

??1_Lockit@std@@QEAA@XZ

winhttp

WinHttpOpen

ntdll

RtlVirtualUnwind

normaliz

IdnToAscii

wldap32

ord41

crypt32

CertAddCertificateContextToStore

ws2_32

getpeername

rpcrt4

RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-math-l1-1-0

_dclass

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-time-l1-1-0

_time64

shell32

ShellExecuteA

Exports

Exports

�6�� a؄��S��@P_kvr��ѪL;8�zX�=*nj��sު��ƕA+��k^�dS�آF�]hWW��K�&f��D[��@�J� u��-c�㢝@,|}a��yE� X`1Y��_��C�ë��#�2W�cFG\Ԏ��<X�ĭGn��M7�Kv�X��Ο�ڶ�5�d\�=��X��<�59 �l-�%�x��zXw�N:��+%�&��]�� |��0�`h��b�Z�\��"Sn��SK!�2+�m�p�͙C��M��;&�,~8�eF��WR�b�B��ׯ� +��*~h��S�!?@|��ї�M��P !��)�� J[f�)5|d+yYҶw�=��5�u`�Z��k�vd��FN��]�&�4w[��%v`��*��7`�%@�эW��{2�fƩQ��i��I�?1�ǝ�័ˍ��9��N��DvA��#"��u�/5*yz{�S�mi��j�N�VX��f&r�{��$L�橤L��i�J��=M��G��g>u�<�&��P�Pv�=��b��=m��7?�q֠n|��/��jW�wܦ-�YX�h�~�g�S��_�=fX�rIT��m�R��Q�c��H��0�V��@E�s��ǆm7��QE+|�^La2TT��M9㺎�s�p��hU�}{��&��Ǧ&�E�7��ϓN��ԗ�xƇv��M�&S&#�D��k��] Y+_��'~lO?�h]��xxM&��n&�a�1J��4%��E["?��\�A�t�y��'��T��f�:.�W*��l��fn��@�U|��;��8P�C�Ҭ��KF �خ'l|�<A��|N��r@ �ʀ�H��i�R�p/�]��+s"��3%��NR��)}�26@u[�se�}�_�M��k�``��vXP�͸n�>go ��9#�(~��A�� X$Oa��O#m}!��ۓr}mu7C!mfasi�M��48��JN��ȗ�PO��J��3�7_�ys��ʣ��H��o�Q�"77�4��X*�%p�EI*�N��*l��ؘB=�%��{�R^P�U9tj>�� "վ!_񴬯��Nsқb�x=�>&#�HR��Rx�>"��,��`��W_H삐>��ŷu��O�Ӷn$�X4�S�L��J%�<|�� } ��̘�ڣ��\5lS2s�/��C�O� �� $B��L��n��K��-�勈ƪ��Eb�v5�fݵ��z��o_;�A��X��Ha��$٪TmOB��$�n:��-Q��.Hq��8U��sD�"�v�~�8�vǣ� %��A�>'�@��f/K��/�U�b��r�̀jOW��Wj�>z<��jS��%{W�d̃�� 7��QsO��ר\��FmTм@�]��u�5H3�r�۲<�B�CY%is.��A_±fLWq�#W,zI��'�p@��T��C�J�+Tf�}�*�8-��9ʂ��>΃p��nee�2�4{zX�a�}P<��h�<3��rZ��d�ر��Y'ȸ��+��=�,�d��V@�bZ�r��"��p�]��% 6��7r{X 'n��NR��ܰ��k��u�� Ff��?��,=z.�iL��}F�d�|��i�l �`�ʎ-��_�.�P��B`�6|8�[�!��#h��-��X1��d�}i��%�[�Bg�W�{�jn�D��p+�V��ޞ�JJ䚣"��&D��Y��~�ռ��'��%.˸U-�ͱ��:��=�4��w��9��c��[��*��fѺƵ�51%�ٰ��Ҍ��Ohg�\]6�� '�u�J��o��r]�i�/�.��"hto/s�ƴ�ܺ�ǵ':��M�f��\Փ:��=6��8��>\5�'�P�� w� � r�ހ�W��(�]�*��sZ~i� �0͒�S��O�w8n~(��R$��<��sOu��G��G��8h��S��W��V�"}�,�O��fEL�JG�4�c/a9�Q(�"G˨Ǳ*6�� ֱ~�?e��v��,M7��8��ւ&��4:��a �z�� -V��%�1[��o��# /ɝr�Q��;�I ��.�B��_Z��O_.��"��^i��-��,��s�y��.�v�-W\Hɖ��}X��P��s��P.�?��u�Dhhg3=�M�"_U_�'y�-}�d�V��}��4F��?̪I /zQ��DA�D}��[_��xMNKy��#$�_#��bh<q�W��ӊ� ��T��0g�/'�m⛌wp6�`j`y�6��"ȟ��wÕ�D,]U�w��_B�-8� w.T@��NI�7��~ ӎ��A,Hdm� �4��Z��o.j��&�hXLq��v/^p&)>5*��V��X�}�8<�q�rkE�q��=��O1��&Z��eDT�.��M�\ǒ�O�"s(��'I�M��d��Pw��\&��j�)$n4��X��+�8�V+��۞'�Xd�a��˜-�gmOo&�(G��A��S�.Z��!��>=��yO�Z��=K��_�Ӎ~��%�� o.��s| S��4��8��4SnE��K�W�~��r2��'�e��zY�1��@[��L��<�j)d�C�̧�^œ4�~��'�g��g"Z}hP{�e��vT�� K�S醒yV:X;�#[�x�^��R�t��:M��oc��䚌ф'}8�Gi��cs�YekЦ�1�9B�a�A8�1�Ú��y#�U펂�ck�~�֭��c�Tb29T��ڝ�Z�&��WG&_W^��@�t��6gJE�

Sections

.text
Size: - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dpE
Size: - Virtual size: 16.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.h6N
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.G1+
Size: 22.8MB - Virtual size: 22.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Nova pasta/ProcMon/Eula.txt
Nova pasta/ProcMon/Procmon.exe
.exe windows:6 windows x86

166e1e85a7db932839e06e3ddf6769df

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:83:c5:99:db:dc:9e:e6:be:77:37:5c:a1:5b:a4:bf:e8:c5:fa:a9:de:d6:39:df:5a:cd:4c:25:a8:03:9a:1e
Signer

Actual PE Digest

b1:83:c5:99:db:dc:9e:e6:be:77:37:5c:a1:5b:a4:bf:e8:c5:fa:a9:de:d6:39:df:5a:cd:4c:25:a8:03:9a:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getsockname
listen
recv
send
closesocket
gethostbyname
WSAGetLastError
ntohs
WSAStartup
htonl
inet_addr
inet_ntoa
bind
connect
accept
htons
socket
gethostbyaddr
WSASetLastError
getservbyname
getservbyport

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

ImageList_SetBkColor
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_GetImageCount
ImageList_DrawIndirect
CreateStatusWindowW
ImageList_SetOverlayImage
InitCommonControlsEx
ImageList_Add
ImageList_Draw
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Destroy

fltlib

FilterSendMessage
FilterGetMessage
FilterReplyMessage
FilterConnectCommunicationPort

kernel32

GetCurrentProcess
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
GetFileSize
SetFilePointer
CreateFileMappingW
UnmapViewOfFile
LoadLibraryExA
GetFullPathNameW
GlobalMemoryStatusEx
FreeResource
Sleep
CreateThread
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
InitializeCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsW
GetCurrentDirectoryW
SetFileAttributesW
GetSystemDirectoryW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
GetSystemInfo
RaiseException
InitializeCriticalSectionEx
GlobalAddAtomW
EnumResourceNamesW
CompareStringW
GetLocaleInfoW
lstrcmpW
lstrcmpiW
MultiByteToWideChar
SetEndOfFile
TryEnterCriticalSection
MapViewOfFile
FileTimeToLocalFileTime
LocalFileTimeToFileTime
ReadFile
FormatMessageW
FileTimeToSystemTime
SystemTimeToFileTime
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapCreate
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventW
WaitForMultipleObjects
CreateSemaphoreW
SetThreadPriority
GetComputerNameA
GetFileAttributesExW
DecodePointer
GetCurrentProcessId
SetProcessShutdownParameters
GetComputerNameW
SetConsoleCtrlHandler
OpenThread
GetSystemDirectoryA
TrySubmitThreadpoolCallback
LoadLibraryA
FindClose
FindFirstFileW
FindNextFileW
SetEnvironmentVariableW
ExpandEnvironmentStringsA
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
WideCharToMultiByte
GetStringTypeW
LCMapStringEx
OpenProcess
CreateProcessW
TerminateProcess
ExitProcess
WaitForSingleObject
GetLastError
GetEnvironmentVariableW
VerifyVersionInfoW
lstrlenW
MulDiv
LoadLibraryW
FreeLibrary
GetCPInfo
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetConsoleCP
ExitThread
FreeLibraryAndExitThread
CreateRemoteThreadEx
GetThreadId
ResumeThread
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetTempPathW
WriteFile
GetTempFileNameW
DeleteFileW
CreateFileW
VerSetConditionMask
GetModuleFileNameW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetFileAttributesW
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
SetLastError
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetCurrentDirectoryW
InitializeSListHead
LCMapStringW

user32

GetKeyState
GetUpdateRect
GetUpdateRgn
ScrollWindowEx
IntersectRect
GetClassLongW
EqualRect
FlashWindowEx
LoadStringA
DrawEdge
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetMessagePos
PostQuitMessage
GetWindowPlacement
SetWindowPlacement
CheckRadioButton
CharLowerW
LoadAcceleratorsW
CreatePopupMenu
RemoveMenu
InsertMenuItemW
SetRectEmpty
ChildWindowFromPoint
FindWindowExW
FindWindowW
SetForegroundWindow
IsIconic
WaitForInputIdle
CreateIconFromResourceEx
GetDlgItemInt
GetActiveWindow
RegisterWindowMessageW
GetAsyncKeyState
SetWindowTextA
EnumChildWindows
UnionRect
GetPropW
SetPropW
DrawFrameControl
CheckMenuRadioItem
SetRect
WindowFromPoint
ClientToScreen
AdjustWindowRectEx
SetMenuDefaultItem
GetMenuItemInfoW
DeleteMenu
AppendMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
EnableMenuItem
DestroyMenu
LoadMenuW
GetCapture
SetFocus
GetDlgCtrlID
SetDlgItemInt
CreateDialogParamW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetClassInfoExW
RegisterClassExW
UnregisterClassW
UnregisterHotKey
RegisterHotKey
TrackMouseEvent
MonitorFromPoint
IsDialogMessageW
MapWindowPoints
GetCursor
GetCursorPos
GetFocus
LoadStringW
LoadIconW
MessageBeep
SetActiveWindow
GetDesktopWindow
DialogBoxParamW
LoadImageW
GetWindow
MessageBoxW
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
DestroyWindow
IsWindow
GetWindowRect
SetDlgItemTextW
GetAncestor
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetScrollInfo
DrawIconEx
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
GetParent
SetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
GetClientRect
GetForegroundWindow
SetMenuItemInfoW
SetMenuInfo
GetMenuInfo
ModifyMenuW
InsertMenuW
CheckMenuItem
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
CharNextW
GetWindowTextLengthW
GetWindowTextW
ShowScrollBar
SetScrollPos
RedrawWindow
ValidateRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
DrawTextW
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
KillTimer
SetTimer
ReleaseCapture
SetCapture
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
CreateWindowExW
CallWindowProcW
IsMenu
GetIconInfo
GetWindowThreadProcessId
DefWindowProcW
PostMessageW
GetSysColor
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SendMessageW
SetScrollInfo

gdi32

RestoreDC
SetBrushOrgEx
SetPixel
PatBlt
SaveDC
SetROP2
GetPixel
ExcludeClipRect
CreatePatternBrush
CreateBitmap
SelectClipRgn
RectInRegion
GetBkMode
CreateRectRgnIndirect
SetBkMode
CreateRectRgn
GdiFlush
GetCurrentObject
CreateFontW
GetObjectW
GetBitmapBits
GetBkColor
CreateDIBSection
SetViewportOrgEx
Polyline
Polygon
ExtTextOutW
TextOutW
MoveToEx
GetTextMetricsW
SetMapMode
GetDeviceCaps
SetTextColor
SetBkColor
SelectObject
Rectangle
LineTo
GetTextExtentPoint32W
GetStockObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
CreateSolidBrush
EndPage
StartPage
EndDoc
StartDocW
SetTextAlign

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
PrintDlgW
FindTextW

advapi32

RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
ConvertStringSidToSidW
ConvertSidToStringSidW
RegSetValueW
RegEnumKeyW
LookupAccountSidW
MapGenericMask
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegCreateKeyW
RegOpenKeyExW
RegOpenKeyW
RegCloseKey

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
CommandLineToArgvW
SHChangeNotify
SHBrowseForFolderW
ExtractIconExW
SHGetMalloc
DragQueryFileW
ShellExecuteExW
SHGetFileInfoW

ole32

CoTaskMemFree
RegisterDragDrop
ReleaseStgMedium
CoTaskMemRealloc
OleUninitialize
CreateBindCtx
OleInitialize
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

oleaut32

SysFreeString
SysStringLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantInit
VariantClear
VariantChangeType
SysAllocStringByteLen
VarUI4FromStr
VariantTimeToSystemTime
SysAllocStringLen
SafeArrayGetElement

shlwapi

SHAutoComplete

uxtheme

IsAppThemed
SetWindowTheme
IsThemeActive

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

ntdll

RtlGetVersion

Sections

.text
Size: 867KB - Virtual size: 867KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nova pasta/ProcMon/Procmon64.exe
.exe windows:6 windows x64

381cf317942d96a51decedde64f16383

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-03-2023 18:43

Not After

14-03-2024 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:01:98:91:5e:5b:6c:eb:79:53:b0:2f:b2:7a:0a:d0:01:36:fc:62:2b:6d:4d:28:2e:26:47:41:0f:89:db:7f
Signer

Actual PE Digest

09:01:98:91:5e:5b:6c:eb:79:53:b0:2f:b2:7a:0a:d0:01:36:fc:62:2b:6d:4d:28:2e:26:47:41:0f:89:db:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

recv
listen
getsockname
send
socket
connect
WSAGetLastError
ntohs
WSAStartup
htonl
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
closesocket
htons
bind
accept
gethostbyname
WSASetLastError

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

ImageList_SetBkColor
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_GetImageCount
ImageList_DrawIndirect
CreateStatusWindowW
ImageList_SetOverlayImage
InitCommonControlsEx
ImageList_Add
ImageList_Draw
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Destroy

fltlib

FilterSendMessage
FilterGetMessage
FilterReplyMessage
FilterConnectCommunicationPort

kernel32

IsWow64Process
GetCurrentProcess
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
GetFileSize
SetFilePointer
CreateFileMappingW
UnmapViewOfFile
LoadLibraryExA
GetFullPathNameW
GlobalMemoryStatusEx
FreeResource
Sleep
CreateThread
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
InitializeCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsW
GetCurrentDirectoryW
SetFileAttributesW
GetSystemDirectoryW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
GetSystemInfo
RaiseException
InitializeCriticalSectionEx
GlobalAddAtomW
EnumResourceNamesW
SetCurrentDirectoryW
CompareStringW
GetLocaleInfoW
lstrcmpiW
MultiByteToWideChar
SetEndOfFile
TryEnterCriticalSection
MapViewOfFile
FileTimeToLocalFileTime
LocalFileTimeToFileTime
ReadFile
FormatMessageW
FileTimeToSystemTime
SystemTimeToFileTime
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapCreate
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventW
WaitForMultipleObjects
CreateSemaphoreW
SetThreadPriority
GetComputerNameA
GetFileAttributesExW
DecodePointer
GetCurrentProcessId
SetProcessShutdownParameters
GetComputerNameW
SetConsoleCtrlHandler
OpenThread
GetSystemDirectoryA
TrySubmitThreadpoolCallback
LoadLibraryA
FindClose
FindFirstFileW
FindNextFileW
SetEnvironmentVariableW
ExpandEnvironmentStringsA
EncodePointer
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
InterlockedPushEntrySList
WideCharToMultiByte
GetStringTypeW
LCMapStringEx
GetCPInfo
RtlPcToFileHeader
RtlUnwindEx
TlsAlloc
OpenProcess
CreateProcessW
TerminateProcess
ExitProcess
WaitForSingleObject
GetLastError
GetEnvironmentVariableW
VerifyVersionInfoW
lstrlenW
MulDiv
LoadLibraryW
FreeLibrary
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
GetModuleHandleExW
GetConsoleCP
ExitThread
FreeLibraryAndExitThread
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CreateRemoteThreadEx
GetThreadId
ResumeThread
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetTempPathW
WriteFile
GetTempFileNameW
DeleteFileW
CreateFileW
VerSetConditionMask
GetModuleFileNameW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetFileAttributesW
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
SetLastError
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
lstrcmpW
InterlockedPopEntrySList
LCMapStringW

user32

ScrollWindowEx
IntersectRect
GetClassLongPtrW
EqualRect
FlashWindowEx
LoadStringA
DrawEdge
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetMessagePos
PostQuitMessage
GetWindowPlacement
SetWindowPlacement
CheckRadioButton
CharLowerW
LoadAcceleratorsW
CreatePopupMenu
RemoveMenu
InsertMenuItemW
SetRectEmpty
ChildWindowFromPoint
TranslateAcceleratorW
CharNextW
IsMenu
GetWindowThreadProcessId
FindWindowExW
FindWindowW
SetForegroundWindow
IsIconic
WaitForInputIdle
CreateIconFromResourceEx
GetDlgItemInt
GetActiveWindow
RegisterWindowMessageW
GetAsyncKeyState
SetWindowTextA
EnumChildWindows
UnionRect
GetPropW
SetPropW
DrawFrameControl
CheckMenuRadioItem
SetRect
WindowFromPoint
ClientToScreen
AdjustWindowRectEx
SetMenuDefaultItem
GetMenuItemInfoW
DeleteMenu
AppendMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
EnableMenuItem
DestroyMenu
LoadMenuW
GetCapture
SetFocus
GetDlgCtrlID
SetDlgItemInt
CreateDialogParamW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetClassInfoExW
RegisterClassExW
UnregisterClassW
UnregisterHotKey
RegisterHotKey
GetUpdateRgn
MonitorFromPoint
GetIconInfo
MapWindowPoints
GetCursor
GetCursorPos
GetFocus
LoadStringW
LoadIconW
MessageBeep
SetActiveWindow
GetDesktopWindow
DialogBoxParamW
LoadImageW
GetWindow
MessageBoxW
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
DestroyWindow
IsWindow
GetWindowRect
SetDlgItemTextW
GetAncestor
GetMonitorInfoW
MonitorFromWindow
GetScrollInfo
SetScrollInfo
DrawIconEx
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
GetParent
SetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
GetUpdateRect
GetKeyState
IsDialogMessageW
GetForegroundWindow
SetMenuItemInfoW
SetMenuInfo
GetMenuInfo
ModifyMenuW
InsertMenuW
CheckMenuItem
GetMenuStringW
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
GetClientRect
GetWindowTextLengthW
GetWindowTextW
ShowScrollBar
SetScrollPos
RedrawWindow
ValidateRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
DrawTextW
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
KillTimer
SetTimer
ReleaseCapture
SetCapture
IsZoomed
IsWindowVisible
SetMenu
TrackMouseEvent
GetMenu
SetWindowPos
MoveWindow
ShowWindow
IsChild
CreateWindowExW
CallWindowProcW
DefWindowProcW
PostMessageW
GetSysColor
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SendMessageW
SystemParametersInfoW

gdi32

RestoreDC
SetBrushOrgEx
SetPixel
PatBlt
SaveDC
SetROP2
GetPixel
ExcludeClipRect
CreatePatternBrush
CreateBitmap
SelectClipRgn
RectInRegion
GetBkMode
CreateRectRgnIndirect
CreateRectRgn
GdiFlush
SetBkMode
GetCurrentObject
CreateFontW
GetObjectW
GetBitmapBits
GetBkColor
CreateDIBSection
SetViewportOrgEx
Polyline
Polygon
ExtTextOutW
TextOutW
MoveToEx
GetTextMetricsW
SetMapMode
GetDeviceCaps
SetTextColor
SetBkColor
SelectObject
Rectangle
LineTo
GetTextExtentPoint32W
GetStockObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
CreateSolidBrush
EndPage
StartPage
EndDoc
StartDocW
SetTextAlign

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
PrintDlgW
FindTextW

advapi32

RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
ConvertStringSidToSidW
ConvertSidToStringSidW
RegSetValueW
RegEnumKeyW
LookupAccountSidW
MapGenericMask
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegCreateKeyW
RegOpenKeyExW
RegOpenKeyW
RegCloseKey

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
CommandLineToArgvW
SHChangeNotify
SHBrowseForFolderW
ExtractIconExW
SHGetMalloc
DragQueryFileW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
ReleaseStgMedium
CreateBindCtx
CoInitializeEx
RegisterDragDrop
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
OleUninitialize

oleaut32

SysFreeString
SysStringLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantInit
VariantClear
VariantChangeType
SysAllocStringByteLen
VarUI4FromStr
VariantTimeToSystemTime
SysAllocStringLen
SafeArrayGetElement

shlwapi

SHAutoComplete

uxtheme

IsThemeActive
IsAppThemed
SetWindowTheme

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

ntdll

RtlGetVersion
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 947KB - Virtual size: 947KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nova pasta/ProcMon/Procmon64a.exe
Nova pasta/ProcMon/procmon.chm
.chm
Nova pasta/Process_Hacker_-_Undetected.exe
.exe windows:5 windows x86

Code Sign

7d:e6:61:e7:bb:da:51:bc:4d:35:6f:66:65:69:34:fa
Certificate

Issuer

CN=MobileDE

Not Before

29-06-2019 20:37

Not After

31-12-2039 23:59

Subject

CN=MobileDE

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7d:e6:61:e7:bb:da:51:bc:4d:35:6f:66:65:69:34:fa
Certificate

Issuer

CN=MobileDE

Not Before

29-06-2019 20:37

Not After

31-12-2039 23:59

Subject

CN=MobileDE

Extended Key Usages

ExtKeyUsageCodeSigning

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:4f:69:e7:55:8e:b9:38:48:b3:1f:a6:4b:a4:f4:0f:3c:d6:dc:7c:d3:b0:a4:b8:15:5d:61:e7:f3:cc:a8:e8
Signer

Actual PE Digest

93:4f:69:e7:55:8e:b9:38:48:b3:1f:a6:4b:a4:f4:0f:3c:d6:dc:7c:d3:b0:a4:b8:15:5d:61:e7:f3:cc:a8:e8

Digest Algorithm

sha256

PE Digest Matches

true

e3:b5:d7:ef:e5:19:88:80:99:cc:6d:a9:57:33:d2:c5:19:41:41:4c
Signer

Actual PE Digest

e3:b5:d7:ef:e5:19:88:80:99:cc:6d:a9:57:33:d2:c5:19:41:41:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 163KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 43KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.38rlqw
Size: 7B - Virtual size: 7B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Zoi1JH
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Nova pasta/fiddler2setup.exe
.exe windows:4 windows x86

bd1dc23681f44e733e87b20cf5b908b7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:59:b2:a4:9c:0c:d9:2a:08:f9:c5:03:15:cd:3d:8a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

16-12-2016 23:59

Subject

CN=TELERIK AD,O=TELERIK AD,L=Sofia,ST=Sofia,C=BG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:73:85:ed:59:8a:bf:ee:cd:12:52:ee:4f:70:e3:ec:a7:29:2b:45
Signer

Actual PE Digest

08:73:85:ed:59:8a:bf:ee:cd:12:52:ee:4f:70:e3:ec:a7:29:2b:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
SetFileAttributesA
GetFileAttributesA
GetTickCount
GetFileSize
GetModuleFileNameA
ReadFile
CreateFileA
GetCurrentProcess
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
GetVersion
SetErrorMode
ExpandEnvironmentStringsA
CopyFileA
GetFullPathNameA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
lstrcmpiA
lstrcmpA
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
CloseHandle
SetFileTime
GetDiskFreeSpaceA
lstrlenA
lstrcpynA
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
MulDiv
WritePrivateProfileStringA
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

GetSystemMenu
SetClassLongA
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
ScreenToClient
GetWindowRect
GetDlgItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
LoadImageA
CreateDialogParamA
SetTimer
SetWindowTextA
SetWindowLongA
SetForegroundWindow
ShowWindow
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
DrawTextA
EndPaint
DestroyWindow
wsprintfA
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00ec79d38140327a3c9e9df18f0ee262

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

winhttp

ntdll

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

shell32

Exports

Exports

Sections

.text Size: - Virtual size: 513KB

.rdata Size: - Virtual size: 121KB

.data Size: - Virtual size: 4.1MB

.pdata Size: - Virtual size: 20KB

.dpE Size: - Virtual size: 16.4MB

.h6N Size: 5KB - Virtual size: 4KB

.G1+ Size: 22.8MB - Virtual size: 22.8MB

.reloc Size: 512B - Virtual size: 200B

.rsrc Size: 512B - Virtual size: 480B

166e1e85a7db932839e06e3ddf6769df

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4dCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

b1:83:c5:99:db:dc:9e:e6:be:77:37:5c:a1:5b:a4:bf:e8:c5:fa:a9:de:d6:39:df:5a:cd:4c:25:a8:03:9a:1eSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

version

comctl32

fltlib

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

uxtheme

dwmapi

ntdll

Sections

.text Size: 867KB - Virtual size: 867KB

.rdata Size: 243KB - Virtual size: 242KB

.data Size: 19KB - Virtual size: 29KB

.detourc Size: 14KB - Virtual size: 13KB

.text
Size: - Virtual size: 513KB

.rdata
Size: - Virtual size: 121KB

.data
Size: - Virtual size: 4.1MB

.pdata
Size: - Virtual size: 20KB

.dpE
Size: - Virtual size: 16.4MB

.h6N
Size: 5KB - Virtual size: 4KB

.G1+
Size: 22.8MB - Virtual size: 22.8MB

.reloc
Size: 512B - Virtual size: 200B

.rsrc
Size: 512B - Virtual size: 480B

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

b1:83:c5:99:db:dc:9e:e6:be:77:37:5c:a1:5b:a4:bf:e8:c5:fa:a9:de:d6:39:df:5a:cd:4c:25:a8:03:9a:1e
Signer

.text
Size: 867KB - Virtual size: 867KB

.rdata
Size: 243KB - Virtual size: 242KB

.data
Size: 19KB - Virtual size: 29KB

.detourc
Size: 14KB - Virtual size: 13KB

.detourd
Size: 512B - Virtual size: 36B

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 57KB - Virtual size: 56KB

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

09:01:98:91:5e:5b:6c:eb:79:53:b0:2f:b2:7a:0a:d0:01:36:fc:62:2b:6d:4d:28:2e:26:47:41:0f:89:db:7f
Signer

.text
Size: 947KB - Virtual size: 947KB

.rdata
Size: 311KB - Virtual size: 311KB

.data
Size: 24KB - Virtual size: 37KB

.pdata
Size: 37KB - Virtual size: 36KB

.detourc
Size: 26KB - Virtual size: 26KB

.detourd
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 9KB - Virtual size: 8KB

7d:e6:61:e7:bb:da:51:bc:4d:35:6f:66:65:69:34:fa
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

7d:e6:61:e7:bb:da:51:bc:4d:35:6f:66:65:69:34:fa
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

93:4f:69:e7:55:8e:b9:38:48:b3:1f:a6:4b:a4:f4:0f:3c:d6:dc:7c:d3:b0:a4:b8:15:5d:61:e7:f3:cc:a8:e8
Signer

e3:b5:d7:ef:e5:19:88:80:99:cc:6d:a9:57:33:d2:c5:19:41:41:4c
Signer

.rsrc
Size: 6KB - Virtual size: 8KB