trimcheck-0[.]7-win64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

trimcheck-0.7-win64.exe
Size

1.3MB
MD5

61f2288fab89e2c08b452d0d7ddaf8aa
SHA1

bf69f4b6e7f58060cab33b6661eb81538097b2e1
SHA256

e08038bebeda7cdfed90144fed8285dc84e40b6d53935fe069327a74b2278beb
SHA512

8b24d114cd2c3f37ae55e43737676e974ebf33898dc50b836397f5c579d4efba520c2fe6008a097853c02f1d9fddd1d75bf34d5b6d469498e7bb2992e9e6190c
SSDEEP

12288:IbBfrAJMccW5fbgLvGuczJAluF3DojodBhgiqOpQXI92u:Ib1rAJrh5bS+fzJAluJDJWOWXI92u

Score

1^/10

Malware Config

Signatures

Files

trimcheck-0.7-win64.exe
.exe windows:6 windows x64

31731cc33bc27dc94062dc230f897b86

Code Sign

04:7a:55
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:58

Not After

03/03/2024, 12:58

Subject

CN=Certum Time-Stamping Authority,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:b2:58:d5:ec:0f:57:c6:8f:eb:9f:7e:13:75:ca:25
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

07/10/2015, 11:48

Not After

06/10/2016, 11:48

Subject

CN=Open Source Developer\, Vladimir Panteleev,O=Open Source Developer,C=MD,1.2.840.113549.1.9.1=#0c17636f6465407468656379626572736861646f772e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cc:b2:af:cc:fd:7a:48:de:5d:77:e9:94:4a:06:54:96:b7:54:1c:5a
Signer

Actual PE Digest

cc:b2:af:cc:fd:7a:48:de:5d:77:e9:94:4a:06:54:96:b7:54:1c:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

LookupPrivilegeValueW
OpenProcessToken
DuplicateTokenEx
AdjustTokenPrivileges
RegOpenKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW

kernel32

Process32FirstW
Heap32ListFirst
CloseHandle
GetProcAddress
GetCurrentThreadId
FlushFileBuffers
GetCurrentProcessId
GetFileInformationByHandle
Module32FirstW
DeleteFileW
SetFilePointer
CreateFileW
Thread32First
Sleep
SetLastError
DeviceIoControl
WaitForSingleObject
CreateToolhelp32Snapshot
GetCurrentProcess
OpenProcess
GetLastError
GetFileSize
GetModuleHandleW
CreateProcessW
FormatMessageW
Process32NextW
GetDiskFreeSpaceW
ReadFile
WriteFile
LocalFree
FindNextFileW
FindClose
FindFirstFileW
IsDebuggerPresent
GetCommandLineW
WideCharToMultiByte
GetFileAttributesW
GetCurrentDirectoryW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
FreeLibrary
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetFileAttributesExW
GetTimeZoneInformation
VirtualFree
QueryPerformanceCounter
VirtualAlloc
DeleteCriticalSection
QueryPerformanceFrequency
InitializeCriticalSection
GetSystemInfo
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
LoadLibraryA
GetExitCodeThread
lstrlenW
ExpandEnvironmentStringsW
GetModuleHandleA
TryEnterCriticalSection
ResumeThread
SuspendThread
GetThreadContext
GetEnvironmentVariableA
GetCurrentThread
RtlCaptureContext
DuplicateHandle
ReleaseSemaphore
CreateSemaphoreA
SwitchToThread
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
SetStdHandle
GetFileType
IsProcessorFeaturePresent
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
RtlUnwindEx
GetStartupInfoW
GetProcessHeap
GetConsoleCP
GetConsoleMode
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetFilePointerEx
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteConsoleW
OutputDebugStringW
GetStringTypeW
CompareStringW
LCMapStringW
SetEnvironmentVariableA
HeapSize
SetEndOfFile

user32

AllowSetForegroundWindow
AttachThreadInput
GetShellWindow
GetWindowThreadProcessId

shell32

CommandLineToArgvW

Exports

Exports

ARRAYID_PathProperties
BFID_GRAY_16
BFID_GRAY_8
BFID_MONOCHROME
BFID_RGBA_32
BFID_RGB_24
BFID_RGB_32
BFID_RGB_4
BFID_RGB_555
BFID_RGB_565
BFID_RGB_8
BHID_LinkTargetItem
BHID_SFObject
BHID_SFUIObject
BHID_SFViewObject
BHID_Storage
BHID_StorageEnum
BHID_Stream
CATID_BrowsableShellExt
CATID_BrowseInPlace
CATID_ClusCfgCapabilities
CATID_ClusCfgMemberSetChangeListener
CATID_ClusCfgResourceTypes
CATID_ClusCfgStartupListeners
CATID_CommBand
CATID_Control
CATID_DesignTimeUIActivatableControl
CATID_DeskBand
CATID_DocObject
CATID_EnumClusCfgManagedResources
CATID_InfoBand
CATID_Insertable
CATID_InternetAware
CATID_IsShortcut
CATID_MARSHALER
CATID_NeverShowExt
CATID_PersistsToFile
CATID_PersistsToMemory
CATID_PersistsToMoniker
CATID_PersistsToPropertyBag
CATID_PersistsToStorage
CATID_PersistsToStream
CATID_PersistsToStreamInit
CATID_Printable
CATID_Programmable
CATID_RequiresDataPathHost
CATID_SafeForInitializing
CATID_SafeForScripting
CGID_DocHostCommandHandler
CGID_DownloadHost
CGID_Explorer
CGID_ExplorerBarDoc
CGID_InternetExplorer
CGID_MSHTML
CGID_ShellDocView
CGID_ShellServiceObject
CGID_ShortCut
CLSID_1
CLSID_2
CLSID_3
CLSID_4
CLSID_5
CLSID_6
CLSID_7
CLSID_8
CLSID_9
CLSID_ACLCustomMRU
CLSID_ACLHistory
CLSID_ACLMRU
CLSID_ACLMulti
CLSID_ACListISF
CLSID_ADSystemInfo
CLSID_ADsDSOObject
CLSID_ADsSecurityUtility
CLSID_AboutProtocol
CLSID_AccessControlEntry
CLSID_AccessControlList
CLSID_AccountDiscovery
CLSID_ActiveDesktop
CLSID_AdapterInfo
CLSID_AddrControl
CLSID_AddressBarParser
CLSID_AlgSetup
CLSID_AllClasses
CLSID_AlphabeticalCategorizer
CLSID_AnchorClick
CLSID_AnimationComposerFactory
CLSID_AnimationComposerSiteFactory
CLSID_ApplicationGatewayServices
CLSID_AutoComplete
CLSID_AutoDiscoveryProvider
CLSID_AutoplayForSlideShow
CLSID_BackLink
CLSID_BackgroundCopyManager
CLSID_BackgroundCopyManager1_5
CLSID_BackgroundCopyQMgr
CLSID_BasicImageEffects
CLSID_BasicImageEffectsPP
CLSID_BlockFormats
CLSID_BridgeTerminal
CLSID_CAccPropServices
CLSID_CActiveIMM
CLSID_CAnchorBrowsePropertyPage
CLSID_CCheckBox
CLSID_CColorPropPage
CLSID_CCombobox
CLSID_CDBurn
CLSID_CDLAgent
CLSID_CDebugDocumentHelper
CLSID_CDeviceRect
CLSID_CDirect3DRM
CLSID_CDirect3DRMAnimation
CLSID_CDirect3DRMAnimationSet
CLSID_CDirect3DRMClippedVisual
CLSID_CDirect3DRMDevice
CLSID_CDirect3DRMFace
CLSID_CDirect3DRMFrame
CLSID_CDirect3DRMFrameInterpolator
CLSID_CDirect3DRMLight
CLSID_CDirect3DRMLightInterpolator
CLSID_CDirect3DRMMaterial
CLSID_CDirect3DRMMaterialInterpolato
CLSID_CDirect3DRMMesh
CLSID_CDirect3DRMMeshBuilder
CLSID_CDirect3DRMMeshInterpolator
CLSID_CDirect3DRMProgressiveMesh
CLSID_CDirect3DRMShadow
CLSID_CDirect3DRMTexture
CLSID_CDirect3DRMTextureInterpolator
CLSID_CDirect3DRMUserVisual
CLSID_CDirect3DRMViewport
CLSID_CDirect3DRMViewportInterpolato
CLSID_CDirect3DRMWrap
CLSID_CDirectXFile
CLSID_CDocBrowsePropertyPage
CLSID_CDownloadBehavior
CLSID_CEnroll
CLSID_CEventObj
CLSID_CFSIconOverlayManager
CLSID_CFontPropPage
CLSID_CHeaderFooter
CLSID_CHtmlArea
CLSID_CIEOptionElement
CLSID_CIESelectElement
CLSID_CImageBrowsePropertyPage
CLSID_CLayoutRect
CLSID_CMLangConvertCharset
CLSID_CMLangString
CLSID_CMimeTypes
CLSID_CMultiLanguage
CLSID_CNetCfg
CLSID_COpsProfile
CLSID_CPersistDataPeer
CLSID_CPersistHistory
CLSID_CPersistShortcut
CLSID_CPersistSnapshot
CLSID_CPersistUserData
CLSID_CPicturePropPage
CLSID_CPlugins
CLSID_CRadioButton
CLSID_CScriptErrorList
CLSID_CScrollBar
CLSID_CSliderBar
CLSID_CSpinButton
CLSID_CTemplatePrinter
CLSID_CURLSearchHook
CLSID_CUrlHistory
CLSID_CUtilityButton
CLSID_CaseIgnoreList
CLSID_CdlProtocol
CLSID_ChannelAgent
CLSID_ChannelMgr
CLSID_ClassInstallFilter
CLSID_ClientCaps
CLSID_ClusAppWiz
CLSID_ClusCfgAsyncEvictCleanup
CLSID_ClusCfgEvictCleanup
CLSID_ClusCfgResTypeGenScript
CLSID_ClusCfgResTypeMajorityNodeSet
CLSID_ClusCfgResTypeServices
CLSID_ClusCfgStartupNotify
CLSID_ClusCfgWizard
CLSID_ClusterConfigurationType
CLSID_CoDitherToRGB8
CLSID_CoMapMIMEToCLSID
CLSID_CoSniffStream
CLSID_ComBinding
CLSID_CommonQuery
CLSID_CompositePP
CLSID_ConnectionCommonUi
CLSID_ConnectionManager
CLSID_ConnectionManager2
CLSID_ControlPanel
CLSID_ConvertVBX
CLSID_ConvolvePP
CLSID_CrBarn
CLSID_CrBarnPP
CLSID_CrBlindPP
CLSID_CrBlinds
CLSID_CrBlur
CLSID_CrBlurPP
CLSID_CrEmboss
CLSID_CrEngrave
CLSID_CrInset
CLSID_CrIris
CLSID_CrIrisPP
CLSID_CrRadialWipe
CLSID_CrRadialWipePP
CLSID_CrSlide
CLSID_CrSlidePP
CLSID_CrSpiral
CLSID_CrSpiralPP
CLSID_CrStretch
CLSID_CrStretchPP
CLSID_CrWheel
CLSID_CrWheelPP
CLSID_CrZigzag
CLSID_CrZigzagPP
CLSID_CurrentUserClasses
CLSID_DAArray
CLSID_DABbox2
CLSID_DABbox3
CLSID_DABehavior
CLSID_DABoolean
CLSID_DACamera
CLSID_DAColor
CLSID_DADashStyle
CLSID_DAEndStyle
CLSID_DAEvent
CLSID_DAFontStyle
CLSID_DAGeometry
CLSID_DAImage
CLSID_DAImportationResult
CLSID_DAJoinStyle
CLSID_DALineStyle
CLSID_DAMatte
CLSID_DAMicrophone
CLSID_DAMontage
CLSID_DANumber
CLSID_DAPair
CLSID_DAPath2
CLSID_DAPickableResult
CLSID_DAPoint2
CLSID_DAPoint3
CLSID_DASound
CLSID_DAStatics
CLSID_DAString
CLSID_DATransform2
CLSID_DATransform3
CLSID_DATuple
CLSID_DAUserData
CLSID_DAVector2
CLSID_DAVector3
CLSID_DAView
CLSID_DAViewerControl
CLSID_DAViewerControlWindowed
CLSID_DCOMAccessControl
CLSID_DNWithBinary
CLSID_DNWithString
CLSID_DOMChildrenCollection
CLSID_DOMDocument
CLSID_DOMFreeThreadedDocument
CLSID_DWbemClassObject
CLSID_DWbemContext
CLSID_DWbemLocator
CLSID_DX2D
CLSID_DXFade
CLSID_DXGradient
CLSID_DXLUTBuilder
CLSID_DXRasterizer
CLSID_DXSurface
CLSID_DXSurfaceModifier
CLSID_DXTAlpha
CLSID_DXTAlphaImageLoader
CLSID_DXTAlphaImageLoaderPP
CLSID_DXTAlphaPP
CLSID_DXTBarn
CLSID_DXTBlinds
CLSID_DXTCheckerBoard
CLSID_DXTCheckerBoardPP
CLSID_DXTChroma
CLSID_DXTChromaPP
CLSID_DXTComposite
CLSID_DXTConvolution
CLSID_DXTDropShadow
CLSID_DXTDropShadowPP
CLSID_DXTFilter
CLSID_DXTFilterBehavior
CLSID_DXTFilterCollection
CLSID_DXTFilterFactory
CLSID_DXTGlow
CLSID_DXTGlowPP
CLSID_DXTGradientD
CLSID_DXTGradientWipe
CLSID_DXTICMFilter
CLSID_DXTICMFilterPP
CLSID_DXTInset
CLSID_DXTIris
CLSID_DXTLabel
CLSID_DXTLight
CLSID_DXTLightPP
CLSID_DXTMaskFilter
CLSID_DXTMatrix
CLSID_DXTMatrixPP
CLSID_DXTMetaBurnFilm
CLSID_DXTMetaCenterPeel
CLSID_DXTMetaColorFade
CLSID_DXTMetaFlowMotion
CLSID_DXTMetaGriddler
CLSID_DXTMetaGriddler2
CLSID_DXTMetaJaws
CLSID_DXTMetaLightWipe
CLSID_DXTMetaLiquid
CLSID_DXTMetaPageTurn
CLSID_DXTMetaPeelPiece
CLSID_DXTMetaPeelSmall
CLSID_DXTMetaPeelSplit
CLSID_DXTMetaRadialScaleWipe
CLSID_DXTMetaRipple
CLSID_DXTMetaRoll
CLSID_DXTMetaThreshold
CLSID_DXTMetaTwister
CLSID_DXTMetaVacuum
CLSID_DXTMetaWater
CLSID_DXTMetaWhiteOut
CLSID_DXTMetaWormHole
CLSID_DXTMotionBlur
CLSID_DXTMotionBlurPP
CLSID_DXTRadialWipe
CLSID_DXTRandomBars
CLSID_DXTRandomBarsPP
CLSID_DXTRandomDissolve
CLSID_DXTRedirect
CLSID_DXTRevealTrans
CLSID_DXTScale
CLSID_DXTShadow
CLSID_DXTShadowPP
CLSID_DXTSlide
CLSID_DXTSpiral
CLSID_DXTStretch
CLSID_DXTStrips
CLSID_DXTStripsPP
CLSID_DXTWave
CLSID_DXTWavePP
CLSID_DXTWipe
CLSID_DXTWipePP
CLSID_DXTZigzag
CLSID_DXTaskManager
CLSID_DXTransformFactory
CLSID_DarwinAppPublisher
CLSID_DataChannel
CLSID_DeCompMimeFilter
CLSID_DebugHelper
CLSID_DefaultDebugSessionProvider
CLSID_DirectDraw
CLSID_DirectDrawClipper
CLSID_DirectDrawFactory2
CLSID_DirectInput
CLSID_DirectInputDevice
CLSID_DirectMusic
CLSID_DirectMusicBand
CLSID_DirectMusicBandTrack
CLSID_DirectMusicChordMap
CLSID_DirectMusicChordMapTrack
CLSID_DirectMusicChordTrack
CLSID_DirectMusicCollection
CLSID_DirectMusicCommandTrack
CLSID_DirectMusicComposer
CLSID_DirectMusicGraph
CLSID_DirectMusicLoader
CLSID_DirectMusicMotifTrack
CLSID_DirectMusicMuteTrack
CLSID_DirectMusicPerformance
CLSID_DirectMusicSegment
CLSID_DirectMusicSegmentState
CLSID_DirectMusicSeqTrack
CLSID_DirectMusicSignPostTrack
CLSID_DirectMusicStyle
CLSID_DirectMusicStyleTrack
CLSID_DirectMusicSynth
CLSID_DirectMusicSysExTrack
CLSID_DirectMusicTempoTrack
CLSID_DirectMusicTimeSigTrack
CLSID_DirectPlay
CLSID_DirectPlayLobby
CLSID_DirectSound
CLSID_DirectSoundCapture
CLSID_DispatchMapper
CLSID_DocFileColumnProvider
CLSID_DocHostUIHandler
CLSID_DragDropHelper
CLSID_DriveSizeCategorizer
CLSID_DriveTypeCategorizer
CLSID_DsDisplaySpecifier
CLSID_DsDomainTreeBrowser
CLSID_DsFindAdvanced
CLSID_DsFindComputer
CLSID_DsFindContainer
CLSID_DsFindDomainController
CLSID_DsFindFrsMembers
CLSID_DsFindObjects
CLSID_DsFindPeople
CLSID_DsFindPrinter
CLSID_DsFindVolume
CLSID_DsFolderProperties
CLSID_DsPropertyPages
CLSID_DsQuery
CLSID_EAPOLManager
CLSID_EVENTQUEUE
CLSID_EXTENDEDERRORINFO
CLSID_Email
CLSID_EnumAdapterInfo
CLSID_FadePP
CLSID_FaxNumber
CLSID_FilePlaybackTerminal
CLSID_FileProtocol
CLSID_FileRecordingTerminal
CLSID_FileRecordingTrack
CLSID_FileSearchBand
CLSID_FileSysColumnProvider
CLSID_FileTerminal
CLSID_FolderShortcut
CLSID_FolderViewHost
CLSID_FontNames
CLSID_FramesCollection
CLSID_FreeSpaceCategorizer
CLSID_FtpProtocol
CLSID_GLOBAL_BROADCAST
CLSID_GblComponentCategoriesMgr
CLSID_GopherProtocol
CLSID_GradientPP
CLSID_HNetCfgMgr
CLSID_HTADocument
CLSID_HTCAttachBehavior
CLSID_HTCDefaultDispatch
CLSID_HTCDescBehavior
CLSID_HTCEventBehavior
CLSID_HTCMethodBehavior
CLSID_HTCPropertyBehavior
CLSID_HTMLAnchorElement
CLSID_HTMLAppBehavior
CLSID_HTMLApplication
CLSID_HTMLAreaElement
CLSID_HTMLAreasCollection
CLSID_HTMLAttributeCollection
CLSID_HTMLBGsound
CLSID_HTMLBRElement
CLSID_HTMLBaseElement
CLSID_HTMLBaseFontElement
CLSID_HTMLBlockElement
CLSID_HTMLBody
CLSID_HTMLButtonElement
CLSID_HTMLCommentElement
CLSID_HTMLCurrentStyle
CLSID_HTMLDDElement
CLSID_HTMLDListElement
CLSID_HTMLDOMAttribute
CLSID_HTMLDOMImplementation
CLSID_HTMLDOMTextNode
CLSID_HTMLDTElement
CLSID_HTMLDefaults
CLSID_HTMLDialog
CLSID_HTMLDivElement
CLSID_HTMLDivPosition
CLSID_HTMLDocument
CLSID_HTMLElementCollection
CLSID_HTMLEmbed
CLSID_HTMLFieldSetElement
CLSID_HTMLFontElement
CLSID_HTMLFormElement
CLSID_HTMLFrameBase
CLSID_HTMLFrameElement
CLSID_HTMLFrameSetSite
CLSID_HTMLGenericElement
CLSID_HTMLHRElement
CLSID_HTMLHeadElement
CLSID_HTMLHeaderElement
CLSID_HTMLHistory
CLSID_HTMLHtmlElement
CLSID_HTMLIFrame
CLSID_HTMLImageElementFactory
CLSID_HTMLImg
CLSID_HTMLInputButtonElement
CLSID_HTMLInputElement
CLSID_HTMLInputFileElement
CLSID_HTMLInputImage
CLSID_HTMLInputTextElement
CLSID_HTMLIsIndexElement
CLSID_HTMLLIElement
CLSID_HTMLLabelElement
CLSID_HTMLLegendElement
CLSID_HTMLLinkElement
CLSID_HTMLListElement
CLSID_HTMLLoadOptions
CLSID_HTMLLocation
CLSID_HTMLMapElement
CLSID_HTMLMarqueeElement
CLSID_HTMLMetaElement
CLSID_HTMLNamespace
CLSID_HTMLNamespaceCollection

Sections

.text
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 393KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

._deh
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.minfo
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31731cc33bc27dc94062dc230f897b86

Code Sign

04:7a:55Certificate

Extended Key Usages

04:7a:53Certificate

Key Usages

0e:b2:58:d5:ec:0f:57:c6:8f:eb:9f:7e:13:75:ca:25Certificate

Extended Key Usages

Key Usages

cc:b2:af:cc:fd:7a:48:de:5d:77:e9:94:4a:06:54:96:b7:54:1c:5aSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 544KB - Virtual size: 543KB

.rdata Size: 205KB - Virtual size: 205KB

.data Size: 393KB - Virtual size: 438KB

.pdata Size: 32KB - Virtual size: 32KB

._deh Size: 5KB - Virtual size: 4KB

.tls Size: 139KB - Virtual size: 138KB

.minfo Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 18KB - Virtual size: 17KB

04:7a:55
Certificate

04:7a:53
Certificate

0e:b2:58:d5:ec:0f:57:c6:8f:eb:9f:7e:13:75:ca:25
Certificate

cc:b2:af:cc:fd:7a:48:de:5d:77:e9:94:4a:06:54:96:b7:54:1c:5a
Signer

.text
Size: 544KB - Virtual size: 543KB

.rdata
Size: 205KB - Virtual size: 205KB

.data
Size: 393KB - Virtual size: 438KB

.pdata
Size: 32KB - Virtual size: 32KB

._deh
Size: 5KB - Virtual size: 4KB

.tls
Size: 139KB - Virtual size: 138KB

.minfo
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 18KB - Virtual size: 17KB