4b9aea2519aff2cb154c3c4192ddfa45[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

4b9aea2519aff2cb154c3c4192ddfa45.bin
Size

31.9MB
MD5

4b9aea2519aff2cb154c3c4192ddfa45
SHA1

017f7726173320005a336c5ee7eeb01d591ab7c5
SHA256

9ded75c40c61d85deff143c375770bfd934edfc497bd1a3672de8fde724901e7
SHA512

3b829156905ef0e48dcb3564f2a41643ddeb0f10fc7903a4dd34685ed5d76573025bb1e9e0cfa47666904ac464e8c28904b47ec90feb072f5226f85c8bec11df
SSDEEP

393216:eTp8uy1GS97Vg7/ani3IBWt/XKyTqNyJsv6tWKFdu9CSGY2vGiRSggL/t3ofR6GN:/LHv6XdOxz392//

Score

1^/10

Malware Config

Signatures

Files

4b9aea2519aff2cb154c3c4192ddfa45.bin
.exe windows:6 windows x64 arch:x64

cf747130a08fa9a61b8481eb4dd09346

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/01/2022, 00:00

Not After

12/01/2025, 23:59

Subject

CN=ADLICE,O=ADLICE,ST=Loire-Atlantique,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

dc:07:6a:26:cb:46:91:d9:ba:05:ea:22:6b:18:b6:32:81:cf:3d:cb
Signer

Actual PE Digest

dc:07:6a:26:cb:46:91:d9:ba:05:ea:22:6b:18:b6:32:81:cf:3d:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

getaddrinfo
inet_pton
WSAIoctl
freeaddrinfo
getnameinfo

winmm

timeKillEvent
timeSetEvent
PlaySoundW

netapi32

NetShareEnum
NetApiBufferFree

kernel32

GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
SwitchToFiber
DeleteFiber
CreateFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FormatMessageA
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
CreateFileMappingA
SwitchToThread
CompareStringEx
SetThreadPriority
GetThreadPriority
GetLocalTime
OutputDebugStringW
IsProcessorFeaturePresent
GetTickCount64
GetStartupInfoW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetLogicalDrives
SetEndOfFile
SetFileTime
GetFileInformationByHandleEx
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
UnregisterWaitEx
RegisterWaitForSingleObject
GetTimeZoneInformation
OpenThread
CheckRemoteDebuggerPresent
GlobalUnlock
GlobalLock
GlobalSize
lstrcmpW
GetUserDefaultLangID
InitializeCriticalSection
EnumSystemLocalesW
IsValidLocale
GetACP
GetConsoleCP
SetStdHandle
GetFullPathNameA
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
SetConsoleCtrlHandler
InterlockedPushEntrySList
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
EncodePointer
GetStringTypeW
GlobalFree
GlobalAlloc
SetFilePointer
GetVolumePathNamesForVolumeNameW
DefineDosDeviceW
K32GetModuleInformation
Module32NextW
Module32FirstW
CreateRemoteThread
WriteProcessMemory
FindNextFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetPrivateProfileStringW
LockResource
GetFileSizeEx
CreateThread
GetModuleFileNameA
GetVersionExA
ResumeThread
GetCurrentThread
OutputDebugStringA
GetEnvironmentVariableW
RtlCaptureContext
lstrcpyW
lstrcmpA
GetFileSize
HeapCreate
CreateFileA
VirtualQueryEx
AreFileApisANSI
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
ExitProcess
IsBadWritePtr
IsBadReadPtr
lstrlenW
VirtualFree
VirtualAlloc
GetVolumeNameForVolumeMountPointW
SetFilePointerEx
QueryDosDeviceW
GetVolumePathNameW
GetFileType
GetFileInformationByHandle
GetDiskFreeSpaceW
DeviceIoControl
LocalAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
GetTickCount
CreateMutexW
ReleaseMutex
GetThreadLocale
GetUserGeoID
GetGeoInfoW
GetLocaleInfoW
GetModuleHandleW
GetTempPathW
GetTempFileNameW
CancelIo
GetOverlappedResult
WaitNamedPipeW
CreateNamedPipeW
PeekNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
SetHandleInformation
WriteFile
ReadFile
FlushFileBuffers
WaitForMultipleObjects
CreateEventW
ResetEvent
SetEvent
Thread32Next
Thread32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32GetModuleBaseNameW
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectW
GetModuleHandleA
FindFirstFileExA
ReadProcessMemory
GetProcessId
CreateProcessW
TerminateThread
GetExitCodeProcess
TerminateProcess
GetProcessTimes
WaitForSingleObject
SetLastError
DuplicateHandle
GetCurrentProcessId
GetCommandLineW
GetVersionExW
VerSetConditionMask
MoveFileExW
MoveFileW
SetFileAttributesW
RemoveDirectoryW
GetFileTime
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
CopyFileW
DeleteFileW
GetShortPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatW
GetDateFormatW
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
CompareFileTime
OpenProcess
GetCurrentProcess
CloseHandle
GetComputerNameW
LoadLibraryW
FormatMessageW
LocalFree
GetProcAddress
FreeLibrary
GetSystemDirectoryW
GetSystemInfo
GetSystemTimes
Sleep
SetErrorMode
GetLastError
GetCurrentDirectoryW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleWindow
GetLongPathNameW
GetDriveTypeW
GetVolumeInformationW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
IsValidCodePage
GetOEMCP
WTSGetActiveConsoleSessionId

user32

SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
DrawMenuBar
CreateMenu
ChangeWindowMessageFilterEx
GetDC
ReleaseDC
DrawIconEx
GetIconInfo
GetSystemMenu
EnableMenuItem
GetSystemMetrics
GetSysColor
SystemParametersInfoW
MessageBoxW
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetCursorInfo
EnumDisplayDevicesW
GetClipboardFormatNameW
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
GetWindowTextW
PostMessageW
ShowWindow
GetShellWindow
EnumWindows
GetWindowThreadProcessId
RealGetWindowClassW
UnregisterClassW
CharNextW
GetProcessWindowStation
GetUserObjectInformationW
SendMessageA
BeginPaint
SetForegroundWindow
SendInput
GetClassNameW
EnumChildWindows
GetForegroundWindow
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
IsChild
AttachThreadInput
SendMessageW
UpdateLayeredWindowIndirect
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowA
TranslateMessage
DispatchMessageW
PeekMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
DestroyWindow
SetWindowLongPtrW
GetWindowLongPtrW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
CloseTouchInputHandle

gdi32

CreateDIBSection
BitBlt
CombineRgn
CreateRectRgn
OffsetRgn
SelectClipRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
GetRegionData
GdiFlush
SelectObject
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
SetBkMode

shell32

ord51
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW
SHGetKnownFolderPath
SHGetMalloc
SHCreateItemFromParsingName
ExtractIconExW
SHGetFileInfoW
SHGetStockIconInfo
ord727
SHCreateItemFromIDList
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect

ole32

RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
StringFromCLSID
OleIsCurrentClipboard
DoDragDrop
ReleaseStgMedium
CoLockObjectExternal
CoInitialize
CoSetProxyBlanket
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoGetMalloc

oleaut32

SafeArrayCreate
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr

advapi32

RegCreateKeyExW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
RegSetKeySecurity
RegGetKeySecurity
GetAce
GetSecurityInfo
StartServiceW
SetServiceObjectSecurity
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
ConvertStringSidToSidW
ConvertSidToStringSidW
LookupAccountNameW
LookupAccountSidW
IsValidSid
GetLengthSid
FreeSid
CopySid
GetUserNameW
DuplicateToken
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
EnumDependentServicesW
EnumServicesStatusW
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
MapGenericMask
AccessCheck
RegFlushKey
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
LookupPrivilegeValueW
SetEntriesInAclW
RegCloseKey
DuplicateTokenEx
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
CreateProcessAsUserW

mpr

WNetGetConnectionW

userenv

GetUserProfileDirectoryW
GetProfilesDirectoryW
DestroyEnvironmentBlock
CreateEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

StrCmpIW
StrDupW
AssocQueryStringW
StrFormatByteSizeW
PathUnExpandEnvStringsW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveBlanksW
PathRemoveBackslashW
PathRemoveArgsW
PathQuoteSpacesW
PathIsNetworkPathW
PathIsRelativeW
PathIsPrefixW
PathIsDirectoryW
PathGetDriveNumberW
PathGetArgsW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCommonPrefixW
PathAppendW
PathAddBackslashW
PathSearchAndQualifyW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

ntdll

NtQueryKey
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPcToFileHeader
NtQuerySystemInformation
NtOpenKey
NtCreateKey
NtSetValueKey
NtDeleteValueKey
NtDeleteKey
RtlInitUnicodeString
NtLoadDriver
NtUnloadDriver

wininet

InternetGetConnectedState

wsock32

shutdown
inet_ntoa
getsockname
getsockopt
ntohs
WSAStartup
WSAAsyncSelect
gethostname
sendto
recvfrom
htonl
select
__WSAFDIsSet
htons
getpeername
socket
setsockopt
listen
connect
closesocket
bind
accept
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

crypt32

CertFreeCertificateContext
CertNameToStrW
CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext

bcrypt

BCryptDeriveKeyPBKDF2
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptGenRandom
BCryptOpenAlgorithmProvider

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmSetWindowAttribute

uxtheme

GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemePropertyOrigin
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName
GetThemeMargins
GetThemeEnumValue
GetThemeInt
GetThemeColor
GetThemePartSize
OpenThemeData
GetThemeBool

imm32

ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey

Sections

.text
Size: 16.3MB - Virtual size: 16.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1024B - Virtual size: 677B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf747130a08fa9a61b8481eb4dd09346

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7bCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

dc:07:6a:26:cb:46:91:d9:ba:05:ea:22:6b:18:b6:32:81:cf:3d:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

netapi32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

mpr

userenv

version

shlwapi

wtsapi32

ntdll

wininet

wsock32

crypt32

wintrust

bcrypt

dwmapi

uxtheme

imm32

Sections

.text Size: 16.3MB - Virtual size: 16.3MB

.rdata Size: 8.1MB - Virtual size: 8.1MB

.data Size: 272KB - Virtual size: 525KB

.pdata Size: 994KB - Virtual size: 994KB

.tls Size: 512B - Virtual size: 13B

.qtmimed Size: 315KB - Virtual size: 315KB

.qtmetad Size: 1024B - Virtual size: 677B

.gfids Size: 512B - Virtual size: 504B

_RDATA Size: 512B - Virtual size: 272B

.rsrc Size: 5.9MB - Virtual size: 5.9MB

.reloc Size: 106KB - Virtual size: 105KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

dc:07:6a:26:cb:46:91:d9:ba:05:ea:22:6b:18:b6:32:81:cf:3d:cb
Signer

.text
Size: 16.3MB - Virtual size: 16.3MB

.rdata
Size: 8.1MB - Virtual size: 8.1MB

.data
Size: 272KB - Virtual size: 525KB

.pdata
Size: 994KB - Virtual size: 994KB

.tls
Size: 512B - Virtual size: 13B

.qtmimed
Size: 315KB - Virtual size: 315KB

.qtmetad
Size: 1024B - Virtual size: 677B

.gfids
Size: 512B - Virtual size: 504B

_RDATA
Size: 512B - Virtual size: 272B

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

.reloc
Size: 106KB - Virtual size: 105KB