Files[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Files.rar
Size

61.6MB
MD5

d245df5d8ab787a35a6587e135f8915d
SHA1

7f6985539ecdd963015bdfd9d8983288b3e44a21
SHA256

a7069f685b86ad1f0b1217114b08515ac0eac6e08f81d5557fa7e2bba317783e
SHA512

5704c9477cea5749be0f65cf60869f20c4f3d1a54b7b381060569483b878bc97595b3b8bc8f67f924a8540fa0b0b74b8c84c55620af7515eccdab049c4cb1391
SSDEEP

1572864:onsDO3Efnfl14xJPDs4VMl/MAbJuGbD9BESuUpE8zpIUu0:+sDOmnt180+AbxbDvaXU3

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1003b.exe.vir
unpack001/Cheat.exe.vir
unpack001/KB824105-x86-ENU.exe.vir
unpack001/VLTKTanthuTN.exe.vir
unpack001/chdyz.exe.vir
unpack001/setups.exe.vir
unpack001/tidex_-_short_stuff.exe.vir
unpack001/up.exe.vir

Files

Files.rar
.rar
1003b.exe.vir
.exe windows:5 windows x86 arch:x86

34b5ed9627adc2a136538773f5ab1f74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

gdi32

BitBlt

shell32

ord680

comctl32

ord17

wininet

InternetOpenW

shlwapi

PathRemoveFileSpecW

winmm

timeGetTime

Sections

.MPRESS1
Size: 186KB - Virtual size: 720KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Cheat.exe.vir
.exe windows:6 windows x86 arch:x86

e569e6f445d32ba23766ad67d1e3787f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KB824105-x86-ENU.exe.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VLTKTanthuTN.exe.vir
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

eW*^~AHp
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 647KB - Virtual size: 646KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a.exe.vir
.exe windows:6 windows x86 arch:x86

ac18dc6a1c61398696cfd62f5dc166eb

Code Sign

e3:21:4c:81:33:95:40:a3:80:4f:ca:65:6f:5a:ea:7d
Certificate

Issuer

CN=Sex Shop SRL,OU=Ownership,O=Sex Shop L45,POSTALCODE=48273,STREET=Rathas G45,L=Berlin,ST=Berlin,C=DE,1.2.840.113549.1.9.1=#0c1961646d696e697374726174696f6e407061727365632e6e6574

Not Before

03/06/2022, 00:00

Not After

04/07/2024, 23:59

Subject

CN=Sex Shop SRL,OU=Ownership,O=Sex Shop L45,POSTALCODE=48273,STREET=Rathas G45,L=Berlin,ST=Berlin,C=DE,1.2.840.113549.1.9.1=#0c1961646d696e697374726174696f6e407061727365632e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:28:46:f8:93:d5:a8:4d:3f:b3:50:5a:89:34:d5:e3:94:70:de:7f:88:45:5b:1a:e0:f0:62:72:51:64:d7:f3
Signer

Actual PE Digest

1f:28:46:f8:93:d5:a8:4d:3f:b3:50:5a:89:34:d5:e3:94:70:de:7f:88:45:5b:1a:e0:f0:62:72:51:64:d7:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
htonl
WSAIoctl
htons
getsockname
listen
bind
accept
WSASetLastError
WSAGetLastError
WSACleanup
__WSAFDIsSet
closesocket
select
shutdown
WSASocketW
inet_pton
getaddrinfo
WSAStartup
getpeername
send
socket
ntohs
connect
recv
getsockopt
freeaddrinfo
ioctlsocket
getnameinfo
setsockopt
ntohl

advapi32

CryptHashData
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptCreateHash
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenProcessToken
GetTokenInformation

crypt32

CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertFreeCertificateContext
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertCloseStore
CertFindCertificateInStore

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx

kernel32

GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
HeapFree
GetFullPathNameW
WriteFile
SetFilePointer
SetEndOfFile
WaitForSingleObject
CreateFileW
Sleep
LoadLibraryA
DeleteFileW
CloseHandle
HeapAlloc
GetProcAddress
GetProcessHeap
CreateProcessW
CreateMutexW
GetLastError
GetModuleHandleW
ReadFile
CreateThread
ExitProcess
GetCurrentProcess
GetVolumeInformationW
EnterCriticalSection
VirtualFree
VirtualAlloc
TerminateProcess
LeaveCriticalSection
HeapReAlloc
GetExitCodeProcess
CreateDirectoryW
SetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageW
GetStdHandle
GetEnvironmentVariableW
GetFileType
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
GetCurrentProcessId
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetCommandLineA
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryA
CompareStringW
GetTickCount
GetCommandLineW
WaitForSingleObjectEx
GetEnvironmentVariableA
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
ExitThread
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
GetStringTypeW
GetCPInfo
CompareStringEx
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeLibrary
SetEnvironmentVariableW
IsValidCodePage
FindFirstFileExW
HeapSize
GetCurrentDirectoryW
LCMapStringEx
DecodePointer
EncodePointer
InitOnceBeginInitialize
InitOnceComplete
RaiseException
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetConsoleOutputCP
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
MoveFileExA
FileTimeToSystemTime
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetTimeZoneInformation
GetFileAttributesExW
GetModuleHandleA
WriteConsoleW
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
ScreenToClient
ShowWindow
GetDesktopWindow
PostQuitMessage
RegisterClassExW
UnregisterClassW
CreateWindowExW
MessageBoxW
DestroyWindow
GetWindowRect
DefWindowProcW
TranslateMessage
PeekMessageW
DispatchMessageW
GetProcessWindowStation
GetUserObjectInformationW
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetKeyState

shell32

ShellExecuteW
SHGetKnownFolderPath

ole32

CoTaskMemFree

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

xinput1_3

ord2
ord4

bcrypt

BCryptGenRandom

ntdll

RtlAdjustPrivilege

normaliz

IdnToAscii

wldap32

ord200
ord301
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143

Sections

.text
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 919KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Y=L
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Y.^
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Lg]
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
chdyz.exe.vir
.exe windows:4 windows x86 arch:x86

43affe5cd50bec6812923613abb04680

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut
midiOutPrepareHeader
waveOutWrite
waveOutPause
waveOutReset
waveOutClose
waveOutGetNumDevs
waveOutOpen
midiOutUnprepareHeader
midiStreamOpen
midiStreamProperty
midiStreamStop
midiOutReset
midiStreamClose
midiStreamRestart
waveOutUnprepareHeader
waveOutRestart
waveOutPrepareHeader

ws2_32

socket
bind
htons
WSAAsyncSelect
closesocket
send
WSACleanup
WSAStartup
gethostbyname
inet_ntoa
inet_addr
gethostname
ntohl
recvfrom
ioctlsocket
connect
recv
listen
getpeername
accept
getsockname
__WSAFDIsSet
select
ntohs
WSAGetLastError

kernel32

SetLastError
GetTimeZoneInformation
GetVersion
TerminateThread
lstrcmpiA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
FormatMessageA
CreateMutexA
ReleaseMutex
SuspendThread
UnhandledExceptionFilter
GetACP
HeapSize
ExitThread
RaiseException
GetLocalTime
GetSystemTime
RtlUnwind
GetStartupInfoA
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetFileSize
SetFilePointer
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
ReadFile
lstrlenW
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
lstrlenA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
InterlockedExchange
HeapReAlloc
GetProcessHeap
HeapAlloc
GetUserDefaultLCID
GetFullPathNameA
FreeLibrary
LoadLibraryA
GetLastError
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
SetCurrentDirectoryA
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
CreateProcessA
WaitForSingleObject
CloseHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
LocalFree

user32

PostQuitMessage
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
LoadStringA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
MoveWindow
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
UnregisterClassA
GetDesktopWindow
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
SetWindowTextA
IsDialogMessageA
EnumDisplaySettingsA
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
IsRectEmpty
ReleaseDC
IsChild
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBoxA
GetCursorPos
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
WaitForInputIdle
ClientToScreen
GetClassNameA
GetDlgItem
GetWindowTextA
DrawTextA
SetWindowsHookExA
UnhookWindowsHookEx
EnumThreadWindows
GetWindowTextLengthA
EnumChildWindows
CallNextHookEx
CallWindowProcA
GetWindowDC
GetSysColorBrush
FrameRect
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
ScrollWindowEx
CreateMenu
GetMessageA
CharUpperA
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA

gdi32

ExtSelectClipRgn
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
Arc
GetTextExtentPoint32A
GetDeviceCaps
BeginPath
GetWindowOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
SetPixel
CreateRectRgnIndirect
SetBkColor
SetBkMode
LineTo
MoveToEx
SetTextColor
CreateEllipticRgnIndirect
GetTextMetricsA
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateCompatibleDC
GetPixel
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
FillRgn
CreateRectRgn
CombineRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
EndPath
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
GetViewportOrgEx
GetBkMode
PathToRegion

msimg32

GradientFill

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CLSIDFromProgID
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize

oleaut32

UnRegisterTypeLi
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy

comctl32

ImageList_GetIcon
ImageList_GetImageCount
ImageList_SetBkColor
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Read
ImageList_Duplicate

comdlg32

ChooseColorA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA

Sections

.text
Size: 784KB - Virtual size: 783KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setup.exe.vir
.exe windows:6 windows x64 arch:x64

ad9d3fb95cbac8980218b759a91b7e62

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:42:cf:38:a9:cf:02:4a:38:f0:8e:81:65:59:09:85
Certificate

Issuer

CN=Certera Code Signing CA,O=Certera,C=US

Not Before

08/05/2023, 00:00

Not After

07/05/2024, 23:59

Subject

CN=AAAA CLEANING REMOVALS LIMITED,O=AAAA CLEANING REMOVALS LIMITED,ST=Kent,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0e
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

07/09/2022, 00:00

Not After

06/09/2032, 23:59

Subject

CN=Certera Code Signing CA,O=Certera,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:ca:86:d4:8e:41:0f:f0:62:11:e3:f3:72:50:6f:aa:5f:85:52:b1:5e:3b:29:55:b9:15:f4:7e:bf:c6:0c:26
Signer

Actual PE Digest

ad:ca:86:d4:8e:41:0f:f0:62:11:e3:f3:72:50:6f:aa:5f:85:52:b1:5e:3b:29:55:b9:15:f4:7e:bf:c6:0c:26

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFilePointer
InitializeCriticalSectionEx
GetCurrentThreadId
HeapSize
MultiByteToWideChar
Sleep
GetLastError
LockResource
HeapReAlloc
CloseHandle
RaiseException
CreateThread
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
ExitProcess
GetProcessHeap
GetModuleHandleW
LeaveCriticalSection
WideCharToMultiByte
SetConsoleOutputCP
GetFileType
lstrcmpiW
LoadLibraryExW
FlushFileBuffers
CreateFileW
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
LCMapStringW
FlsFree
GetModuleFileNameW
ExpandEnvironmentStringsW
WriteFile
GetConsoleOutputCP
EnterCriticalSection
SetLastError
HeapFree
SizeofResource
FreeLibrary
ReadFile
FlsSetValue
FlsGetValue
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetStdHandle
WriteConsoleW
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

SetWindowLongPtrW
LoadCursorW
TranslateMessage
CharNextW
PeekMessageW
DispatchMessageW
RegisterClassExW
GetWindowLongPtrW
MsgWaitForMultipleObjects
UnregisterClassW
CreateWindowExW
DefWindowProcW
CallWindowProcW
MessageBoxW
GetClassInfoExW

advapi32

RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

ole32

CoInitialize
CoTaskMemAlloc
StringFromGUID2
CoGetObject
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString
CoGetInstanceFromFile
CoUninitialize

oleaut32

LoadRegTypeLi
VariantInit
LoadTypeLi
SysFreeString
SysAllocString
VariantCopy
SysStringLen
SafeArrayUnaccessData
SysAllocStringLen
LoadTypeLibEx
VariantChangeType
VariantClear
VarUI4FromStr
SafeArrayAccessData

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setups.exe.vir
.exe windows:5 windows x64 arch:x64

6776d1a14285e6e41d63673627273c93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcrt

__C_specific_handler

Sections

.text
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.:Vn
Size: - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XE=
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.!'{
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.$\-
Size: 16.1MB - Virtual size: 16.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 893B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tidex_-_short_stuff.exe.vir
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 13KB - Virtual size: 2.6MB
up.exe.vir
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 510KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 30KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 44KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4.4MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

34b5ed9627adc2a136538773f5ab1f74

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comctl32

wininet

shlwapi

winmm

Sections

.MPRESS1 Size: 186KB - Virtual size: 720KB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 282KB - Virtual size: 282KB

e569e6f445d32ba23766ad67d1e3787f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

version

user32

oleaut32

netapi32

advapi32

Exports

Exports

Sections

.text Size: 718KB - Virtual size: 718KB

.itext Size: 6KB - Virtual size: 5KB

.data Size: 14KB - Virtual size: 13KB

.bss Size: - Virtual size: 27KB

.idata Size: 4KB - Virtual size: 3KB

.didata Size: 512B - Virtual size: 420B

.edata Size: 512B - Virtual size: 154B

.tls Size: - Virtual size: 24B

.rdata Size: 512B - Virtual size: 93B

.rsrc Size: 68KB - Virtual size: 68KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 212KB - Virtual size: 211KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

eW*^~AHp Size: 1.3MB - Virtual size: 1.3MB

.text Size: 647KB - Virtual size: 646KB

.rsrc Size: 3KB - Virtual size: 2KB

Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

ac18dc6a1c61398696cfd62f5dc166eb

Code Sign

e3:21:4c:81:33:95:40:a3:80:4f:ca:65:6f:5a:ea:7dCertificate

Extended Key Usages

Key Usages

1f:28:46:f8:93:d5:a8:4d:3f:b3:50:5a:89:34:d5:e3:94:70:de:7f:88:45:5b:1a:e0:f0:62:72:51:64:d7:f3Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

.MPRESS1
Size: 186KB - Virtual size: 720KB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 282KB - Virtual size: 282KB

.text
Size: 718KB - Virtual size: 718KB

.itext
Size: 6KB - Virtual size: 5KB

.data
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 420B

.edata
Size: 512B - Virtual size: 154B

.tls
Size: - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 68KB - Virtual size: 68KB

.text
Size: 212KB - Virtual size: 211KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

eW*^~AHp
Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 647KB - Virtual size: 646KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

e3:21:4c:81:33:95:40:a3:80:4f:ca:65:6f:5a:ea:7d
Certificate

1f:28:46:f8:93:d5:a8:4d:3f:b3:50:5a:89:34:d5:e3:94:70:de:7f:88:45:5b:1a:e0:f0:62:72:51:64:d7:f3
Signer

.text
Size: - Virtual size: 2.3MB

.rdata
Size: - Virtual size: 919KB

.data
Size: - Virtual size: 60KB

.Y=L
Size: - Virtual size: 3.2MB

.Y.^
Size: 6KB - Virtual size: 6KB

.Lg]
Size: 7.0MB - Virtual size: 7.0MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 112KB - Virtual size: 111KB

.text
Size: 784KB - Virtual size: 783KB

.rdata
Size: 112KB - Virtual size: 109KB

.data
Size: 104KB - Virtual size: 352KB

.rsrc
Size: 28KB - Virtual size: 24KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

e0:42:cf:38:a9:cf:02:4a:38:f0:8e:81:65:59:09:85
Certificate

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0e
Certificate

ad:ca:86:d4:8e:41:0f:f0:62:11:e3:f3:72:50:6f:aa:5f:85:52:b1:5e:3b:29:55:b9:15:f4:7e:bf:c6:0c:26
Signer

.text
Size: 174KB - Virtual size: 174KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 12KB - Virtual size: 12KB