2024-01-09_89f2adaf42d1583843e6f6c8367f708e_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-09_89f2adaf42d1583843e6f6c8367f708e_ryuk
Size

1.8MB
MD5

89f2adaf42d1583843e6f6c8367f708e
SHA1

92cb3e1dc692f09a1f00589b7c43d52b07fe7ddb
SHA256

736d1017d249e384693ee7d987f8399f5c84dd3270565c7dee21311c543bc9bc
SHA512

2e2a86d28d733106671439ef18a635112b7f465a1c2ef048075c6b00e01112869dc06ee5dd5b15b7770c565353bc698f47904dcb8a5eb0e475cb982050c3993c
SSDEEP

24576:ohphxBQgwPk1ywaskFd8mL5AmrYNmmqIoR1G32fLtahPDHjOhXI51MU8BSc:JOQ5k0nIoO3mtgvB+t

Score

1^/10

Malware Config

Signatures

Files

2024-01-09_89f2adaf42d1583843e6f6c8367f708e_ryuk
.exe windows:5 windows x64 arch:x64

ded9dafcdde3c1f6348cd76bef22a54a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

da:99:cf:f4:ef:e6:b3:ed:a6:3d:df:f3:b6:99:93:e4
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/05/2015, 00:00

Not After

30/04/2020, 23:59

Subject

CN=Krzysztof Kowalczyk,O=Krzysztof Kowalczyk,POSTALCODE=94110,STREET=\#202+STREET=3388 17th st,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:95:7d:c0:b2:df:18:7b:aa:e5:72:08:29:5b:2e:28:cd:aa:ad:e4
Signer

Actual PE Digest

ab:95:7d:c0:b2:df:18:7b:aa:e5:72:08:29:5b:2e:28:cd:aa:ad:e4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

InitCommonControlsEx
ImageList_GetIconSize
ImageList_Draw
ImageList_Create
ImageList_AddMasked
CreatePropertySheetPageW
ord412
ord410
ord413
ImageList_Destroy

gdiplus

GdipSetStringFormatLineAlign
GdipAddPathEllipseI
GdipAddPathArcI
GdipCreateFontFromLogfontA
GdipPathIterNextMarkerPath
GdipSetPathMarker
GdipGetRegionHRgn
GdipSetInterpolationMode
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipSetClipRectI
GdipGetPathData
GdipCreatePathIter
GdipPathIterRewind
GdipDeletePathIter
GdipTransformPointsI
GdipSetStringFormatTrimming
GdipIsVisibleRectI
GdipCreateFromHWND
GdipAddPathLineI
GdipCreateRegionPath
GdipIsVisiblePathPointI
GdipGetPointCount
GdipCreatePath2
GdipCreateFontFromDC
GdipResetWorldTransform
GdipStringFormatGetGenericDefault
GdipSetCompositingMode
GdipAddPathRectangleI
GdipWindingModeOutline
GdipDrawImageRectRect
GdipDrawRectangle
GdipGetPropertyItem
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipImageSelectActiveFrame
GdiplusStartup
GdipSetImageAttributesWrapMode
GdipImageGetFrameCount
GdipDrawImageRectRectI
GdipGetPropertyItemSize
GdipGetFamily
GdipTransformMatrixPoints
GdipSetWorldTransform
GdipInvertMatrix
GdipSetPenDashArray
GdipDrawLine
GdipSetPenDashOffset
GdipGetFamilyName
GdipGetImageHorizontalResolution
GdipCreateHBITMAPFromBitmap
GdipSetPropertyItem
GdipGetImageEncoders
GdipBitmapUnlockBits
GdipRotateMatrix
GdipScaleMatrix
GdipCreateBitmapFromStream
GdipGetRegionBounds
GdipMeasureCharacterRanges
GdipCloneBitmapAreaI
GdipGetStringFormatFlags
GdipBitmapSetResolution
GdipBitmapLockBits
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipGetImageEncodersSize
GdipDeleteStringFormat
GdipSetStringFormatMeasurableCharacterRanges
GdipSetStringFormatFlags
GdipScaleWorldTransform
GdipFillEllipseI
GdipTranslateWorldTransform
GdipGetImageHeight
GdipDrawRectangleI
GdipCreateRegion
GdipSetClipRegion
GdipCreateFromHDC
GdipGetClip
GdipCreateBitmapFromGraphics
GdipDeleteRegion
GdipGetImageWidth
GdipDrawImageI
GdipCreatePen1
GdipAddPathLine
GdipCreatePath
GdipClosePathFigure
GdipStartPathFigure
GdipSetSolidFillColor
GdipFillRectangleI
GdipTransformPath
GdipDeletePath
GdipCreateMatrix
GdipSetPenMiterLimit
GdipFillPath
GdipFillRectangle
GdipDrawPath
GdipDrawString
GdipTranslateMatrix
GdipClonePath
GdipGetPathWorldBoundsI
GdipSetPenMode
GdipDeleteMatrix
GdipGetFontHeight
GdipDeleteBrush
GdipCreateLineBrushFromRect
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteFontFamily
GdipSetCompositingQuality
GdipCreateFontFamilyFromName
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipSetSmoothingMode
GdipCreateFont
GdipSetPageUnit
GdipGetLogFontW
GdipGetGenericFontFamilySansSerif
GdipFree
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipCreatePen2
GdipDeletePen
GdipDrawLineI
GdipCreateBitmapFromGdiDib
GdipGetDC
GdipReleaseDC
GdipCreateStringFormat
GdipSetPenColor

kernel32

GetModuleHandleW
CopyFileW
GetSystemTimeAsFileTime
GetCommandLineW
GetFullPathNameW
SetErrorMode
UnmapViewOfFile
Sleep
ExitProcess
GetCurrentProcessId
CreateFileMappingW
CloseHandle
GetLastError
FormatMessageW
SetFileAttributesW
GetFileAttributesW
WaitForSingleObject
Thread32Next
Thread32First
SuspendThread
ResumeThread
GetModuleHandleA
GetThreadContext
VirtualQuery
OpenThread
FileTimeToLocalFileTime
FileTimeToDosDateTime
MapViewOfFile
ReadConsoleW
SetEndOfFile
HeapSize
GetTimeZoneInformation
WriteConsoleW
SetFilePointerEx
FindNextFileA
FindFirstFileExA
GetCommandLineA
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
SetStdHandle
GetCurrentDirectoryW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
MoveFileExW
IsValidLocale
LCMapStringW
CompareStringW
CreateProcessA
GetCurrentThread
GetStringTypeW
GetModuleFileNameA
GetModuleHandleExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
SetConsoleCtrlHandler
SetLastError
RtlPcToFileHeader
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetUserDefaultUILanguage
SetUnhandledExceptionFilter
Module32NextW
GlobalMemoryStatusEx
HeapDestroy
Module32FirstW
HeapAlloc
GetSystemInfo
HeapReAlloc
CreateToolhelp32Snapshot
GetLocaleInfoA
GetVersionExW
GetEnvironmentVariableA
HeapFree
HeapCreate
GlobalFree
SetThreadExecutionState
SystemTimeToFileTime
GetTickCount
GetLogicalDrives
GetDateFormatW
GetTimeFormatW
GlobalAddAtomW
GlobalDeleteAtom
SetFilePointer
GetACP
TryEnterCriticalSection
GetExitCodeProcess
GetEnvironmentVariableW
TerminateProcess
GetSystemTime
OutputDebugStringA
RaiseException
ReadDirectoryChangesW
QueueUserAPC
ResetEvent
CreateThread
SetEvent
CreateEventW
WaitForMultipleObjectsEx
CompareFileTime
CancelIo
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetFileTime
GetDriveTypeW
GetTempFileNameW
DeleteFileW
GetFileAttributesExW
GetFileInformationByHandle
GetVolumePathNameW
GetTempPathW
GetPrivateProfileIntW
GetShortPathNameW
GetLongPathNameW
WritePrivateProfileStringW
GetFileSizeEx
ReadFile
CreateDirectoryW
CreateFileW
WriteFile
WideCharToMultiByte
MultiByteToWideChar
FindClose
FindNextFileW
FindFirstFileW
MulDiv
AllocConsole
GlobalUnlock
FormatMessageA
VerifyVersionInfoW
lstrcpyW
CreateProcessW
VerSetConditionMask
GlobalLock
GetWindowsDirectoryW
FindResourceW
LoadResource
GlobalAlloc
LockResource
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
SetConsoleScreenBufferSize
GetCurrentProcess
GetConsoleScreenBufferInfo
SizeofResource
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LocalFree
GetUserDefaultLCID

user32

ShowWindow
GetParent
UpdateWindow
InvalidateRect
GetAncestor
IsIconic
IsCharUpperW
IsWindow
BeginDeferWindowPos
SetTimer
GetSysColor
ReleaseDC
SetCursor
GetScrollPos
GetSystemMetrics
SendMessageW
ScreenToClient
CreateWindowExW
MessageBoxW
SetWindowPos
IsWindowVisible
DestroyWindow
GetFocus
GetWindowRect
MapVirtualKeyW
SetForegroundWindow
DdeFreeStringHandle
SystemParametersInfoW
EnableMenuItem
DdeDisconnect
GetDesktopWindow
DrawTextW
CheckMenuItem
RemoveMenu
SetClipboardData
GetWindowDC
DdeFreeDataHandle
DdeClientTransaction
DdeUninitialize
DdeInitializeW
EmptyClipboard
SetMenuItemInfoW
CloseClipboard
ClientToScreen
GetMonitorInfoW
GetWindowInfo
DdeConnect
DdeCreateStringHandleW
OpenClipboard
EnumDisplayMonitors
MonitorFromWindow
MonitorFromRect
CopyImage
GetDC
AdjustWindowRectEx
TrackMouseEvent
GetWindowLongPtrW
FillRect
SetWindowLongPtrW
ReleaseCapture
SetCapture
GetCapture
SetLayeredWindowAttributes
GetCursorPos
IsCharAlphaNumericW
EnableWindow
DialogBoxParamW
CheckDlgButton
GetDlgItem
IsDlgButtonChecked
DialogBoxIndirectParamW
SendDlgItemMessageW
MapWindowPoints
SetDlgItemTextW
EndDialog
CheckRadioButton
GetWindow
CallWindowProcW
UnpackDDElParam
IsWindowUnicode
MessageBeep
ShowWindowAsync
ReuseDDElParam
GetWindowTextLengthW
SetActiveWindow
LoadImageW
ShowCaret
SetClassLongPtrW
HideCaret
GetUpdateRect
ValidateRect
InvalidateRgn
CharLowerW
GetScrollInfo
GetCursor
RedrawWindow
GetMessagePos
CreateMenu
AppendMenuW
TrackPopupMenu
CreatePopupMenu
InsertMenuW
GetMenu
GetMenuItemID
CheckMenuRadioItem
ModifyMenuW
DrawFrameControl
DrawEdge
SetMenuDefaultItem
OffsetRect
GetMenuItemCount
GetSystemMenu
GetMenuItemInfoW
wsprintfA
BeginPaint
GetForegroundWindow
GetPropW
RemovePropW
MoveWindow
GetWindowThreadProcessId
GetMessageW
AllowSetForegroundWindow
FindWindowExW
RegisterClassExW
LoadAcceleratorsW
DispatchMessageW
ShowScrollBar
LoadBitmapW
TranslateAcceleratorW
TranslateMessage
LoadIconW
FindWindowW
LoadCursorW
SetParent
GetWindowLongW
SetScrollInfo
DeferWindowPos
DefWindowProcW
GetKeyState
SetMenu
DestroyMenu
SetFocus
EndPaint
EndDeferWindowPos
SetWindowLongW
GetClientRect
IsZoomed
KillTimer
PostQuitMessage
CharLowerBuffW
PostMessageW
SetPropW

gdi32

LineTo
SetBkMode
GetTextExtentPoint32W
DeleteDC
GetDeviceCaps
GetDIBits
SetGraphicsMode
CreateCompatibleDC
SetDIBColorTable
GetDIBColorTable
CreateDIBSection
SelectObject
CreateCompatibleBitmap
BitBlt
ExtTextOutW
CreateSolidBrush
SetBkColor
SetTextColor
SetROP2
CreateBitmap
CreatePatternBrush
PatBlt
SetBrushOrgEx
GetObjectW
GetObjectA
SetDIBits
MoveToEx
SetLayout
CreateRoundRectRgn
TextOutW
SelectClipRgn
RoundRect
GetClipBox
CreateRectRgn
SetViewportOrgEx
ExcludeClipRect
ExtSelectClipRgn
StartPage
AbortDoc
CreateFontIndirectW
CreateDCW
SetMapMode
StartDocW
EndPage
SetStretchBltMode
StretchBlt
CreatePen
DeleteObject
GetStockObject
SetWorldTransform
IntersectClipRect
EndDoc
Rectangle

comdlg32

GetSaveFileNameW
CommDlgExtendedError
PrintDlgExW
GetOpenFileNameW

shell32

SHChangeNotify
DragQueryFileW
SHGetDesktopFolder
ShellExecuteExW
SHBindToParent
SHGetFolderPathW
SHGetFileInfoW
SHAddToRecentDocs
DragAcceptFiles
DragFinish

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
ReleaseStgMedium
CoGetMalloc

libmupdf

gzopen_w
pdf_dict_puts_drop
fz_rethrow
deflate
pdf_is_dict
fz_new_buffer
fz_calloc
pdf_page_write
deflateEnd
pdf_new_dict
pdf_free_page
pdf_is_indirect
pdf_new_string
fz_free
pdf_dict_getp
fz_drop_image
pdf_insert_page
pdf_create_page
pdf_drop_obj
pdf_new_ref
fz_transform_rect
pdf_create_document
fz_malloc
deflateInit_
fz_free_compressed_buffer
fz_free_device
pdf_write_document
pdf_close_document
fz_new_image
fz_fill_image
gzclose
gzread
fz_closepath
fz_lineto
pdf_unmark_obj
fz_text_char_bbox
pdf_to_int
pdf_load_page_by_obj
fz_clone_stream
fz_new_text_device
xps_load_page
pdf_run_page
fz_new_draw_device
pdf_xref_len
pdf_dict_gets
pdf_dict_dels
pdf_install_load_system_font_funcs
fz_end_page
pdf_load_name_tree
fz_new_device
pdf_lookup_inherited_page_item
pdf_count_pages
fz_free_link_dest
pdf_is_int
pdf_load_outline
pdf_new_matrix
fz_read_all
fz_free_path
fz_drop_display_list
fz_xml_text
pdf_crypt_version
fz_free_xml
fz_xml_att
xps_free_part
pdf_parse_link_dest
fz_warn_imp
pdf_array_push
fz_tell
pdf_resolve_indirect
fz_drop_buffer
fz_new_text_page
fz_new_stroke_state
pdf_mark_obj
fz_xml_down
fz_fill_path
xps_close_document
fz_run_display_list
pdf_to_real
fz_rect_from_irect
pdf_needs_password
fz_md5_final
fz_new_bbox_device
fz_open_file_w
pdf_has_permission
fz_invert_matrix
pdf_new_indirect
pdf_new_int
pdf_to_str_len
fz_begin_group
pdf_lookup_dest
pdf_dict_put
pdf_new_obj_from_str
pdf_dict_getsa
fz_stroke_path
fz_rotate
fz_new_path
fz_begin_page
pdf_create_object
pdf_run_page_with_usage
pdf_copy_dict
fz_xml_next
fz_moveto
pdf_array_get
pdf_crypt_key
pdf_to_rect
pdf_cache_object
pdf_to_str_buf
pdf_new_array
xps_load_outline
pdf_is_name
pdf_open_document_with_stream
pdf_is_array
fz_seek
fz_new_list_device
pdf_dict_get_key
fz_parse_xml
xps_run_page
fz_pixmap_bbox
xps_bound_page
fz_free_text_sheet
fz_xml_is_tag
xps_read_part
xps_resolve_url
pdf_to_num
pdf_obj_parent_num
pdf_is_real
pdf_trailer
fz_new_context_imp
fz_device_bgr
fz_throw_imp
fz_drop_pixmap
fz_load_jpeg_info
fz_device_cmyk
fz_close
fz_var_imp
fz_free_context
fz_push_try
fz_read
fz_drop_colorspace
fz_device_gray
fz_new_pixmap_with_data
fz_open_memory
fz_open_dctd
fz_device_rgb
fz_load_jpx
fz_convert_pixmap
WebPDecodeBGRAInto
WebPGetInfo
fz_redirect_io_to_console
pdf_get_xref_entry
pdf_to_bool
pdf_to_name
fz_xml_tag
pdf_keep_obj
pdf_lex
fz_end_group
fz_new_display_list
fz_md5_update
pdf_crypt_revision
pdf_js_supported
xps_lookup_link_target_obj
pdf_new_bool
pdf_dict_len
fz_md5_init
pdf_is_stream
fz_open_buffer
xps_count_pages
fz_enable_device_hints
pdf_array_push_drop
fz_drop_stroke_state
fz_round_rect
fz_new_stream
fz_pre_scale
pdf_array_len
fz_strdup
fz_transform_point
fz_pre_translate
pdf_to_gen
fz_new_stroke_state_with_dash_len
pdf_dict_get_val
fz_new_link
fz_clear_pixmap_with_value
fz_new_pixmap_from_image
pdf_authenticate_password
xps_open_document_with_stream
pdf_update_stream
pdf_update_object
pdf_load_stream
pdf_bound_page
fz_new_pixmap_with_bbox
fz_intersect_rect
pdf_file_spec_to_str
pdf_to_ucs2_buf
fz_free_text_page
ddjvu_context_release
ddjvu_document_get_pagetext
ddjvu_page_get_type
ddjvu_message_peek
ddjvu_document_get_pageinfo_imp
miniexp_cadr
ddjvu_document_get_fileinfo_imp
ddjvu_page_create_by_pageno
ddjvu_message_pop
ddjvu_document_get_outline
ddjvu_job_status
miniexp_cddr
ddjvu_context_create
miniexp_symbol
ddjvu_page_job
miniexp_stringp
ddjvu_page_set_rotation
ddjvu_document_job
ddjvu_page_render
gzerror
gzseek
gzopen
gztell
deflateInit2_
crc32
inflateEnd
inflate
inflateInit2_
ddjvu_document_create_by_filename_utf8
ddjvu_document_get_filenum
ddjvu_anno_get_hyperlinks
ddjvu_format_set_row_order
ddjvu_free
ddjvu_document_get_pagenum
ddjvu_miniexp_release
ddjvu_document_get_pageanno
ddjvu_stream_close
ddjvu_job_release
ddjvu_format_create
miniexp_to_str
ddjvu_format_release
ddjvu_document_create_by_data
miniexp_caddr
minilisp_finish
fz_free_outline
fz_matrix_expansion
fz_new_text_sheet
fz_atof

msimg32

GradientFill

shlwapi

StrStrW
StrStrIW
StrRStrIW
SHDeleteValueW
SHSetValueW
ord219
PathAppendW
PathIsRelativeW
PathIsNetworkPathW
SHDeleteKeyW
SHGetValueW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

HttpOpenRequestW
InternetOpenW
InternetReadFile
InternetSetOptionW
HttpSendRequestA
InternetConnectW
InternetCloseHandle
HttpQueryInfoW
InternetOpenUrlW

winspool.drv

ClosePrinter
DeviceCapabilitiesW
OpenPrinterW
DocumentPropertiesW
GetPrinterW
ord203

advapi32

RegOpenKeyExW
SystemFunction036
RegEnumKeyW
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExW
InitializeSecurityDescriptor
RegSetKeySecurity

oleaut32

SysAllocString
SafeArrayPutElement
SysFreeString
VariantClear
SafeArrayCreateVector
VariantInit

urlmon

CoInternetGetSession

Sections

.text
Size: 983KB - Virtual size: 982KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ded9dafcdde3c1f6348cd76bef22a54a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

da:99:cf:f4:ef:e6:b3:ed:a6:3d:df:f3:b6:99:93:e4Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

ab:95:7d:c0:b2:df:18:7b:aa:e5:72:08:29:5b:2e:28:cd:aa:ad:e4Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

gdiplus

kernel32

user32

gdi32

comdlg32

shell32

ole32

libmupdf

msimg32

shlwapi

version

wininet

winspool.drv

advapi32

oleaut32

urlmon

Sections

.text Size: 983KB - Virtual size: 982KB

.rdata Size: 598KB - Virtual size: 598KB

.data Size: 14KB - Virtual size: 32KB

.pdata Size: 60KB - Virtual size: 60KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 48B

.rsrc Size: 140KB - Virtual size: 139KB

.reloc Size: 7KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

da:99:cf:f4:ef:e6:b3:ed:a6:3d:df:f3:b6:99:93:e4
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

ab:95:7d:c0:b2:df:18:7b:aa:e5:72:08:29:5b:2e:28:cd:aa:ad:e4
Signer

.text
Size: 983KB - Virtual size: 982KB

.rdata
Size: 598KB - Virtual size: 598KB

.data
Size: 14KB - Virtual size: 32KB

.pdata
Size: 60KB - Virtual size: 60KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 48B

.rsrc
Size: 140KB - Virtual size: 139KB

.reloc
Size: 7KB - Virtual size: 7KB