chrome[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

chrome.dll
Size

30.7MB
MD5

1aba22701a5a6069d3a408409a7dc7ca
SHA1

2b6c76bb589cf223eb8349e9e4d6cd7db8f0a5bd
SHA256

98351c2c0c50b5616dbdb575cae8da636cb45a9220d96e84627f54ce32268c2d
SHA512

fcc3c1c6252a8eb46835cce99d1cd52a34a59548eb82037253186b4c7f751f1fc8b62965fa8576e24f4ef38b1695ab44f4173b95222c283cb46a1b93fed75cce
SSDEEP

786432:RdbKL+KzzVnJY7AM/IKU8Ly953ByTvSTCr0MiQT8crk7Ky4pUFYh:RdbKL+KdnJcAM/IKU8LEBqv2CrtiQxrn

Score

1^/10

Malware Config

Signatures

Files

chrome.dll
.dll windows:5 windows x86 arch:x86

75d6c0c2141bd05c2ad4539b838589f6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29/01/2014, 00:00

Not After

29/01/2016, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing+OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c0:00:36:f8:3e:40:b3:3e:91:71:85:3e:a0:bf:d1:0d:28:c0:d3:2f
Signer

Actual PE Digest

c0:00:36:f8:3e:40:b3:3e:91:71:85:3e:a0:bf:d1:0d:28:c0:d3:2f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnregisterClassW
DrawEdge
DefRawInputProc
GetRawInputDeviceList
RegisterRawInputDevices
GetRawInputDeviceInfoW
GetRawInputData
ScreenToClient
GetDoubleClickTime
UpdateLayeredWindow
WindowFromPoint
EndPaint
BeginPaint
GetCapture
CallWindowProcW
TrackMouseEvent
ClientToScreen
NotifyWinEvent
GetWindow
ClipCursor
GetCursorPos
RemovePropW
SetPropW
SetFocus
IsZoomed
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetWindowTextW
EnumChildWindows
SetParent
RedrawWindow
SetWindowRgn
EndDeferWindowPos
DeferWindowPos
OpenClipboard
ShowWindow
SendNotifyMessageW
RegisterWindowMessageW
IsHungAppWindow
GetPropW
GetMenuItemCount
FillRect
GetClientRect
GetClassLongW
AdjustWindowRectEx
EnumWindows
PtInRect
GetWindowRgn
GetParent
ValidateRect
MessageBeep
DrawFrameControl
GetSysColorBrush
DrawFocusRect
FrameRect
InvertRect
InflateRect
RegisterHotKey
UnregisterHotKey
SetWindowTextW
EnumThreadWindows
IsWindowVisible
EnableWindow
DestroyIcon
MessageBoxA
LoadCursorW
EnumDisplaySettingsExW
PrintWindow
CloseClipboard
GetClipboardSequenceNumber
SetClipboardData
GetClipboardData
MapVirtualKeyW
GetWindowInfo
MonitorFromPoint
FindWindowExW
GetAncestor
MonitorFromRect
GetWindowThreadProcessId
GetClassNameW
IsRectEmpty
MapWindowPoints
GetWindowRect
GetForegroundWindow
TrackPopupMenu
GetCursorInfo
GetIconInfo
RealChildWindowFromPoint
OffsetRect
RegisterClipboardFormatW
EmptyClipboard
IsClipboardFormatAvailable
MessageBoxW
GetMessageW
SendInput
OpenInputDesktop
SendMessageCallbackW
EndDialog
GetGuiResources
IntersectRect
EqualRect
SendMessageTimeoutW
IsChild
AllowSetForegroundWindow
ShowCursor
SetCursorPos
GetCaretBlinkTime
GetMenuState
CreatePopupMenu
DestroyMenu
GetSubMenu
GetMenuInfo
SetMenuInfo
EndMenu
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextExW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetRectEmpty
GetMessagePos
GetMessageTime
GetThreadDesktop
SetThreadDesktop
GetSystemMenu
GetDesktopWindow
SetWindowPos
GetClassInfoExW
GetSysColor
SetWindowLongW
GetWindowLongW
InvalidateRect
ReleaseDC
GetDC
SendMessageW
LoadIconW
GetMonitorInfoW
MonitorFromWindow
SetForegroundWindow
MoveWindow
DestroyWindow
SetTimer
PostQuitMessage
KillTimer
WaitMessage
GetQueueStatus
TranslateMessage
RegisterClassExW
CallMsgFilterW
MsgWaitForMultipleObjectsEx
CreateWindowExW
DefWindowProcW
DispatchMessageW
GetActiveWindow
CharUpperW
PostMessageW
GetKeyState
IsWindowEnabled
FindWindowW
SystemParametersInfoW
IsWindow
GetSystemMetrics
CharNextW
PostThreadMessageW
PeekMessageW
UnionRect
SetCursor
GetWindowTextLengthW
ShowScrollBar
GetWindowDC
SetMenuDefaultItem
EnableMenuItem
ReleaseCapture
SetCapture
IsIconic
GetUpdateRect
EnumDisplayDevicesW
SetKeyboardState
EnumDisplayMonitors
EnumDisplaySettingsW
CreateIconIndirect
DrawIconEx
LoadImageW
SetWindowPlacement
GetWindowPlacement
GetLastInputInfo
GetMessageExtraInfo
SetCaretPos
DestroyCaret
CreateCaret
GetKeyboardState
GetFocus
GetKeyboardLayout
GetKeyboardLayoutList
GetUserObjectInformationW
GetAsyncKeyState
CloseDesktop
BeginDeferWindowPos
FlashWindowEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

usp10

ScriptFreeCache
ScriptItemize
ScriptLayout
ScriptShape
ScriptPlace
ScriptCPtoX
ScriptXtoCP
ScriptGetFontProperties
ScriptStringAnalyse
ScriptStringFree
ScriptStringOut

psapi

GetProcessMemoryInfo
GetModuleInformation
GetMappedFileNameW
QueryWorkingSet
GetModuleFileNameExW
EnumProcessModules

shlwapi

PathFindFileNameW
PathFindExtensionW
SHGetValueA
PathIsUNCW
SHStrDupW
AssocQueryStringW
PathRemoveExtensionW

advapi32

LogonUserW
CryptAcquireContextW
ControlTraceW
ReadEventLogW
OpenEventLogW
CloseEventLog
RegEnumValueA
LookupAccountSidW
SetSecurityInfo
GetSecurityDescriptorSacl
LookupAccountNameW
GetUserNameW
CloseTrace
ProcessTrace
OpenTraceW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptSetHashParam
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
CreateProcessAsUserW
RegNotifyChangeKeyValue
RegEnumValueW
RegQueryValueExW
StartTraceW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
CryptGenKey
CryptDestroyKey
GetFileSecurityW
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

kernel32

DeleteCriticalSection
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryA
GetStdHandle
SetConsoleTextAttribute
FreeConsole
AllocConsole
ReadConsoleW
WriteConsoleW
ResetEvent
CreateEventW
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
FreeLibrary
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
MultiByteToWideChar
HeapReAlloc
TlsGetValue
HeapAlloc
HeapFree
HeapCreate
SetLastError
HeapSize
HeapSetInformation
VirtualAlloc
VirtualFree
VirtualQuery
InterlockedCompareExchange
TlsSetValue
InterlockedExchange
FindClose
GetSystemInfo
VirtualProtect
TlsAlloc
SwitchToThread
GetModuleHandleA
GetVersionExW
GetEnvironmentVariableA
Module32First
CreateToolhelp32Snapshot
Module32Next
CloseHandle
GetCurrentProcessId
CreateFileA
SetEndOfFile
WriteFile
Sleep
GetEnvironmentVariableW
GetCurrentProcess
LocalFree
IsDebuggerPresent
CreateMutexW
SetFilePointer
WaitForSingleObject
GetTickCount
FormatMessageA
CreateFileW
OutputDebugStringA
ReleaseMutex
DeleteFileW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetTempFileNameW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetLogicalDriveStringsW
CreateDirectoryW
GetVolumePathNameW
CopyFileW
GetFileAttributesW
ReplaceFileW
ReadFile
GetTempPathW
GetCurrentDirectoryW
GetLongPathNameW
MoveFileW
CreateFileMappingW
SetCurrentDirectoryW
RemoveDirectoryW
QueryDosDeviceW
GetFileAttributesExW
SetFileAttributesW
GetVolumeInformationW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
QueryPerformanceFrequency
SetEnvironmentVariableW
RtlCaptureStackBackTrace
TryEnterCriticalSection
ExpandEnvironmentStringsW
GetUserDefaultLangID
GetCurrentThread
SetThreadPriority
DuplicateHandle
CreateThread
OpenProcess
SetErrorMode
TerminateProcess
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetProcessIoCounters
VirtualQueryEx
GetProcessTimes
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
SetEvent
GetLastError
CreateProcessW
AssignProcessToJobObject
AttachConsole
ResumeThread
RegisterWaitForSingleObject
UnregisterWaitEx
TlsFree
SetFilePointerEx
UnlockFile
LockFile
SetFileTime
FlushFileBuffers
GetFileSizeEx
GetFileInformationByHandle
GetProcessId
GetModuleHandleExA
GetNativeSystemInfo
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetSystemDirectoryW
GetWindowsDirectoryW
OpenFileMappingW
SetUnhandledExceptionFilter
Process32FirstW
Process32NextW
DebugBreak
WideCharToMultiByte
GetSystemTime
CreateFileMappingA
SuspendThread
GetProcessAffinityMask
SetThreadAffinityMask
CreateSemaphoreA
DeleteFileA
ReleaseSemaphore
MoveFileA
SetEnvironmentVariableA
GetDiskFreeSpaceA
GetLogicalDrives
GlobalMemoryStatus
GetVolumeInformationA
GetComputerNameA
GetTempPathA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetFullPathNameW
LockFileEx
UnlockFileEx
InitializeCriticalSection
FormatMessageW
AreFileApisANSI
GetLocaleInfoW
GetLocaleInfoA
GetNumberFormatW
GetCurrencyFormatW
GetACP
GetThreadLocale
GetTimeZoneInformation
GetGeoInfoA
GetUserGeoID
GlobalFree
GetComputerNameExW
CancelIo
ConnectNamedPipe
CreateNamedPipeW
GetNamedPipeInfo
GetDateFormatW
LockResource
InterlockedExchangeAdd
IsProcessInJob
QueryInformationJobObject
GetThreadContext
OpenThread
GetTempFileNameA
GetFileType
GetThreadTimes
DisconnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
GetNamedPipeHandleStateW
ExitProcess
FileTimeToLocalFileTime
GetStartupInfoW
VirtualAllocEx
VirtualFreeEx
SetThreadExecutionState
GetSystemPowerStatus
FlushInstructionCache
DefineDosDeviceW
DeviceIoControl
GetGeoInfoW
DebugActiveProcess
GetComputerNameW
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDriveTypeW
GetStringTypeW
GetCPInfo
GetOEMCP
IsValidCodePage
RaiseException
DecodePointer
GetProcAddress
GetModuleHandleW
WaitForMultipleObjects
WaitCommEvent
SetCommTimeouts
SetCommState
InterlockedPushEntrySList
OpenEventW
MulDiv
Module32FirstW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
CreateSemaphoreW
UnhandledExceptionFilter
Module32NextW
GetConsoleDisplayMode
GlobalSize
RtlUnwind
ExitThread
GetProcessHeap
SetStdHandle
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
GetCommandLineA
IsProcessorFeaturePresent
EncodePointer
LoadLibraryExA
GlobalLock
GlobalUnlock
QueueUserWorkItem
FindFirstChangeNotificationW
FindCloseChangeNotification
GetUserDefaultUILanguage
GetOverlappedResult
VerSetConditionMask
GetShortPathNameW
VerifyVersionInfoW
WTSGetActiveConsoleSessionId
GetSystemDirectoryA
GlobalAlloc
GetPrivateProfileStringW
lstrcmpW
CreateWaitableTimerW
TerminateThread
SleepEx
MapViewOfFileEx
GetLocalTime
WriteProcessMemory
ReadProcessMemory
ContinueDebugEvent
WaitForDebugEvent
SetThreadContext
GetThreadSelectorEntry
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
ClearCommError
EscapeCommFunction
GetCommModemStatus
GetCommState
PurgeComm
GetExitCodeProcess
SetCommMask
GetCommandLineW

ole32

DoDragDrop
CLSIDFromString
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
CoInitializeEx
PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize
RegisterDragDrop
OleUninitialize
OleInitialize
ReleaseStgMedium
OleDuplicateData
RevokeDragDrop
GetHGlobalFromStream
CoGetObject

oleaut32

SysStringLen
VarUI4FromStr
SysFreeString
VariantClear
VariantTimeToSystemTime
LoadRegTypeLi
SysAllocString
LoadTypeLi

netapi32

NetApiBufferFree
NetUserGetInfo
NetGetJoinInformation

userenv

GetAppliedGPOListW
FreeGPOListW
UnregisterGPNotification
RegisterGPNotification
DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSQueryUserToken

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

secur32

GetUserNameExW
InitializeSecurityContextA
AcquireCredentialsHandleW
FreeCredentialsHandle
InitializeSecurityContextW
DeleteSecurityContext
FreeContextBuffer
QuerySecurityPackageInfoW
CompleteAuthToken
AcquireCredentialsHandleA

winmm

midiOutClose
timeKillEvent
timeSetEvent
waveOutReset
waveOutRestart
waveOutPause
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInClose
waveInOpen
waveInGetDevCapsW
waveOutGetDevCapsW
waveInMessage
waveInGetNumDevs
waveOutGetNumDevs
midiInReset
midiInStop
midiInStart
midiInAddBuffer
midiInUnprepareHeader
midiInPrepareHeader
midiInClose
midiInOpen
midiInGetDevCapsW
midiInGetNumDevs
midiOutReset
midiOutLongMsg
midiOutShortMsg
midiOutUnprepareHeader
midiOutPrepareHeader
midiOutGetNumDevs
midiOutOpen
midiOutGetDevCapsW
timeEndPeriod
timeGetTime
timeGetDevCaps
timeBeginPeriod

gdi32

SetRectRgn
SetDIBits
ExtCreatePen
GetICMProfileW
ModifyWorldTransform
GetWorldTransform
SetTextColor
StretchBlt
SetBkColor
CreateCompatibleBitmap
CreateBitmap
BitBlt
EnumFontFamiliesExW
GetFontData
ExtTextOutW
CreateSolidBrush
PtInRegion
CreateRectRgn
EnumEnhMetaFile
DeleteEnhMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
GetStockObject
GetTextMetricsW
SetMapMode
GetTextExtentPoint32W
CreateCompatibleDC
GetTextFaceW
GetObjectW
SelectObject
DeleteObject
CreateFontW
CreateFontIndirectW
EndPage
StartPage
EndDoc
StartDocW
SetWorldTransform
SetGraphicsMode
SaveDC
RestoreDC
GetDeviceCaps
DeleteDC
CreateDCW
StrokePath
StrokeAndFillPath
SetMiterLimit
Rectangle
GetTextColor
GetStretchBltMode
GetCurrentObject
CreatePen
SetBrushOrgEx
PolyBezier
SetArcDirection
PathToRegion
EndPath
BeginPath
AbortPath
SetStretchBltMode
SetROP2
CreatePolygonRgn
ExtEscape
StretchDIBits
GetEnhMetaFileBits
GetEnhMetaFileHeader
PlayEnhMetaFile
PlayEnhMetaFileRecord
SetEnhMetaFileBits
CreateDIBSection
CancelDC
SetAbortProc
GetBkColor
CombineRgn
CreateRectRgnIndirect
EqualRgn
ExcludeClipRect
GetRgnBox
GetDIBits
SetDIBitsToDevice
GdiAlphaBlend
GetCharABCWidthsW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetBkMode
SetTextAlign
GdiFlush
SelectClipRgn
SetDCBrushColor
SetDCPenColor
SetPolyFillMode

comctl32

InitCommonControlsEx

chrome_elf

GetBlacklistIndex
SuccessfullyBlocked
IsBlacklistInitialized
GetRedirectCount

credui

CredUIPromptForCredentialsW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreateSequential

hid

HidP_GetButtonCaps
HidP_GetValueCaps
HidD_GetAttributes
HidD_GetPreparsedData
HidP_GetCaps
HidD_FreePreparsedData
HidD_SetNumInputBuffers

ntdsapi

DsBindW
DsUnBindW

Exports

Exports

ChromeMain
IsSandboxedProcess
RelaunchChromeBrowserWithNewCommandLineIfNeeded
nacl_global_xlate_base
nacl_thread_ids
nacl_user

Sections

.text
Size: 23.0MB - Virtual size: 23.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 762KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.syzygy
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 986KB - Virtual size: 986KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75d6c0c2141bd05c2ad4539b838589f6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c0:00:36:f8:3e:40:b3:3e:91:71:85:3e:a0:bf:d1:0d:28:c0:d3:2fSigner

Headers

DLL Characteristics

File Characteristics

Imports

user32

version

usp10

psapi

shlwapi

advapi32

kernel32

ole32

oleaut32

netapi32

userenv

wtsapi32

oleacc

secur32

winmm

gdi32

comctl32

chrome_elf

credui

wintrust

rpcrt4

hid

ntdsapi

Exports

Exports

Sections

.text Size: 23.0MB - Virtual size: 23.0MB

.rdata Size: 6.3MB - Virtual size: 6.3MB

.data Size: 279KB - Virtual size: 762KB

.tls Size: 512B - Virtual size: 2B

.rodata Size: 4KB - Virtual size: 4KB

_RDATA Size: 2KB - Virtual size: 2KB

.syzygy Size: 1KB - Virtual size: 1KB

.rsrc Size: 172KB - Virtual size: 171KB

.reloc Size: 986KB - Virtual size: 986KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c0:00:36:f8:3e:40:b3:3e:91:71:85:3e:a0:bf:d1:0d:28:c0:d3:2f
Signer

.text
Size: 23.0MB - Virtual size: 23.0MB

.rdata
Size: 6.3MB - Virtual size: 6.3MB

.data
Size: 279KB - Virtual size: 762KB

.tls
Size: 512B - Virtual size: 2B

.rodata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 2KB - Virtual size: 2KB

.syzygy
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 172KB - Virtual size: 171KB

.reloc
Size: 986KB - Virtual size: 986KB