5f66d07ff98b95fcd257b94b1a3fa9dc2f83be41c468c95272c46b02aecfbc91

Sharing

Copy URL Twitter E-mail

General

Target

5f66d07ff98b95fcd257b94b1a3fa9dc2f83be41c468c95272c46b02aecfbc91
Size

10.9MB
MD5

7e0fb3c972ecc1b8d5ba557da569d64b
SHA1

db745d96fad72a0608d1962c81789385c1eb3cf3
SHA256

5f66d07ff98b95fcd257b94b1a3fa9dc2f83be41c468c95272c46b02aecfbc91
SHA512

f498e7c6e5d4f0a816eda1f09a29e778980074d2012d8dbfae2ad763533522a13f15f28130e77f1d415df94e8f13be172e2612a28cd5565640d39f69c2420b98
SSDEEP

98304:7W+3QPXdmaKpFFl89JMwCzVQMHgNk9IbgizokB2dG3mPKf/rX9pr:yG/aKpBzVVHgNk9Ib3cw2WmPKf/rX9

Score

1^/10

Malware Config

Signatures

Files

5f66d07ff98b95fcd257b94b1a3fa9dc2f83be41c468c95272c46b02aecfbc91
.exe windows:6 windows x64 arch:x64

3c3e62b2820beb6f87ac6db1f4f8d019

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:9f:b7:dc:b6:42:7d:8c:bc:a6:41:42:dc:93:ca:1c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/06/2021, 00:00

Not After

13/08/2024, 23:59

Subject

CN=Maxon Computer GmbH,OU=SOFTWARE DEVELOPMENT,O=Maxon Computer GmbH,L=Friedrichsdorf,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

28:ba:15:88:0f:46:e3:18:a7:34:42:4c:b7:08:88:78:78:49:e4:9a:a4:33:cf:f6:d5:b7:04:2f:cf:13:56:da
Signer

Actual PE Digest

28:ba:15:88:0f:46:e3:18:a7:34:42:4c:b7:08:88:78:78:49:e4:9a:a4:33:cf:f6:d5:b7:04:2f:cf:13:56:da

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

dbghelp

MiniDumpWriteDump

dxgi

CreateDXGIFactory1

user32

GetCursorPos
GetSystemMetrics
GetAsyncKeyState
SetWindowsHookExW
UnhookWindowsHookEx
ClipCursor
CallNextHookEx
GetDC
ReleaseDC
GetDesktopWindow
SetCursorPos
GetCursorInfo
ShowCursor
MessageBoxW
GetUserObjectInformationW
SendNotifyMessageW
LoadStringA
GetProcessWindowStation
RegisterWindowMessageW
PostMessageW
SendMessageTimeoutA

kernel32

InitializeSRWLock
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RtlPcToFileHeader
GetExitCodeThread
GetLocaleInfoEx
AcquireSRWLockExclusive
GetStringTypeW
EncodePointer
EnterCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
GetLastError
SetEvent
TlsAlloc
CloseHandle
TlsFree
CreateEventA
WaitForSingleObject
ReadFile
SetNamedPipeHandleState
WaitNamedPipeA
HeapFree
WriteFile
Sleep
CreateFileA
HeapAlloc
GetProcessHeap
SleepConditionVariableCS
ReleaseSemaphore
WakeAllConditionVariable
WakeConditionVariable
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
CreateSemaphoreW
MultiByteToWideChar
RemoveDirectoryA
GetFileAttributesA
FindFirstFileA
FindNextFileA
FindClose
SetHandleInformation
CreatePipe
GetEnvironmentVariableW
QueryPerformanceFrequency
WideCharToMultiByte
CreateProcessA
QueryPerformanceCounter
GetExitCodeProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
K32EnumProcesses
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryExW
GetModuleFileNameA
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
AllocConsole
SetConsoleTitleW
SetConsoleCtrlHandler
SetLastError
OutputDebugStringA
CreateEventW
CreateThread
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
TerminateThread
QueueUserAPC
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
TlsGetValue
TlsSetValue
RaiseException
InitializeCriticalSectionEx
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
GetSystemTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
SetFileAttributesW
GetFileAttributesW
DeviceIoControl
GetDriveTypeW
GetFileTime
LCMapStringEx
LocalFree
FormatMessageA
GetThreadId
GetCurrentThread
SleepEx
CreateWaitableTimerW
IsDebuggerPresent
GetThreadLocale
LCIDToLocaleName
GetVolumeInformationW
GetComputerNameW
GetModuleFileNameW
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
CreateProcessW
GlobalMemoryStatusEx
GetSystemInfo
GetModuleHandleA
ResetEvent
GetOverlappedResult
LoadLibraryW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
lstrlenW
ReadDirectoryChangesW
GetLongPathNameW
CancelIo
SetThreadErrorMode
GetVersionExA
CreateDirectoryA
GetFileInformationByHandle
GetVolumeInformationA
GlobalFree
GetStdHandle
GetFileType
GetVersion
ExitThread
FindFirstFileW
FindNextFileW
GetVersionExW
GlobalMemoryStatus
lstrcpyA
lstrcatA
lstrlenA
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapCompact
DeleteFileW
DeleteFileA
LoadLibraryA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetFullPathNameW
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
VirtualLock
VirtualUnlock
MoveFileExW
RtlVirtualUnwind
VirtualFree
GetACP
GetSystemDirectoryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
ReleaseMutex
CreateMutexA
LoadLibraryExA
GetFileSizeEx
CompareStringEx
GetCPInfo
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
OpenEventA
CreateWaitableTimerA
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
TerminateProcess
InitializeSListHead
GetStartupInfoW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFilePointerEx
CreateDirectoryExW
CopyFileW
RtlUnwindEx
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FreeLibraryAndExitThread
DuplicateHandle
ExitProcess
GetTimeZoneInformation
GetCommandLineA
GetCommandLineW
SetEnvironmentVariableW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
ReleaseSRWLockExclusive
GetDiskFreeSpaceW
RtlUnwind

gdi32

GetPixel

advapi32

OpenSCManagerW
CryptGenRandom
CloseServiceHandle
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptVerifySignatureW
CryptAcquireContextW
CryptDestroyKey
CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
RegSetValueExA
ReportEventA
RegisterEventSourceA
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
CreateWellKnownSid
AddAccessAllowedAceEx
RegSetKeyValueA
RegEnumKeyExA
RegGetValueA
RegOpenKeyExA
RegCreateKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserNameW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CryptImportKey
CryptSignHashW
OpenServiceA

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
SHFileOperationW
ShellExecuteW
ord190
SHOpenFolderAndSelectItems
ord155
SHCreateItemFromParsingName
SHGetFolderPathW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeEx

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
VariantInit
SysFreeString
SysAllocString

ws2_32

getsockopt
getpeername
gethostname
__WSAFDIsSet
accept
connect
recvfrom
select
shutdown
send
sendto
WSAStartup
WSACleanup
WSASetLastError
closesocket
ioctlsocket
listen
WSASend
WSASocketW
setsockopt
WSAStringToAddressA
htons
ntohs
WSAGetLastError
ntohl
htonl
bind
socket
getaddrinfo
freeaddrinfo
gethostbyname
inet_addr
gethostbyaddr
inet_ntoa
getservbyport
getservbyname
recv
WSARecv
WSAAddressToStringA
getsockname

mswsock

AcceptEx
GetAcceptExSockaddrs

bcrypt

BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptCreateHash
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptDestroyKey
BCryptDecrypt
BCryptEncrypt
BCryptDestroyHash

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptImportPublicKeyInfo
CryptDecodeObjectEx
CryptBinaryToStringA
CryptStringToBinaryA
CertGetCertificateContextProperty
CertFreeCertificateContext

rpcrt4

RpcStringFreeA
UuidCreateSequential
UuidToStringA
UuidCreate
RpcStringFreeW
UuidToStringW

shlwapi

UrlUnescapeA
UrlEscapeW
UrlEscapeA
PathBuildRootW
PathGetDriveNumberW
PathFindFileNameW

winhttp

WinHttpConnect
WinHttpSendRequest
WinHttpOpen
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

netapi32

NetWkstaGetInfo
NetApiBufferFree

Exports

Exports

sqlite3_activate_see
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_autovacuum_pages
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_pointer
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_changes64
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_filename
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_window_function
sqlite3_data_count
sqlite3_data_directory
sqlite3_database_file_object
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_name
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_deserialize
sqlite3_drop_modules
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_error_offset
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_filename_database
sqlite3_filename_journal
sqlite3_filename_wal
sqlite3_finalize
sqlite3_free
sqlite3_free_filename
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_hard_heap_limit64
sqlite3_initialize
sqlite3_interrupt
sqlite3_key
sqlite3_key_v2
sqlite3_keyword_check
sqlite3_keyword_count
sqlite3_keyword_name
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v3
sqlite3_prepare_v2
sqlite3_prepare_v3
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_rekey
sqlite3_rekey_v2
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_pointer
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_serialize
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_last_insert_rowid
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_isexplain
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_str_append
sqlite3_str_appendall
sqlite3_str_appendchar
sqlite3_str_appendf
sqlite3_str_errcode
sqlite3_str_finish
sqlite3_str_length
sqlite3_str_new
sqlite3_str_reset
sqlite3_str_value
sqlite3_str_vappendf
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_total_changes64
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_txn_state
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_key
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_frombind
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_nochange
sqlite3_value_numeric_type
sqlite3_value_pointer
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_collation
sqlite3_vtab_config
sqlite3_vtab_distinct
sqlite3_vtab_in
sqlite3_vtab_in_first
sqlite3_vtab_in_next
sqlite3_vtab_nochange
sqlite3_vtab_on_conflict
sqlite3_vtab_rhs_value
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_set_directory
sqlite3_win32_set_directory16
sqlite3_win32_set_directory8
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug
sqlite3pager_error
sqlite3pager_is_sj_pgno
sqlite3pager_reset

Sections

.text
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 442KB - Virtual size: 678KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c3e62b2820beb6f87ac6db1f4f8d019

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

04:9f:b7:dc:b6:42:7d:8c:bc:a6:41:42:dc:93:ca:1cCertificate

Extended Key Usages

Key Usages

28:ba:15:88:0f:46:e3:18:a7:34:42:4c:b7:08:88:78:78:49:e4:9a:a4:33:cf:f6:d5:b7:04:2f:cf:13:56:daSigner

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

version

dbghelp

dxgi

user32

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

mswsock

bcrypt

crypt32

rpcrt4

shlwapi

winhttp

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

netapi32

Exports

Exports

Sections

.text Size: 8.2MB - Virtual size: 8.2MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 442KB - Virtual size: 678KB

.pdata Size: 329KB - Virtual size: 329KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 82KB - Virtual size: 82KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

04:9f:b7:dc:b6:42:7d:8c:bc:a6:41:42:dc:93:ca:1c
Certificate

28:ba:15:88:0f:46:e3:18:a7:34:42:4c:b7:08:88:78:78:49:e4:9a:a4:33:cf:f6:d5:b7:04:2f:cf:13:56:da
Signer

.text
Size: 8.2MB - Virtual size: 8.2MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 442KB - Virtual size: 678KB

.pdata
Size: 329KB - Virtual size: 329KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 82KB - Virtual size: 82KB