2024-01-27_a30a225e98474ec0e6558b95c237c78a_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-27_a30a225e98474ec0e6558b95c237c78a_magniber_revil
Size

9.8MB
MD5

a30a225e98474ec0e6558b95c237c78a
SHA1

76ee941b5823c04712aa6ea4233afb406c0866d6
SHA256

21b0a6d98c6ed440a39696293ba4a8d96e9ed709ba33f9596e0157c94db375d3
SHA512

7d07c841ee5341d2a3505a3d19d94f0f95d9ad311f8565df162c703e26efd225b4d0c34925dcabdfe45154aa8c1f0e0fca9b285b54126cc8c83e1126e683df9d
SSDEEP

196608:D/RzFvogdHrLzAWeaFuvIREtNdLFZuJVDiFoX9oPGKQ7svO:D/BFdHrAWezOEtNFFZur2FM9oPC7svO

Score

1^/10

Malware Config

Signatures

Files

2024-01-27_a30a225e98474ec0e6558b95c237c78a_magniber_revil
.exe windows:6 windows x86 arch:x86

2ba5bf76f2ef2384e934ae4092abcd14

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:29:43:b5:2b:57:a1:6a:f2:60:2b:5f:06:e8:a6:71
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/04/2023, 00:00

Not After

09/06/2024, 23:59

Subject

SERIALNUMBER=91330108328143515Q,CN=杭州诸相网络科技有限公司,O=杭州诸相网络科技有限公司,L=杭州市,ST=浙江省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e68bb1e5a285e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b599e6b19fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:29:43:b5:2b:57:a1:6a:f2:60:2b:5f:06:e8:a6:71
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/04/2023, 00:00

Not After

09/06/2024, 23:59

Subject

SERIALNUMBER=91330108328143515Q,CN=杭州诸相网络科技有限公司,O=杭州诸相网络科技有限公司,L=杭州市,ST=浙江省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e68bb1e5a285e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b599e6b19fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:e6:8d:e9:a4:b7:c4:d4:3d:5e:82:96:2c:0e:5e:e0:28:c1:f9:b9:66:9b:7c:41:c0:5c:d7:90:f9:7a:e6:73
Signer

Actual PE Digest

c8:e6:8d:e9:a4:b7:c4:d4:3d:5e:82:96:2c:0e:5e:e0:28:c1:f9:b9:66:9b:7c:41:c0:5c:d7:90:f9:7a:e6:73

Digest Algorithm

sha256

PE Digest Matches

true

4b:b2:44:c6:cb:bb:20:66:03:ad:1a:33:30:78:4e:f9:37:2e:dd:32
Signer

Actual PE Digest

4b:b2:44:c6:cb:bb:20:66:03:ad:1a:33:30:78:4e:f9:37:2e:dd:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\cpp\gogo\XubeiSteamBox\src\Win32\Release\Gogo.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW
PathAppendW
PathStripPathW
PathFindFileNameW

libcef

cef_process_message_create
cef_string_utf16_set
cef_string_utf8_clear
cef_string_userfree_utf16_free
cef_string_utf16_clear
cef_string_utf16_cmp
cef_string_utf8_to_utf16
cef_string_utf16_to_utf8
cef_string_list_alloc
cef_string_multimap_free
cef_string_multimap_alloc
cef_string_list_clear
cef_v8context_get_current_context
cef_v8value_create_array
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_double
cef_v8value_create_int
cef_v8value_create_bool
cef_v8value_create_null
cef_string_multimap_append
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_map_append
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_list_append
cef_string_list_value
cef_string_list_size
cef_get_min_log_level
cef_command_line_create
cef_string_map_free
cef_string_map_alloc
cef_browser_host_create_browser_sync
cef_create_context_shared
cef_request_context_get_global_context
cef_value_create
cef_log
cef_api_hash
cef_enable_highdpi_support
cef_quit_message_loop
cef_run_message_loop
cef_do_message_loop_work
cef_shutdown
cef_initialize
cef_execute_process
cef_register_extension
cef_post_task
cef_currently_on
cef_string_list_free

ggplaygame

ord3
ord11
ord8
ord7
ord6
ord4
ord1
ord32
ord14
ord13
ord31
ord12
ord30
ord29
ord9
ord5
ord28
ord27
ord24
ord2
ord21
ord20
ord10
ord23
ord22

ggrepair

ord8
ord5
ord4
ord6
ord7
ord1
ord2
ord3

kernel32

GetCurrentThread
GetThreadTimes
LocalFileTimeToFileTime
SetFileTime
DosDateTimeToFileTime
SetFilePointer
GetCurrentDirectoryW
CreateDirectoryExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetACP
GetFileSize
GetTickCount
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
MulDiv
SetEnvironmentVariableW
lstrcpyW
SystemTimeToFileTime
lstrcpynW
WriteConsoleW
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindResourceExW
SetUnhandledExceptionFilter
CreateThread
GlobalFree
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
FormatMessageA
GetModuleHandleA
VerSetConditionMask
VerifyVersionInfoW
SetNamedPipeHandleState
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
WriteConsoleA
GetConsoleMode
GetDynamicTimeZoneInformation
GetCurrentThreadId
GetCurrentProcessId
GetLastError
WriteFile
GetStdHandle
LoadLibraryA
DisconnectNamedPipe
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleA
SetConsoleMode
GetEnvironmentVariableW
ConnectNamedPipe
FlushFileBuffers
CreateFileA
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetFileTime
SleepEx
WaitForMultipleObjects
GetEnvironmentVariableA
CompareFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
IsValidCodePage
GetFileSizeEx
GetConsoleOutputCP
ReadConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
ExitProcess
SetConsoleCtrlHandler
GetFileType
SetStdHandle
ExitThread
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetSystemDirectoryW
GetPrivateProfileStringA
GetPrivateProfileIntA
InterlockedCompareExchange
InterlockedExchange
GetStartupInfoW
UnhandledExceptionFilter
QueryPerformanceFrequency
InitializeSListHead
LoadLibraryExW
FreeLibraryAndExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
GetCPInfo
EncodePointer
LCMapStringEx
lstrlenW
SetLastError
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
GetFullPathNameW
CreateDirectoryW
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
GlobalLock
GlobalUnlock
GlobalAlloc
GetModuleHandleW
FreeLibrary
GetVersionExW
GetSystemInfo
GetExitCodeThread
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpiW
TerminateProcess
CreatePipe
SetHandleInformation
ReadFile
CopyFileW
GetExitCodeProcess
DeleteCriticalSection
InitializeCriticalSectionEx
DecodePointer
Sleep
CreateEventA
OutputDebugStringA
GetFileAttributesA
GetCommandLineW
LoadLibraryW
GetProcAddress
OpenEventW
ResetEvent
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
WritePrivateProfileStringW
GetPrivateProfileIntW
OpenProcess
WaitForSingleObject
SetEvent
CreateEventW
GetPrivateProfileStringW
CreateProcessW
FormatMessageW
LocalFree
DeviceIoControl
CloseHandle
RemoveDirectoryW
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
GetModuleFileNameW
GetWindowsDirectoryW
QueryPerformanceCounter
WaitNamedPipeA
InterlockedPushEntrySList
CreateNamedPipeA
WaitForSingleObjectEx
SwitchToThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetStringTypeW
InitOnceExecuteOnce
GetLocaleInfoEx
IsProcessorFeaturePresent
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
GetOEMCP
OutputDebugStringW
ConvertThreadToFiber
InitOnceComplete

user32

LoadIconW
FillRect
SetRect
RegisterWindowMessageW
UpdateLayeredWindow
GetWindowRgn
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
GetSysColor
wsprintfW
IsWindowEnabled
GetWindowTextW
FindWindowW
DrawTextW
GetWindowTextLengthW
EqualRect
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
EnableWindow
MapVirtualKeyExW
SetWindowTextW
CharPrevW
IntersectRect
MonitorFromPoint
EnumChildWindows
SetParent
SetClassLongW
WindowFromPoint
ClientToScreen
SetCursor
GetCapture
GetDoubleClickTime
GetMessageTime
TrackMouseEvent
SetWindowRgn
PtInRect
IsRectEmpty
MapWindowPoints
ScreenToClient
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
DestroyWindow
PostQuitMessage
MonitorFromWindow
LoadImageW
LoadCursorW
GetWindow
GetParent
RemovePropW
GetPropW
SetPropW
SetFocus
CreateWindowExW
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
OffsetRect
UnionRect
InflateRect
GetSystemMetrics
EnumDisplayMonitors
GetMonitorInfoW
ReleaseDC
GetDC
CharNextW
AttachThreadInput
IsWindow
ShowWindow
SetWindowPos
IsWindowVisible
IsIconic
GetForegroundWindow
SetForegroundWindow
GetWindowThreadProcessId
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
MoveWindow
IsZoomed
GetClientRect
GetWindowRect
GetCursorPos
GetWindowLongW
SetWindowLongW
SendMessageW

gdi32

GetClipBox
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
ChoosePixelFormat
CombineRgn
CreateRectRgn
CreateSolidBrush
PtInRegion
SetPixelFormat
SetBitmapBits
GetBitmapBits
FillRgn
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
SetRectRgn
GetCharABCWidthsW
CreateRectRgnIndirect
CreatePenIndirect
CreateCompatibleBitmap
SwapBuffers
CreateDIBSection

advapi32

CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
CryptExportKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegisterEventSourceW
DeregisterEventSource

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
ord165
SHGetFolderPathA
SHChangeNotify
ShellExecuteW
Shell_NotifyIconW
ShellExecuteA

ole32

CoInitialize
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipSetSmoothingMode
GdiplusShutdown
GdiplusStartup
GdipFree
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipCreateSolidFill
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipAlloc
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

RpcStringFreeA
UuidToStringA

msimg32

AlphaBlend

netapi32

Netbios

ws2_32

WSACleanup
getaddrinfo
freeaddrinfo
closesocket
recvfrom
sendto
setsockopt
socket
WSAGetLastError
gethostname
WSAStartup
htonl
htons
ntohs
select
ioctlsocket
getpeername
recv
listen
getsockname
connect
bind
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSASetLastError
accept
WSAIoctl
__WSAFDIsSet

crypt32

CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertCloseStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CryptUnprotectMemory
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetCertificateChain

iphlpapi

GetAdaptersInfo

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptGetProperty
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptFinishHash
BCryptDestroyHash

winhttp

WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryOption
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpSetStatusCallback
WinHttpGetDefaultProxyConfiguration
WinHttpOpen
WinHttpCloseHandle

opengl32

glTexImage2D
glTexEnvf
glPushAttrib
glPopAttrib
glPixelStorei
glMatrixMode
glLoadIdentity
glInterleavedArrays
glHint
glGenTextures
glEnd
glEnable
glViewport
glDrawArrays
glDisable
glDeleteTextures
glColor4f
glClearColor
glClear
glBlendFunc
glTexParameteri
glBegin
wglMakeCurrent
wglDeleteContext
wglCreateContext
glVertex2f
glTexSubImage2D
glBindTexture

wldap32

ord219
ord46
ord14
ord216
ord208
ord41
ord301
ord26
ord147
ord27
ord127
ord167
ord142
ord79
ord133
ord145
ord117

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 926KB - Virtual size: 926KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 158KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ba5bf76f2ef2384e934ae4092abcd14

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:29:43:b5:2b:57:a1:6a:f2:60:2b:5f:06:e8:a6:71Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:29:43:b5:2b:57:a1:6a:f2:60:2b:5f:06:e8:a6:71Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c8:e6:8d:e9:a4:b7:c4:d4:3d:5e:82:96:2c:0e:5e:e0:28:c1:f9:b9:66:9b:7c:41:c0:5c:d7:90:f9:7a:e6:73Signer

4b:b2:44:c6:cb:bb:20:66:03:ad:1a:33:30:78:4e:f9:37:2e:dd:32Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

libcef

ggplaygame

ggrepair

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

imm32

version

rpcrt4

msimg32

netapi32

ws2_32

crypt32

iphlpapi

bcrypt

winhttp

opengl32

wldap32

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 926KB - Virtual size: 926KB

.data Size: 158KB - Virtual size: 181KB

.rsrc Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 206KB - Virtual size: 205KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:29:43:b5:2b:57:a1:6a:f2:60:2b:5f:06:e8:a6:71
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:29:43:b5:2b:57:a1:6a:f2:60:2b:5f:06:e8:a6:71
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c8:e6:8d:e9:a4:b7:c4:d4:3d:5e:82:96:2c:0e:5e:e0:28:c1:f9:b9:66:9b:7c:41:c0:5c:d7:90:f9:7a:e6:73
Signer

4b:b2:44:c6:cb:bb:20:66:03:ad:1a:33:30:78:4e:f9:37:2e:dd:32
Signer

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 926KB - Virtual size: 926KB

.data
Size: 158KB - Virtual size: 181KB

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 206KB - Virtual size: 205KB