2024-01-27_257c210c8c9edfe4b01d1d0441e24279_ryuk_sliver

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-27_257c210c8c9edfe4b01d1d0441e24279_ryuk_sliver
Size

32.0MB
MD5

257c210c8c9edfe4b01d1d0441e24279
SHA1

19ef4ad063d11cc2d573dff9caedacf94eb946ac
SHA256

bd2e7fd675b5f1d3e67df2b7b9b8db1754bca047b422a2ac925c32b4de2d784c
SHA512

2f0df18e643c2b5647ca7b84190b53d644be680a3de59687bdac8c8315ee3c8c66cf4ea22fecacc85f5f66d0578d1e03b54b5eb836179b4fb881d127b32317d6
SSDEEP

393216:KN7VQi6+RLhdGRNzIbbo1BrBR/tVLmeJsv6tWKFdu9CnKrsRSggL/t3ofR6Gdtnh:A7V++iHZtVlKB392/L

Score

10^/10

Malware Config

Signatures

Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxHookingDLL

Detects executables referencing many IR and analysis tools 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_References_SecTools

Files

2024-01-27_257c210c8c9edfe4b01d1d0441e24279_ryuk_sliver
.exe windows:6 windows x64 arch:x64

06c93ace25515a5b940cb2c9b2ea8895

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/01/2022, 00:00

Not After

12/01/2025, 23:59

Subject

CN=ADLICE,O=ADLICE,ST=Loire-Atlantique,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

57:25:90:21:bf:95:34:9d:83:14:93:ee:1a:80:0f:49:90:94:51:8e
Signer

Actual PE Digest

57:25:90:21:bf:95:34:9d:83:14:93:ee:1a:80:0f:49:90:94:51:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Adlice\RogueKillerPE\x64\RelWithDebInfo\RogueKillerPE.pdb

Imports

ws2_32

getaddrinfo
inet_pton
WSAIoctl
freeaddrinfo
getnameinfo

winmm

timeKillEvent
timeSetEvent
PlaySoundW

netapi32

NetApiBufferFree
NetShareEnum
NetUserGetInfo

kernel32

TlsFree
CreateFileA
VirtualQueryEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleExW
GetStdHandle
SwitchToFiber
DeleteFiber
CreateFiber
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FormatMessageA
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
CreateFileMappingA
SwitchToThread
CompareStringEx
GetLocalTime
SetThreadPriority
GetThreadPriority
OutputDebugStringW
IsProcessorFeaturePresent
GetTickCount64
GetStartupInfoW
GetLogicalDrives
SetFileTime
GetFileInformationByHandleEx
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
SetEndOfFile
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
GetTimeZoneInformation
UnregisterWaitEx
RegisterWaitForSingleObject
WTSGetActiveConsoleSessionId
SetFilePointer
GlobalUnlock
GlobalLock
GlobalSize
lstrcmpW
GetUserDefaultLangID
ExitProcess
InitializeCriticalSection
TlsSetValue
IsValidLocale
GetACP
GetFullPathNameA
GetConsoleCP
SetStdHandle
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
SetConsoleCtrlHandler
WriteConsoleW
InterlockedPushEntrySList
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
DecodePointer
EncodePointer
GetStringTypeW
TlsGetValue
TlsAlloc
GetCurrentThreadId
CreateMutexW
ReleaseMutex
HeapReAlloc
HeapDestroy
HeapCreate
GetFileSize
GlobalFree
GlobalAlloc
FindNextFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadResource
LockResource
SizeofResource
FindResourceW
AreFileApisANSI
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
GetModuleFileNameW
GetModuleFileNameA
GetVersionExA
GetCurrentThread
OutputDebugStringA
GetEnvironmentVariableW
RtlCaptureContext
GetFileSizeEx
CancelIo
CreateNamedPipeW
PeekNamedPipe
LoadLibraryExW
EnumSystemLocalesW
SetHandleInformation
ResumeThread
OpenThread
CreateThread
RaiseException
GetVolumePathNamesForVolumeNameW
DefineDosDeviceW
WaitForMultipleObjects
CreateEventW
ResetEvent
SetEvent
IsBadWritePtr
IsBadReadPtr
lstrlenW
lstrcmpiW
VirtualFree
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
GetVolumeNameForVolumeMountPointW
WriteFile
SetFilePointerEx
ReadFile
QueryDosDeviceW
GetVolumePathNameW
GetFileType
GetFileInformationByHandle
GetDiskFreeSpaceW
FlushFileBuffers
DeviceIoControl
GetTickCount
GetThreadLocale
GetUserGeoID
GetGeoInfoW
GetLocaleInfoW
GetVersionExW
VerSetConditionMask
GetShortPathNameW
GetFullPathNameW
K32GetMappedFileNameW
WriteProcessMemory
lstrcpyW
lstrcmpA
LocalAlloc
BackupSeek
BackupRead
FormatMessageW
FreeLibrary
GetSystemInfo
GetSystemTimes
Sleep
SetErrorMode
GetCurrentDirectoryW
GetCommandLineW
LocalFree
K32GetModuleInformation
Module32NextW
Module32FirstW
LoadLibraryW
GetModuleHandleW
CreateRemoteThread
Thread32Next
Thread32First
FindFirstFileExA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32GetModuleBaseNameW
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectW
GetProcAddress
GetModuleHandleA
ReadProcessMemory
OpenProcess
GetProcessId
CreateProcessW
TerminateThread
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetProcessTimes
WaitForSingleObject
SetLastError
DuplicateHandle
GetTimeFormatW
GetDateFormatW
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
CompareFileTime
GetComputerNameW
GetSystemDirectoryW
GetTempPathW
GetTempFileNameW
ExpandEnvironmentStringsW
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
MoveFileExW
MoveFileW
CopyFileW
GetLastError
SetFileAttributesW
RemoveDirectoryW
GetFileTime
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleWindow
GetLongPathNameW
GetVolumeInformationW
GetDriveTypeW
CloseHandle
HeapSize
SetEnvironmentVariableA
SetEnvironmentVariableW
IsValidCodePage
GetOEMCP
CheckRemoteDebuggerPresent

user32

LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyCursor
GetWindow
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
SetMenu
DrawMenuBar
ChangeWindowMessageFilterEx
DestroyIcon
CreateIconFromResourceEx
GetDC
ReleaseDC
DrawIconEx
GetIconInfo
GetSystemMenu
EnableMenuItem
GetSystemMetrics
GetSysColor
SystemParametersInfoW
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetCursorInfo
EnumDisplayDevicesW
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
MessageBoxW
PostMessageW
EnumWindows
GetWindowThreadProcessId
ShowWindow
RealGetWindowClassW
GetProcessWindowStation
GetUserObjectInformationW
SendMessageA
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
FindWindowA
TranslateMessage
DispatchMessageW
PeekMessageW
CloseTouchInputHandle
DefWindowProcW
RegisterClassW
UnregisterClassW
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
GetWindowTextW
CharNextW
GetClassNameW
EnumChildWindows
SetLayeredWindowAttributes
UpdateLayeredWindow
IsChild
AttachThreadInput
SendMessageW
UpdateLayeredWindowIndirect
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowLongPtrW
GetWindowLongPtrW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
CreateWindowExW
DestroyWindow

gdi32

GdiFlush
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetRegionData
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetObjectW
GetBitmapBits
SwapBuffers
GetPixelFormat
SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
SelectClipRgn
OffsetRgn
CreateRectRgn
CombineRgn
BitBlt
SelectObject
CreateDIBSection
GetDIBits
DeleteObject
DeleteDC
GetCharABCWidthsW
CreateCompatibleDC
SetBkMode

shell32

ShellExecuteW
ord51
SHGetMalloc
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW
SHCreateItemFromParsingName
SHGetKnownFolderPath
SHGetFileInfoW
SHGetStockIconInfo
ord727
SHCreateItemFromIDList
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect

ole32

OleInitialize
OleUninitialize
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
ReleaseStgMedium
CoGetMalloc
CoTaskMemRealloc
CoTaskMemAlloc
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoInitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
StringFromCLSID
CoCreateGuid
StringFromGUID2
CoTaskMemFree
OleSetClipboard

oleaut32

VarUI4FromStr
SafeArrayCreateVector
SafeArrayPutElement
VariantClear
VariantInit
SysAllocString
SysFreeString
SysStringLen

advapi32

ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW
ChangeServiceConfigW
ChangeServiceConfig2W
EnumDependentServicesW
GetSecurityInfo
SetServiceObjectSecurity
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfig2W
QueryServiceConfigW
EnumServicesStatusW
DuplicateToken
GetUserNameW
CreateProcessAsUserW
OpenProcessToken
AdjustTokenPrivileges
RegFlushKey
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
MapGenericMask
AccessCheck
DuplicateTokenEx
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupAccountNameW
GetLengthSid
CopySid
ConvertStringSidToSidW
ConvertSidToStringSidW
LookupPrivilegeValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetEntriesInAclW
CloseServiceHandle
GetAce
IsValidSid
LookupAccountSidW
RegGetKeySecurity
RegSetKeySecurity
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW

mpr

WNetGetConnectionW

userenv

UnloadUserProfile
GetUserProfileDirectoryW
DestroyEnvironmentBlock
CreateEnvironmentBlock
GetProfilesDirectoryW
LoadUserProfileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

StrCmpIW
StrDupW
PathUnExpandEnvStringsW
PathUnquoteSpacesW
PathSearchAndQualifyW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveBackslashW
PathRemoveArgsW
PathQuoteSpacesW
PathIsNetworkPathW
PathIsRelativeW
PathIsPrefixW
PathIsDirectoryW
PathGetDriveNumberW
PathGetArgsW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathAppendW
PathAddBackslashW
AssocQueryStringW
StrFormatByteSizeW
PathRemoveBlanksW

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

wininet

InternetGetConnectedState

crypt32

CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CryptQueryObject
CertGetNameStringW
CertNameToStrW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject
CertGetCertificateContextProperty

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash

wsock32

getsockname
inet_ntoa
shutdown
getsockopt
ntohs
WSAStartup
WSACleanup
WSAGetLastError
recv
send
WSASetLastError
accept
bind
closesocket
connect
listen
setsockopt
WSAAsyncSelect
gethostname
sendto
recvfrom
htonl
select
__WSAFDIsSet
htons
getpeername
socket

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPcToFileHeader
NtQuerySystemInformation
NtCreateKey
NtSetValueKey
NtOpenKey
NtDeleteValueKey
NtDeleteKey
RtlInitUnicodeString
NtLoadDriver
NtUnloadDriver
NtQueryKey

bcrypt

BCryptEncrypt
BCryptDeriveKeyPBKDF2
BCryptDestroyHash
BCryptDestroyKey
BCryptGenerateSymmetricKey
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptSetProperty
BCryptGetProperty
BCryptCreateHash
BCryptOpenAlgorithmProvider

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmEnableBlurBehindWindow

uxtheme

ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
CloseThemeData
IsAppThemed
GetCurrentThemeName
GetThemeTransitionDuration
GetThemeColor
GetThemePropertyOrigin
GetThemeMargins
GetThemeEnumValue
GetThemePartSize
OpenThemeData
GetThemeInt
IsThemeActive

imm32

ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey

Sections

.text
Size: 16.6MB - Virtual size: 16.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 292KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1020KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1024B - Virtual size: 677B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06c93ace25515a5b940cb2c9b2ea8895

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7bCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

57:25:90:21:bf:95:34:9d:83:14:93:ee:1a:80:0f:49:90:94:51:8eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winmm

netapi32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

mpr

userenv

version

shlwapi

wtsapi32

wininet

crypt32

wintrust

wsock32

ntdll

bcrypt

dwmapi

uxtheme

imm32

Sections

.text Size: 16.6MB - Virtual size: 16.6MB

.rdata Size: 7.8MB - Virtual size: 7.8MB

.data Size: 292KB - Virtual size: 549KB

.pdata Size: 1020KB - Virtual size: 1020KB

.tls Size: 512B - Virtual size: 13B

.qtmimed Size: 315KB - Virtual size: 315KB

.qtmetad Size: 1024B - Virtual size: 677B

.gfids Size: 512B - Virtual size: 508B

_RDATA Size: 512B - Virtual size: 272B

.rsrc Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 109KB - Virtual size: 108KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

57:25:90:21:bf:95:34:9d:83:14:93:ee:1a:80:0f:49:90:94:51:8e
Signer

.text
Size: 16.6MB - Virtual size: 16.6MB

.rdata
Size: 7.8MB - Virtual size: 7.8MB

.data
Size: 292KB - Virtual size: 549KB

.pdata
Size: 1020KB - Virtual size: 1020KB

.tls
Size: 512B - Virtual size: 13B

.qtmimed
Size: 315KB - Virtual size: 315KB

.qtmetad
Size: 1024B - Virtual size: 677B

.gfids
Size: 512B - Virtual size: 508B

_RDATA
Size: 512B - Virtual size: 272B

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 109KB - Virtual size: 108KB