2024-01-27_c51046a7f6b38c152444848d722b1fdb_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-27_c51046a7f6b38c152444848d722b1fdb_magniber_revil
Size

20.9MB
MD5

c51046a7f6b38c152444848d722b1fdb
SHA1

896fb6ed1d7cee58757f91615a0adf7da7be0aef
SHA256

78868a6f40c6d34ca44121917a7201e0c4bd115106786295cb7f80791dfd4589
SHA512

32c4188df33322a986f32ca2f384b3a44a4534af072d3e84505af31cd368a057715a21fdb0bb8b3b0de0e83c48c30b26487c7aae9864f1a1cc0b9e03117acebf
SSDEEP

393216:7SzaYdXL6DTPGE3tLTeNwpzQhOjBbluTSdv6x0xYwD/vSiONH+c9IdCQd:ezaYdXuDT73tTawpzdbl+SdS9+c9M

Score

10^/10

Malware Config

Signatures

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Files

2024-01-27_c51046a7f6b38c152444848d722b1fdb_magniber_revil
.exe windows:5 windows x86 arch:x86

5e78adb8cb4d0d5c058e95fd1db4ce38

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:b0:6e:db:11:6d:54:be:21:d5:16:56:d9:1c:f2:46
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

24/11/2023, 17:20

Not After

23/11/2026, 17:20

Subject

CN=Xing Wang,O=Xing Wang,L=Shanghai,C=CN,1.2.840.113549.1.9.1=#0c1277786865726540686f746d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:53:46:4d:0e:be:51:31:36:28:78:71:77:b9:65:41:21:55:71:fc:51:35:b3:58:aa:92:04:69:ea:0b:74:fc
Signer

Actual PE Digest

29:53:46:4d:0e:be:51:31:36:28:78:71:77:b9:65:41:21:55:71:fc:51:35:b3:58:aa:92:04:69:ea:0b:74:fc

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\develop\BitComet_2.06\app\Release_unicode\GUI_BitComet_wx.pdb

Imports

kernel32

IsWow64Process
GetProcessWorkingSetSize
SetProcessWorkingSetSize
SetSystemPowerState
GetVolumeInformationW
OpenThread
GetUserDefaultLangID
GetThreadTimes
GetProcessTimes
GetFileInformationByHandle
FreeResource
lstrcpynW
lstrcpyW
CreateMutexA
GetFileSizeEx
SetFilePointerEx
GetLocalTime
CreateFileMappingA
CreateDirectoryA
RemoveDirectoryA
SystemTimeToFileTime
OpenEventW
CreateRemoteThread
CopyFileExW
MoveFileExW
GetSystemDirectoryW
FlushFileBuffers
CreateFileMappingW
GetSystemTime
LockFileEx
GetFileAttributesExA
DeleteFileW
DeleteFileA
LoadLibraryA
CreateFileA
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
GetSystemDefaultLangID
GetDiskFreeSpaceW
GetFullPathNameW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
CreateWaitableTimerW
VerifyVersionInfoW
VerSetConditionMask
InterlockedCompareExchange
FindFirstFileA
FindNextFileA
MoveFileA
ReplaceFileA
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleHandleExW
CreateDirectoryW
RemoveDirectoryW
SetStdHandle
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetModuleFileNameA
SetConsoleCtrlHandler
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetQueuedCompletionStatus
CreateIoCompletionPort
SleepEx
QueueUserAPC
MoveFileW
SetFileAttributesW
CreateSemaphoreA
DuplicateHandle
PostQueuedCompletionStatus
InterlockedExchangeAdd
VirtualQueryEx
VirtualQuery
VirtualFree
LockFile
SystemTimeToTzSpecificLocalTime
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
CreateWaitableTimerA
GetModuleHandleA
GetLogicalProcessorInformation
SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
ResetEvent
AreFileApisANSI
GetUserDefaultUILanguage
SetThreadLocale
IsBadStringPtrA
IsBadReadPtr
GetDriveTypeW
GetLogicalDriveStringsW
InterlockedExchange
CreateProcessW
PeekNamedPipe
ReadFile
WriteFile
CreateThread
GetExitCodeProcess
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetComputerNameW
GetDiskFreeSpaceExW
FindResourceW
GetEnvironmentVariableW
GetNativeSystemInfo
SizeofResource
LoadResource
IsDebuggerPresent
OpenProcess
GlobalMemoryStatus
LockResource
GetACP
GetTempFileNameW
GetFileTime
GetFileSize
GetShortPathNameW
GetTempPathW
GetSystemPowerStatus
WaitForSingleObject
ReleaseMutex
GetCurrentDirectoryW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindFirstFileExA
GetCommandLineA
HeapSize
LCMapStringA
GetStringTypeExA
SetConsoleMode
TryEnterCriticalSection
ResumeThread
ReadConsoleA
DebugBreak
lstrlenA
WritePrivateProfileStringW
DeviceIoControl
SuspendThread
GetThreadContext
TerminateThread
CreateDirectoryExW
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
InitializeCriticalSectionAndSpinCount
GetWindowsDirectoryW
GetPrivateProfileStringW
lstrcmpiW
lstrcmpW
GetVersion
GetVersionExW
SetThreadExecutionState
TerminateProcess
GetCurrentProcess
GetOEMCP
IsValidCodePage
GetSystemInfo
ReleaseSemaphore
QueryPerformanceFrequency
QueryPerformanceCounter
HeapSetInformation
GlobalAlloc
GetCurrentProcessId
GlobalUnlock
GlobalLock
GetLongPathNameW
LocalAlloc
Sleep
SetThreadPriority
GetTickCount
CreateMutexW
CompareStringW
HeapAlloc
RaiseException
HeapFree
GetProcessHeap
WaitForMultipleObjects
CreateEventW
FreeLibrary
LoadLibraryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentThreadId
FormatMessageA
FormatMessageW
LocalFree
WideCharToMultiByte
WaitForSingleObjectEx
SetEvent
CreateEventA
CloseHandle
GetCurrentThread
GetModuleHandleW
GetProcAddress
LoadLibraryExW
UnlockFile
GetLastError
GetProcessAffinityMask
CopyFileW
GetFileAttributesW
GetLocaleInfoW
VirtualProtect
InterlockedDecrement
MulDiv
lstrlenW
InterlockedIncrement
MultiByteToWideChar
GetStringTypeW
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCPInfo
LCMapStringW
ExitProcess
GlobalFree
InitializeCriticalSection
GetCommandLineW
GetStdHandle
ReadConsoleOutputCharacterA
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
FreeConsole
AttachConsole
WriteConsoleA
WriteConsoleW
GlobalSize
GlobalHandle
SetErrorMode
SetCurrentDirectoryW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetFileType
CreateFileW

user32

ShowWindow
GetSystemMetrics
IsWindowVisible
SetFocus
GetWindow
SetForegroundWindow
PostMessageW
EnumThreadWindows
IsIconic
SetClipboardViewer
ChangeClipboardChain
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
GetClipboardOwner
GetWindowThreadProcessId
EmptyClipboard
SetClipboardData
GetWindowPlacement
GetParent
EnumWindows
IsWindowEnabled
BringWindowToTop
SetWindowPos
RegisterWindowMessageW
IsChild
MessageBoxW
SetRectEmpty
DrawTextW
CopyRect
GetFocus
GetSysColor
SendMessageW
CreateCaret
DestroyCaret
SetCaretPos
GetPropW
FlashWindowEx
GetWindowLongW
OffsetRect
CreateWindowExW
DestroyWindow
GetScrollInfo
ValidateRect
DrawFocusRect
FrameRect
RedrawWindow
SetParent
DrawAnimatedRects
EnumChildWindows
FindWindowW
GetClassNameW
IsWindow
DestroyIcon
LoadImageW
IsRectEmpty
SetRect
EndPaint
BeginPaint
SystemParametersInfoW
SetWindowPlacement
RegisterHotKey
UnregisterHotKey
SetMenuItemInfoW
InsertMenuItemW
ModifyMenuW
DeleteMenu
GetMenuItemInfoW
SetActiveWindow
GetSystemMenu
DdeFreeDataHandle
DdeGetData
SendMessageTimeoutW
WindowFromPoint
GetMessagePos
DdeFreeStringHandle
DdeNameService
DdeCreateStringHandleA
DdeInitializeW
ExitWindowsEx
ReleaseCapture
SetCapture
LoadCursorW
SetCursor
PtInRect
InflateRect
GetDC
GetDoubleClickTime
ReleaseDC
GetWindowDC
GetDesktopWindow
ClientToScreen
InvalidateRect
EnableWindow
GetCursorPos
FillRect
GetWindowRect
MoveWindow
LoadIconW
DrawIcon
UpdateWindow
DrawFrameControl
DrawIconEx
GetKeyState
SetWindowRgn
GetMenu
AdjustWindowRectEx
GetClientRect
GetForegroundWindow
SetWindowLongW
SetPropW
ScreenToClient
GetDlgCtrlID
IntersectRect
GetComboBoxInfo
PeekMessageW
TranslateMessage
DispatchMessageW
GetMenuBarInfo
CreateIconIndirect
GetIconInfo
LoadBitmapW
GetMessageTime
DefWindowProcW
PostQuitMessage
CallWindowProcW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetActiveWindow
GetAsyncKeyState
VkKeyScanW
EndMenu
GetCapture
GetMenuItemCount
TrackPopupMenu
GetUpdateRgn
ScrollWindow
EnableScrollBar
SetWindowTextW
SetCursorPos
MapWindowPoints
ChildWindowFromPointEx
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
IsDialogMessageW
SetScrollInfo
CreateDialogParamW
GetDlgItem
RegisterClassW
UnregisterClassW
SetLayeredWindowAttributes
MapVirtualKeyW
IsZoomed
CreateDialogIndirectParamW
GetDialogBaseUnits
DrawMenuBar
EnableMenuItem
GetWindowTextW
GetWindowTextLengthW
MessageBeep
FindWindowExW
GetCaretBlinkTime
DrawStateW
GetMenuState
CreateMenu
CreatePopupMenu
DestroyMenu
GetSubMenu
InsertMenuW
AppendMenuW
RemoveMenu
SetMenuInfo
EndDialog
MsgWaitForMultipleObjects
DestroyCursor
ShowCursor
IsMenu
keybd_event
HideCaret
ShowCaret
ChildWindowFromPoint
SetMenu
DrawEdge
CheckMenuItem
GetMenuItemID
GetSysColorBrush
CheckMenuRadioItem
GetClassInfoW
GetProcessDefaultLayout
GetMessageW
PostThreadMessageW
ValidateRgn
RegisterClipboardFormatW
GetClipboardFormatNameW
CreateAcceleratorTableW
DestroyAcceleratorTable
TranslateAcceleratorW
UnionRect
ChangeDisplaySettingsExW
EnumDisplaySettingsW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
wsprintfW
NotifyWinEvent
SetTimer
KillTimer
DdeUninitialize
DdeConnect
DdeDisconnect
DdePostAdvise
DdeClientTransaction
DdeCreateDataHandle
DdeGetLastError
DdeCreateStringHandleW
DdeQueryStringW
RegisterClassExW
LoadStringA
LoadStringW
GetProcessWindowStation
GetUserObjectInformationW
CharNextW
AnimateWindow

gdi32

GetStockObject
GetBkColor
GdiFlush
CombineRgn
RectInRegion
CreateICW
EqualRgn
GetRgnBox
PtInRegion
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
CreateDIBitmap
GetDIBColorTable
SetDIBColorTable
GetCharABCWidthsW
GetTextExtentExPointW
GetSystemPaletteEntries
CreateDCW
GetGraphicsMode
GetViewportExtEx
GetWindowExtEx
Arc
Ellipse
ExtFloodFill
GetClipBox
SetBrushOrgEx
SelectPalette
RealizePalette
ExcludeClipRect
CreateBitmapIndirect
GetOutlineTextMetricsW
DPtoLP
EnumFontFamiliesExW
Polygon
SelectClipRgn
CreateRectRgnIndirect
SetPixel
RestoreDC
SaveDC
GetClipRgn
CreateRectRgn
Polyline
GetTextExtentPoint32W
GetObjectType
GetPixel
MaskBlt
Pie
PolyPolygon
Rectangle
RoundRect
ExtSelectClipRgn
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
StretchDIBits
SetROP2
GetWorldTransform
SetWorldTransform
ModifyWorldTransform
CreatePolygonRgn
LPtoDP
PolyBezier
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
CreateHatchBrush
CreatePatternBrush
StartPage
ExtCreatePen
SetViewportOrgEx
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
SetAbortProc
StartDocW
EndDoc
EndPage
CreateBitmap
LineTo
MoveToEx
GetDIBits
CreateDIBSection
StretchBlt
SetStretchBltMode
BitBlt
DeleteDC
GetObjectW
GetCurrentObject
CreateFontIndirectW
SelectObject
DeleteObject
SetBkColor
ExtTextOutW
CreatePenIndirect
SetBkMode
SetTextColor
GetRegionData
ExtCreateRegion
OffsetRgn
CreateSolidBrush
GetDeviceCaps
CreatePen
GetTextMetricsW
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegSetValueExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
StartServiceW
ControlService
QueryServiceConfigW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTokenInformation
GetUserNameW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW

shell32

ord16
ord6
SHBindToParent
SHGetFolderPathW
ord155
SHFileOperationW
SHChangeNotify
ord680
ShellExecuteExW
SHGetFileInfoW
Shell_NotifyIconW
SHAppBarMessage
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ExtractIconW
SHGetSpecialFolderPathW
SHGetFolderLocation
ExtractIconExW
DragQueryFileW
DragQueryPoint
DragFinish
DragAcceptFiles
SHBrowseForFolderW
CommandLineToArgvW

ole32

CoTaskMemFree
OleRun
CoCreateGuid
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
ReleaseStgMedium
RegisterDragDrop
CoLockObjectExternal
OleUninitialize
OleInitialize
CoTaskMemAlloc
RevokeDragDrop
CoInitializeSecurity
CoInitializeEx
CLSIDFromString
PropVariantClear
CoUninitialize
CoCreateInstance
CoInitialize
OleSetContainedObject
OleLockRunning

uxtheme

IsAppThemed
GetThemeBackgroundExtent
IsThemeActive
GetThemeSysFont
IsThemePartDefined
GetCurrentThemeName
GetThemeSysColor
GetThemeInt
GetThemePartSize
GetThemeFont
GetThemeMargins
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
OpenThemeData
GetThemeColor
CloseThemeData
SetWindowTheme
DrawThemeBackground
DrawThemeText
GetThemeBackgroundContentRect

winmm

sndPlaySoundW
timeGetTime

comctl32

ImageList_GetIconSize
ImageList_GetImageCount
ImageList_DrawEx
ImageList_Draw
_TrackMouseEvent
ord17
ImageList_DragShowNolock
ImageList_GetImageInfo
ImageList_Create
ImageList_Destroy
ImageList_Add
ImageList_SetBkColor
ImageList_Replace
ImageList_Remove
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ord16
ImageList_DragMove
ImageList_SetDragCursorImage
ImageList_Copy

rpcrt4

UuidToStringW
RpcStringFreeA
RpcStringFreeW
UuidToStringA

urlmon

UrlMkSetSessionOption

wininet

InternetCloseHandle

iphlpapi

GetAdaptersAddresses

msimg32

AlphaBlend
GradientFill

shlwapi

StrStrW
AssocQueryStringW
SHAutoComplete
StrRetToBufW
SHStrDupW
ord12

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

recvfrom
closesocket
connect
getpeername
getsockname
shutdown
listen
accept
ioctlsocket
htonl
inet_ntoa
select
WSARecvFrom
WSASend
WSASendTo
WSASocketW
WSAStringToAddressA
WSASetLastError
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
WSAAddressToStringW
htons
sendto
WSAEventSelect
WSAAsyncSelect
recv
inet_addr
ntohs
WSAAddressToStringA
ntohl
WSAGetLastError
WSAStringToAddressW
socket
send
setsockopt
bind

winspool.drv

ClosePrinter
GetPrinterW
OpenPrinterW
DocumentPropertiesW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseFontW
PrintDlgW
PageSetupDlgW
ChooseColorW

oleaut32

SafeArrayPtrOfIndex
SafeArrayUnlock
SafeArrayLock
SafeArrayGetVartype
SafeArrayDestroy
SafeArrayCreate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantClear
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarBstrFromCy

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 12.9MB - Virtual size: 12.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 407KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e78adb8cb4d0d5c058e95fd1db4ce38

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

48:b0:6e:db:11:6d:54:be:21:d5:16:56:d9:1c:f2:46Certificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

29:53:46:4d:0e:be:51:31:36:28:78:71:77:b9:65:41:21:55:71:fc:51:35:b3:58:aa:92:04:69:ea:0b:74:fcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

uxtheme

winmm

comctl32

rpcrt4

urlmon

wininet

iphlpapi

msimg32

shlwapi

version

ws2_32

winspool.drv

comdlg32

oleaut32

oleacc

Sections

.text Size: 12.9MB - Virtual size: 12.9MB

.rdata Size: 4.4MB - Virtual size: 4.4MB

.data Size: 407KB - Virtual size: 1.7MB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 1.1MB - Virtual size: 1.1MB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

48:b0:6e:db:11:6d:54:be:21:d5:16:56:d9:1c:f2:46
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

29:53:46:4d:0e:be:51:31:36:28:78:71:77:b9:65:41:21:55:71:fc:51:35:b3:58:aa:92:04:69:ea:0b:74:fc
Signer

.text
Size: 12.9MB - Virtual size: 12.9MB

.rdata
Size: 4.4MB - Virtual size: 4.4MB

.data
Size: 407KB - Virtual size: 1.7MB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 1.1MB - Virtual size: 1.1MB