Telegram_Premium (desktop)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Telegram_Premium (desktop).zip
Size

13.4MB
MD5

79a3f0a2f5d694d72f28b593210a0095
SHA1

a001256ecdda73adaed1b1c48288c6e22533ad3f
SHA256

32d750ab036149a0ea0bc44317cfa401331badf93784b2353f0e1bde4e97ff0d
SHA512

aad70b7e130deda9fdd8c04e04d58b71cef8a126b50be51d4c71026b03a4599a62426ebf7d5cca0751e6e8e335e229af473df0d83a0f99c20e22f152e81e24e6
SSDEEP

196608:62zfbIhraG1+b2iIoZG2C63q2Pt51M7/SOwBgX/8Mas+PIuIj/rr:6SzG1+SWFW2Pvq7/STBgX1jjr

Score

1^/10

Malware Config

Signatures

Files

Telegram_Premium (desktop).zip
.zip
TelegramPremium.exe
.exe windows:5 windows x86 arch:x86

43644901bcf69a26923273ce776b8c3b

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:02:93:cd:c2:67:4e:33:ac:28:a8:95:36:bd:18:09:1c:f4:e1:09:2f:cc:7f:3f:bc:31:44:c2:d0:1f:a6:d2
Signer

Actual PE Digest

ff:02:93:cd:c2:67:4e:33:ac:28:a8:95:36:bd:18:09:1c:f4:e1:09:2f:cc:7f:3f:bc:31:44:c2:d0:1f:a6:d2

Digest Algorithm

sha256

PE Digest Matches

false

66:68:48:33:50:23:71:c9:61:f4:de:ed:0f:bb:3b:86:a3:72:dc:96
Signer

Actual PE Digest

66:68:48:33:50:23:71:c9:61:f4:de:ed:0f:bb:3b:86:a3:72:dc:96

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_EH_prolog

kernel32

GetStringTypeW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharToOemA
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegOpenKeyExA

ole32

CoInitializeSecurity

oleaut32

VariantClear

shlwapi

ord155

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pttŒÖ
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pttŒÖ
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ext/dnsns.jar
.jar
ext/images/cursors/cursors.properties
ext/images/cursors/invalid32x32.gif
.gif
ext/images/cursors/win32_CopyDrop32x32.gif
.gif
ext/images/cursors/win32_CopyNoDrop32x32.gif
.gif
ext/images/cursors/win32_LinkDrop32x32.gif
.gif
ext/images/cursors/win32_LinkNoDrop32x32.gif
.gif
ext/images/cursors/win32_MoveDrop32x32.gif
.gif
ext/images/cursors/win32_MoveNoDrop32x32.gif
.gif
ext/jaccess.jar
.jar
ext/jfr/default.jfc
.xml
ext/jfr/profile.jfc
.xml
ext/management/jmxremote.access
ext/management/jmxremote.password.template
ext/management/management.properties
ext/management/snmp.acl.template
ext/meta-index
ext/security/blacklist
ext/security/blacklisted.certs
ext/security/cacerts
ext/security/java.policy
ext/security/java.security
ext/security/javaws.policy
ext/security/policy/limited/US_export_policy.jar
.jar
ext/security/policy/limited/local_policy.jar
.jar
ext/security/policy/unlimited/US_export_policy.jar
.jar
ext/security/policy/unlimited/local_policy.jar
.jar
ext/security/public_suffix_list.dat
.zip
aaa
aarp
abarth
abb
abbott
abbvie
abc
able
abogado
abudhabi
ac
academy
accenture
accountant
accountants
aco
actor
ad
ads
adult
ae
aeg
aero
aetna
af
afl
africa
ag
agakhan
agency
ai
aig
airbus
airforce
airtel
akdn
al
alfaromeo
alibaba
alipay
allfinanz
allstate
ally
alsace
alstom
am
amazon
americanexpress
americanfamily
amex
amfam
amica
amsterdam
analytics
android
anquan
anz
ao
aol
apartments
app
apple
aq
aquarelle
ar
arab
aramco
archi
army
arpa
art
arte
as
asda
asia
associates
at
athleta
attorney
au
auction
audi
audible
audio
auspost
author
auto
autos
avianca
aw
aws
ax
axa
az
azure
ba
baby
baidu
banamex
bananarepublic
band
bank
bar
barcelona
barclaycard
barclays
barefoot
bargains
baseball
basketball
bauhaus
bayern
bb
bbc
bbt
bbva
bcg
bcn
bd
be
beats
beauty
beer
bentley
berlin
best
bestbuy
bet
bf
bg
bh
bharti
bi
bible
bid
bike
bing
bingo
bio
biz
bj
black
blackfriday
blockbuster
blog
bloomberg
blue
bm
bms
bmw
bn
bnpparibas
bo
boats
boehringer
bofa
bom
bond
boo
book
booking
bosch
bostik
boston
bot
boutique
box
br
bradesco
bridgestone
broadway
broker
brother
brussels
bs
bt
build
builders
business
buy
buzz
bv
bw
by
bz
bzh
ca
cab
cafe
cal
call
calvinklein
cam
camera
camp
canon
capetown
capital
capitalone
car
caravan
cards
care
career
careers
cars
casa
case
cash
casino
cat
catering
catholic
cba
cbn
cbre
cbs
cc
cd
center
ceo
cern
cf
cfa
cfd
cg
ch
chanel
channel
charity
chase
chat
cheap
chintai
christmas
chrome
church
ci
cipriani
circle
cisco
citadel
citi
citic
city
cityeats
ck
cl
claims
cleaning
click
clinic
clinique
clothing
cloud
club
clubmed
cm
cn
co
coach
codes
coffee
college
cologne
com
comcast
commbank
community
company
compare
computer
comsec
condos
construction
consulting
contact
contractors
cooking
cookingchannel
cool
coop
corsica
country
coupon
coupons
courses
cpa
cr
credit
creditcard
creditunion
cricket
crown
crs
cruise
cruises
cu
cuisinella
cv
cw
cx
cy
cymru
cyou
cz
dabur
dad
dance
data
date
dating
datsun
day
dclk
dds
de
deal
dealer
deals
degree
delivery
dell
deloitte
delta
democrat
dental
dentist
desi
design
dev
dhl
diamonds
diet
digital
direct
directory
discount
discover
dish
diy
dj
dk
dm
dnp
do
docs
doctor
dog
domains
dot
download
drive
dtv
dubai
dunlop
dupont
durban
dvag
dvr
dz
earth
eat
ec
eco
edeka
edu
education
ee
eg
email
emerck
energy
engineer
engineering
enterprises
epson
equipment
er
ericsson
erni
es
esq
estate
et
etisalat
eu
eurovision
eus
events
exchange
expert
exposed
express
extraspace
fage
fail
fairwinds
faith
family
fan
fans
farm
farmers
fashion
fast
fedex
feedback
ferrari
ferrero
fi
fiat
fidelity
fido
film
final
finance
financial
fire
firestone
firmdale
fish
fishing
fit
fitness
fj
fk
flickr
flights
flir
florist
flowers
fly
fm
fo
foo
food
foodnetwork
football
ford
forex
forsale
forum
foundation
fox
fr
free
fresenius
frl
frogans
frontdoor
frontier
ftr
fujitsu
fun
fund
furniture
futbol
fyi
ga
gal
gallery
gallo
gallup
game
games
gap
garden
gay
gb
gbiz
gd
gdn
ge
gea
gent
genting
george
gf
gg
ggee
gh
gi
gift
gifts
gives
giving
gl
glass
gle
global
globo
gm
gmail
gmbh
gmo
gmx
gn
godaddy
gold
goldpoint
golf
goo
goodyear
goog
google
gop
got
gov
gp
gq
gr
grainger
graphics
gratis
green
gripe
grocery
group
gs
gt
gu
guardian
gucci
guge
guide
guitars
guru
gw
gy
hair
hamburg
hangout
haus
hbo
hdfc
hdfcbank
health
healthcare
help
helsinki
here
hermes
hgtv
hiphop
hisamitsu
hitachi
hiv
hk
hkt
hm
hn
hockey
holdings
holiday
homedepot
homegoods
homes
homesense
honda
horse
hospital
host
hosting
hot
hoteles
hotels
hotmail
house
how
hr
hsbc
ht
hu
hughes
hyatt
hyundai
ibm
icbc
ice
icu
id
ie
ieee
ifm
ikano
il
im
imamat
imdb
immo
immobilien
in
inc
industries
infiniti
info
ing
ink
institute
insurance
insure
int
international
intuit
investments
io
ipiranga
iq
ir
irish
is
ismaili
ist
istanbul
it
itau
itv
jaguar
java
jcb
je
jeep
jetzt
jewelry
jio
jll
jm
jmp
jnj
jo
jobs
joburg
jot
joy
jp
jpmorgan
jprs
juegos
juniper
kaufen
kddi
ke
kerryhotels
kerrylogistics
kerryproperties
kfh
kg
kh
ki
kia
kids
kim
kinder
kindle
kitchen
kiwi
km
kn
koeln
komatsu
kosher
kp
kpmg
kpn
kr
krd
kred
kuokgroup
kw
ky
kyoto
kz
la
lacaixa
lamborghini
lamer
lancaster
lancia
land
landrover
lanxess
lasalle
lat
latino
latrobe
law
lawyer
lb
lc
lds
lease
leclerc
lefrak
legal
lego
lexus
lgbt
li
lidl
life
lifeinsurance
lifestyle
lighting
like
lilly
limited
limo
lincoln
link
lipsy
live
living
lk
llc
llp
loan
loans
locker
locus
lol
london
lotte
lotto
love
lpl
lplfinancial
lr
ls
lt
ltd
ltda
lu
lundbeck
luxe
luxury
lv
ly
ma
madrid
maif
maison
makeup
man
management
mango
map
market
marketing
markets
marriott
marshalls
maserati
mattel
mba
mc
mckinsey
md
me
med
media
meet
melbourne
meme
memorial
men
menu
merckmsd
mg
mh
miami
microsoft
mil
mini
mint
mit
mitsubishi
mk
ml
mlb
mls
mm
mma
mn
mo
mobi
mobile
moda
moe
moi
mom
monash
money
monster
mormon
mortgage
moscow
moto
motorcycles
mov
movie
mp
mq
mr
ms
msd
mt
mtn
mtr
mu
museum
music
mutual
mv
mw
mx
my
mz
na
nab
nagoya
name
natura
navy
nba
nc
ne
nec
net
netbank
netflix
network
neustar
new
news
next
nextdirect
nexus
nf
nfl
ng
ngo
nhk
ni
nico
nike
nikon
ninja
nissan
nissay
nl
no
nokia
northwesternmutual
norton
now
nowruz
nowtv
np
nr
nra
nrw
ntt
nu
nyc
nz
obi
observer
office
okinawa
olayan
olayangroup
oldnavy
ollo
om
omega
one
ong
onion
onl
online
ooo
open
oracle
orange
org
organic
origins
osaka
otsuka
ott
ovh
pa
page
panasonic
paris
pars
partners
parts
party
passagens
pay
pccw
pe
pet
pf
pfizer
pg
ph
pharmacy
phd
philips
phone
photo
photography
photos
physio
pics
pictet
pictures
pid
pin
ping
pink
pioneer
pizza
pk
pl
place
play
playstation
plumbing
plus
pm
pn
pnc
pohl
poker
politie
porn
post
pr
pramerica
praxi
press
prime
pro
prod
productions
prof
progressive
promo
properties
property
protection
pru
prudential
ps
pt
pub
pw
pwc
py
qa
qpon
quebec
quest
racing
radio
re
read
realestate
realtor
realty
recipes
red
redstone
redumbrella
rehab
reise
reisen
reit
reliance
ren
rent
rentals
repair
report
republican
rest
restaurant
review
reviews
rexroth
rich
richardli
ricoh
ril
rio
rip
ro
rocher
rocks
rodeo
rogers
room
rs
rsvp
ru
rugby
ruhr
run
rw
rwe
ryukyu
sa
saarland
safe
safety
sakura
sale
salon
samsclub
samsung
sandvik
sandvikcoromant
sanofi
sap
sarl
sas
save
saxo
sb
sbi
sbs
sc
sca
scb
schaeffler
schmidt
scholarships
school
schule
schwarz
science
scot
sd
se
search
seat
secure
security
seek
select
sener
services
seven
sew
sex
sexy
sfr
sg
sh
shangrila
sharp
shaw
shell
shia
shiksha
shoes
shop
shopping
shouji
show
showtime
si
silk
sina
singles
site
sj
sk
ski
skin
sky
skype
sl
sling
sm
smart
smile
sn
sncf
so
soccer
social
softbank
software
sohu
solar
solutions
song
sony
soy
spa
space
sport
spot
sr
srl
ss
st
stada
staples
star
statebank
statefarm
stc
stcgroup
stockholm
storage
store
stream
studio
study
style
su
sucks
supplies
supply
support
surf
surgery
suzuki
sv
swatch
swiss
sx
sy
sydney
systems
sz
tab
taipei
talk
taobao
target
tatamotors
tatar
tattoo
tax
taxi
tc
tci
td
tdk
team
tech
technology
tel
temasek
tennis
teva
tf
tg
th
thd
theater
theatre
tiaa
tickets
tienda
tiffany
tips
tires
tirol
tj
tjmaxx
tjx
tk
tkmaxx
tl
tm
tmall
tn
to
today
tokyo
tools
top
toray
toshiba
total
tours
town
toyota
toys
tr
trade
trading
training
travel
travelchannel
travelers
travelersinsurance
trust
trv
tt
tube
tui
tunes
tushu
tv
tvs
tw
tz
ua
ubank
ubs
ug
uk
unicom
university
uno
uol
ups
us
uy
uz
va
vacations
vana
vanguard
vc
ve
vegas
ventures
verisign
vermögensberater
vermögensberatung
versicherung
vet
vg
vi
viajes
video
vig
viking
villas
vin
vip
virgin
visa
vision
viva
vivo
vlaanderen
vn
vodka
volkswagen
volvo
vote
voting
voto
voyage
vu
vuelos
wales
walmart
walter
wang
wanggou
watch
watches
weather
weatherchannel
webcam
weber
website
wedding
weibo
weir
wf
whoswho
wien
wiki
williamhill
win
windows
wine
winners
wme
wolterskluwer
woodside
work
works
world
wow
ws
wtc
wtf
xbox
xerox
xfinity
xihuan
xin
xxx
xyz
yachts
yahoo
yamaxun
yandex
ye
yodobashi
yoga
yokohama
you
youtube
yt
yun
za
zappos
zara
zero
zip
zm
zone
zuerich
zw
ελ
ευ
бг
бел
дети
ею
католик
ком
мкд
мон
москва
онлайн
орг
рус
рф
сайт
срб
укр
қаз
հայ
ישראל
קום
ابوظبي
اتصالات
ارامكو
الاردن
البحرين
الجزائر
السعودية
السعوديه
السعودیة
السعودیۃ
العليان
المغرب
اليمن
امارات
ايران
ایران
بارت
بازار
بيتك
بھارت
تونس
سودان
سوريا
سورية
شبكة
عراق
عرب
عمان
فلسطين
قطر
كاثوليك
كوم
مصر
مليسيا
موريتانيا
موقع
همراه
پاكستان
پاکستان
ڀارت
कॉम
नेट
भारत
भारतम्
भारोत
संगठन
বাংলা
ভারত
ভাৰত
ਭਾਰਤ
ભારત
ଭାରତ
இந்தியா
இலங்கை
சிங்கப்பூர்
భారత్
ಭಾರತ
ഭാരതം
ලංකා
คอม
ไทย
ລາວ
გე
みんな
アマゾン
クラウド
グーグル
コム
ストア
セール
ファッション
ポイント
世界
中信
中国
中國
中文网
亚马逊
企业
佛山
信息
健康
八卦
公司
公益
台湾
台灣
商城
商店
商标
嘉里
嘉里大酒店
在线
大拿
天主教
娱乐
家電
广东
微博
慈善
我爱你
手机
招聘
政务
政府
新加坡
新闻
时尚
書籍
机构
淡马锡
游戏
澳門
澳门
点看
移动
组织机构
网址
网店
网站
网络
联通
臺灣
谷歌
购物
通販
集团
電訊盈科
飞利浦
食品
餐厅
香格里拉
香港
닷넷
닷컴
삼성
한국
ext/sunec.jar
.jar
ext/sunmscapi.jar
.jar
ext/zipfs.jar
.jar
nvspapi64.dll
.dll windows:6 windows x64 arch:x64

977f887ba1716db690f3f6cd927adbd9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5c:e6:b8:0f:b6:5e:84:3d:63:24:f8:08:f8:aa:96:62:96:8b:2a:37:3b:17:15:30:0f:58:da:b0:13:51:9b:57
Signer

Actual PE Digest

5c:e6:b8:0f:b6:5e:84:3d:63:24:f8:08:f8:aa:96:62:96:8b:2a:37:3b:17:15:30:0f:58:da:b0:13:51:9b:57

Digest Algorithm

sha256

PE Digest Matches

true

b0:12:be:31:da:b9:f9:e3:24:cd:c6:72:5c:a7:03:ce:e1:64:09:b6
Signer

Actual PE Digest

b0:12:be:31:da:b9:f9:e3:24:cd:c6:72:5c:a7:03:ce:e1:64:09:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\api\win7_amd64_release\nvspapi64.pdb

Imports

shell32

SHGetFolderPathA
SHGetKnownFolderPath

ole32

CoTaskMemFree

oleaut32

SetErrorInfo
CreateErrorInfo
GetErrorInfo
VariantCopy
SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType

advapi32

FreeSid
ConvertStringSidToSidW
OpenSCManagerA
CloseServiceHandle
GetUserNameW
GetUserNameA
SetTokenInformation
DuplicateTokenEx
RegDeleteKeyValueA
RegSetValueExA
RegQueryValueExW
RegDeleteKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetSecurityInfo
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
AllocateAndInitializeSid
CopySid
RegCreateKeyExA
GetLengthSid
GetSecurityDescriptorDacl
GetTokenInformation
SetEntriesInAclA
LookupAccountNameA
ConvertSidToStringSidA
RegDeleteKeyA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

shlwapi

PathFindFileNameA
PathFileExistsA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
HeapSize
HeapReAlloc
SetStdHandle
SetFilePointerEx
ReadConsoleW
WriteConsoleW
CreateProcessW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
SetEvent
CreateEventA
WaitForMultipleObjects
GetLastError
ResetEvent
WaitForSingleObject
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetThreadId
FreeLibrary
GetProcAddress
WideCharToMultiByte
GetSystemDirectoryW
SetLastError
HeapFree
GetProcessHeap
OpenEventA
Sleep
SetDllDirectoryA
GetModuleHandleA
CreateDirectoryA
CreateFileA
GetFileSizeEx
OutputDebugStringA
GetLocalTime
GetModuleFileNameW
MoveFileExA
CreateFileW
ReadFile
WriteFile
WaitNamedPipeW
CreateEventW
QueryPerformanceCounter
QueryPerformanceFrequency
OpenProcess
LoadLibraryA
ReleaseMutex
UnmapViewOfFile
OpenFileMappingA
HeapAlloc
CreateMutexA
GetCurrentProcess
MapViewOfFile
LocalAlloc
LocalFree
OpenMutexA
CreateFileMappingA
GetModuleFileNameA
WTSGetActiveConsoleSessionId
VerSetConditionMask
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
CreateProcessA
SetEndOfFile
GetModuleHandleW
LoadLibraryExW
lstrcmpA
VerifyVersionInfoW
DecodePointer
RaiseException
InitializeCriticalSectionEx
SetCurrentDirectoryA
GetFileAttributesA
TerminateProcess
ProcessIdToSessionId
GetSystemDirectoryA
GetVersionExA
GetVolumeInformationA
MultiByteToWideChar
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeleteFileA
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
GetFileType
GetStdHandle
GetACP
GetCurrentThread
GetModuleHandleExW
ExitProcess
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx

user32

EnumDisplaySettingsA
wsprintfW
ChangeWindowMessageFilterEx
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
SendMessageA
GetForegroundWindow
TranslateMessage
GetMessageA
PostThreadMessageA
RedrawWindow
PostMessageA
EnumDisplaySettingsExA
DispatchMessageA
GetWindowThreadProcessId
EnumDisplayDevicesA
DefWindowProcA
WaitForInputIdle
EnumWindows
GetShellWindow
FindWindowExW
FindWindowA
FindWindowW

Exports

Exports

CreateOverlayApiInterface
CreateShadowPlayApiInterface
ShadowPlayOnSystemStart

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43644901bcf69a26923273ce776b8c3b

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ff:02:93:cd:c2:67:4e:33:ac:28:a8:95:36:bd:18:09:1c:f4:e1:09:2f:cc:7f:3f:bc:31:44:c2:d0:1f:a6:d2Signer

66:68:48:33:50:23:71:c9:61:f4:de:ed:0f:bb:3b:86:a3:72:dc:96Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

wtsapi32

Sections

.text Size: - Virtual size: 102KB

.rdata Size: - Virtual size: 37KB

.data Size: - Virtual size: 7.1MB

.pttŒÖ Size: - Virtual size: 4.1MB

.pttŒÖ Size: 8.0MB - Virtual size: 8.0MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 91KB - Virtual size: 90KB

977f887ba1716db690f3f6cd927adbd9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:deCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

32:58:e8:ee:54:af:5c:27Certificate

Extended Key Usages

Key Usages

5c:e6:b8:0f:b6:5e:84:3d:63:24:f8:08:f8:aa:96:62:96:8b:2a:37:3b:17:15:30:0f:58:da:b0:13:51:9b:57Signer

b0:12:be:31:da:b9:f9:e3:24:cd:c6:72:5c:a7:03:ce:e1:64:09:b6Signer

Headers

DLL Characteristics

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ff:02:93:cd:c2:67:4e:33:ac:28:a8:95:36:bd:18:09:1c:f4:e1:09:2f:cc:7f:3f:bc:31:44:c2:d0:1f:a6:d2
Signer

66:68:48:33:50:23:71:c9:61:f4:de:ed:0f:bb:3b:86:a3:72:dc:96
Signer

.text
Size: - Virtual size: 102KB

.rdata
Size: - Virtual size: 37KB

.data
Size: - Virtual size: 7.1MB

.pttŒÖ
Size: - Virtual size: 4.1MB

.pttŒÖ
Size: 8.0MB - Virtual size: 8.0MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 91KB - Virtual size: 90KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

32:58:e8:ee:54:af:5c:27
Certificate

5c:e6:b8:0f:b6:5e:84:3d:63:24:f8:08:f8:aa:96:62:96:8b:2a:37:3b:17:15:30:0f:58:da:b0:13:51:9b:57
Signer

b0:12:be:31:da:b9:f9:e3:24:cd:c6:72:5c:a7:03:ce:e1:64:09:b6
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 217KB - Virtual size: 217KB

.data
Size: 26KB - Virtual size: 56KB

.pdata
Size: 59KB - Virtual size: 58KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 319B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB