EndpointProductRemoval[.]exe

Resubmissions

17/02/2024, 20:09

240217-yxjn8sba24 6

17/02/2024, 19:59

240217-yqnplsah79 3

Sharing

Copy URL Twitter E-mail

General

Target

EndpointProductRemoval.exe
Size

55.0MB
MD5

dd2d46ef803d9f115e21b9a8ab65877f
SHA1

9b91f3dcff7144a7ff9d147e0801d2eddc0ea51b
SHA256

b1fd2473f2fdabc0222d51521694de638d818800ad92cf87e0d4e62d998bc5dc
SHA512

5440643f79760ee5a0d2ad517ad9af24c7c56c00f23f8cac5b1b4bee419b299cefc657e227b4e1c0f55fc18ec66fb59c90a024e0e8fdce2084f69ed9b38d1163
SSDEEP

786432:DX0zOiNGvUVXiEV4iogvSjo/xDBqkjiF8Svl4/dI2MN06:LbvUVhVdog6jfkOFI406

Score

1^/10

Malware Config

Signatures

Files

EndpointProductRemoval.exe
.exe windows:6 windows x86 arch:x86

139c28eafea0e7f36bc197dc70c95b99

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:cd:0f:b9:8c:2c:d0:02:95:96:28:d9
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/04/2022, 07:50

Not After

05/04/2025, 07:50

Subject

CN=MUSARUBRA US LLC,O=MUSARUBRA US LLC,L=New Castle,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:9c:a8:3d:4b:01:f3:ed:aa:e8:62:86:64:3e:62:47:0b:45:24:89:76:65:e4:61:32:03:10:ed:5c:71:c9:c2
Signer

Actual PE Digest

81:9c:a8:3d:4b:01:f3:ed:aa:e8:62:86:64:3e:62:47:0b:45:24:89:76:65:e4:61:32:03:10:ed:5c:71:c9:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\workspace\EUA\EPR_TOOL\EPR_TOOL_Master\build\Release\Win32\ui\EndpointProductRemoval.pdb

Imports

ws2_32

getaddrinfo
select
WSARecv
WSASend
WSASocketW
WSAStringToAddressW
WSACleanup
freeaddrinfo
recv
send
WSASetLastError
accept
WSAStartup
WSAGetLastError
WSAIoctl
htonl
bind
closesocket
connect
listen
setsockopt
WSAAddressToStringW
gethostname
__WSAFDIsSet
ntohl
ioctlsocket
getsockname
getsockopt

advapi32

RegNotifyChangeKeyValue
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownW
RegCreateKeyExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegQueryValueExW
CryptGetHashParam
CryptHashData
TraceEvent
RegQueryValueW
RegEnumKeyW
RegRenameKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCopyTreeW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegEnumValueW
LookupPrivilegeDisplayNameW
CreateWellKnownSid
GetUserNameW
LookupAccountSidW
GetTokenInformation
CreateProcessAsUserW
DuplicateTokenEx
StartServiceW
ControlService
DeleteService
QueryServiceConfigW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
RegOpenKeyExA

kernel32

ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedIncrement
InterlockedCompareExchange
GetSystemTime
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
VirtualFree
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableA
GetACP
SetStdHandle
VirtualAlloc
HeapQueryInformation
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
PeekNamedPipe
GetDriveTypeW
ExitProcess
SetConsoleCtrlHandler
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
GetLogicalProcessorInformation
GetSystemInfo
OpenEventA
ReleaseSemaphore
SleepConditionVariableSRW
WakeAllConditionVariable
CopyFileExW
CreateDirectoryExW
RemoveDirectoryW
SetCurrentDirectoryW
GetCPInfo
LCMapStringW
AreFileApisANSI
SetFilePointerEx
GetFileInformationByHandle
FindFirstFileExW
QueryPerformanceFrequency
TryEnterCriticalSection
GetStringTypeW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
SetErrorMode
GetProfileIntW
SearchPathW
GetWindowsDirectoryW
FindResourceExW
GetTempPathW
GetTempFileNameW
VirtualQuery
lstrcmpiW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
GetFileSize
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
lstrcpyW
LocalReAlloc
GlobalHandle
GlobalReAlloc
GetThreadLocale
SystemTimeToFileTime
FileTimeToSystemTime
GlobalGetAtomNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
lstrcmpA
GetVersionExW
GetCurrentThread
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
FreeResource
EncodePointer
OutputDebugStringA
CopyFileW
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
GetSystemPowerStatus
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
QueryFullProcessImageNameW
GetFileAttributesExW
GetUserDefaultLCID
CreateWaitableTimerW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateEventA
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
CreateDirectoryW
SetFileAttributesW
GetComputerNameW
K32GetModuleFileNameExW
GetQueuedCompletionStatus
SetWaitableTimer
CreateIoCompletionPort
SleepEx
SetEvent
QueueUserAPC
TerminateThread
WaitForMultipleObjects
CreateEventW
GlobalFree
GlobalAlloc
WTSGetActiveConsoleSessionId
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetTickCount
InitializeCriticalSection
DeleteFileW
MoveFileExW
Sleep
GetLogicalDriveStringsW
GetTickCount64
GetUserDefaultLocaleName
GetFileAttributesW
LocalAlloc
LoadLibraryExW
GetModuleHandleA
GetSystemDirectoryW
DeviceIoControl
OutputDebugStringW
CreateFileW
GetCurrentDirectoryW
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
FindNextFileW
FindFirstFileW
FindClose
CreateFiber
DeleteFiber
SwitchToFiber
MultiByteToWideChar
WriteFile
GetFileType
GetEnvironmentVariableW
GetStdHandle
LoadLibraryW
LoadLibraryA
FreeLibrary
GetModuleHandleExW
TlsSetValue
TlsGetValue
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
SetLastError
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
TlsFree
PostQueuedCompletionStatus
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
CloseHandle
TlsAlloc
LocalFree
WideCharToMultiByte
FormatMessageW
FormatMessageA
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
GetLastError
GetCurrentProcess
GetProcAddress
GetModuleHandleW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
LoadLibraryExA
WriteConsoleW

user32

LoadCursorW
IntersectRect
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
SetCursor
ShowOwnedPopups
TranslateMessage
GetMessageW
DrawIconEx
IsRectEmpty
InflateRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
MapVirtualKeyW
GetKeyNameTextW
GetAsyncKeyState
OffsetRect
SetRectEmpty
SendDlgItemMessageA
GetCursorPos
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
SetTimer
KillTimer
DeleteMenu
ScreenToClient
MapWindowPoints
CopyRect
EqualRect
PtInRect
DrawTextW
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
SetLayeredWindowAttributes
CreateDialogIndirectParamW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
MessageBeep
WindowFromPoint
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
DestroyIcon
LoadImageW
WaitMessage
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
CallNextHookEx
UnhookWindowsHookEx
GetWindowLongW
SetWindowLongW
GetClassLongW
EnumDisplayMonitors
CopyImage
RealChildWindowFromPoint
TrackMouseEvent
IsZoomed
CharUpperW
SetCapture
EndDialog
ReleaseCapture
GetNextDlgGroupItem
SetParent
OpenClipboard
GetTopWindow
AdjustWindowRectEx
EnableWindow
LoadIconW
SendMessageW
GetParent
GetSysColor
MessageBoxA
GetSystemMenu
AppendMenuW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
RedrawWindow
UnregisterClassW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
wsprintfW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
DrawStateW
UpdateWindow
InvalidateRect
FillRect
GetClassNameW
LoadBitmapW
LoadMenuW
GetWindowRect
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetDlgItem
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
GetLastActivePopup
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
ValidateRect
CloseClipboard
SetClipboardData
EmptyClipboard
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetDoubleClickTime
GetIconInfo
CopyIcon
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
GetUpdateRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
RegisterClipboardFormatW
CharUpperBuffW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
FrameRect
PostThreadMessageW
HideCaret
InvertRect
SubtractRect
IsClipboardFormatAvailable
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
CreateMenu
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
GetWindow
SetWindowsHookExW
DestroyCursor
GetWindowRgn

gdi32

SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
CombineRgn
SaveDC
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
CreateFontIndirectW
GetMapMode
SetRectRgn
DPtoLP
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
Rectangle
SetPixel
GetRgnBox
RealizePalette
StretchBlt
SetDIBColorTable
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
SetPolyFillMode
EnumFontFamiliesExW
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
DeleteDC
CopyMetaFileW
CreateDCW
GetDeviceCaps
CreateSolidBrush
DeleteObject
GetStockObject
GetObjectW
SetBkColor
SetTextColor
CreateBitmap
BitBlt
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
GetObjectType
CreateEllipticRgn
RestoreDC
GetPixel

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

shell32

DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHBrowseForFolderW
SHAppBarMessage
SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx

uxtheme

DrawThemeText
GetThemePartSize
GetThemeSysColor
IsAppThemed
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeParentBackground
GetWindowTheme
IsThemeBackgroundPartiallyTransparent

ole32

CoInitializeEx
CoUninitialize
CoRegisterMessageFilter
CoRevokeClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
OleRun
CoCreateInstance

oleaut32

OleCreateFontIndirect
LoadTypeLi
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdiplusShutdown

rpcrt4

UuidCreate

wintrust

WinVerifyTrust

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

bcrypt

BCryptFinishHash
BCryptHashData
BCryptDestroyHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCreateHash
BCryptCloseAlgorithmProvider

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

shlwapi

PathFileExistsW
PathIsRelativeW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

crypt32

CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenSystemStoreW

msi

ord163
ord121
ord116
ord160
ord159
ord32
ord92
ord8
ord70

wtsapi32

WTSQueryUserToken

Exports

Exports

ma_dl_close
ma_dl_error
ma_dl_open
ma_dl_sym
ma_temp_buffer_address_of
ma_temp_buffer_capacity
ma_temp_buffer_copy
ma_temp_buffer_get
ma_temp_buffer_init
ma_temp_buffer_reserve
ma_temp_buffer_uninit

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48.7MB - Virtual size: 48.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

139c28eafea0e7f36bc197dc70c95b99

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

5c:cd:0f:b9:8c:2c:d0:02:95:96:28:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

81:9c:a8:3d:4b:01:f3:ed:aa:e8:62:86:64:3e:62:47:0b:45:24:89:76:65:e4:61:32:03:10:ed:5c:71:c9:c2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

advapi32

kernel32

user32

gdi32

msimg32

winspool.drv

shell32

comctl32

uxtheme

ole32

oleaut32

oledlg

gdiplus

rpcrt4

wintrust

version

bcrypt

oleacc

imm32

winmm

shlwapi

crypt32

msi

wtsapi32

Exports

Exports

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 81KB - Virtual size: 138KB

.gfids Size: 111KB - Virtual size: 111KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 48.7MB - Virtual size: 48.7MB

.reloc Size: 304KB - Virtual size: 303KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

5c:cd:0f:b9:8c:2c:d0:02:95:96:28:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

81:9c:a8:3d:4b:01:f3:ed:aa:e8:62:86:64:3e:62:47:0b:45:24:89:76:65:e4:61:32:03:10:ed:5c:71:c9:c2
Signer

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 81KB - Virtual size: 138KB

.gfids
Size: 111KB - Virtual size: 111KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 48.7MB - Virtual size: 48.7MB

.reloc
Size: 304KB - Virtual size: 303KB