MTM ANIMATE v1[.]1[.]8[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MTM ANIMATE v1.1.8.zip
Size

69.9MB
MD5

a9ccf3ad1a2eaaf2eac7a6684372b459
SHA1

978fe6bbb2f3b8d6e152fd46945de17786d22d7c
SHA256

c1179f948f74f218b5b3dd745259e7d8999eeb0cb65f66735e4be67b0cb96462
SHA512

c3918855948e28c025ab5418c7b6c770e5af4898c2a7063057de6ed175a3e97605f062da9329aea5d7e292480449f798de179c005b0bdc23ecc7ccb36363a433
SSDEEP

1572864:zK+38UC2u4/p1TDyiIehDbS0QXvc2Pw0GrGi5vteHLOkgqwe9RSabjs+mE:zK+3jCQTLIehDKbw0EGyteHLOkxwA4az

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup ANIMATE v1.1.8.exe

Files

MTM ANIMATE v1.1.8.zip
.zip
Activator/TurboActivate.dat
Activator/TurboActivate.dll
.dll windows:6 windows x86 arch:x86

3ca2fa204f288edb1fba4335cb242293

Code Sign

54:da:7a:31:e3:7d:eb:54:5d:6d:97:b0:b7:2e:24:16
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/10/2019, 00:00

Not After

16/10/2022, 23:59

Subject

SERIALNUMBER=614344,CN=wyDay\, LLC,O=wyDay\, LLC,POSTALCODE=03801,STREET=1465 Woodbury Ave.\, PMB 202,L=Portsmouth,ST=New Hampshire,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130d4e65772048616d707368697265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:30:be:f9:77:a9:f5:67:9f:94:96:cd:e3:d5:75:3b:49:cf:a4:09:23:3e:6a:3f:7b:b4:7f:d2:31:91:6c:c4
Signer

Actual PE Digest

6c:30:be:f9:77:a9:f5:67:9f:94:96:cd:e3:d5:75:3b:49:cf:a4:09:23:3e:6a:3f:7b:b4:7f:d2:31:91:6c:c4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetSecurityInfo
SetSecurityInfo
InitializeSecurityDescriptor
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
EqualSid
GetAce
GetAclInformation
SetSecurityDescriptorDacl
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
RegOpenKeyExA
OpenSCManagerW
CloseServiceHandle
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash

kernel32

InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
CreateEventW
HeapAlloc
VerSetConditionMask
GetProcessHeap
SleepEx
VerifyVersionInfoW
TlsGetValue
CreateIoCompletionPort
LocalAlloc
CreateFileW
DeviceIoControl
InitializeCriticalSectionEx
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
RaiseException
DecodePointer
GetModuleHandleW
FormatMessageW
WaitForSingleObjectEx
GlobalFree
GetModuleFileNameW
MultiByteToWideChar
GetCurrentProcess
GetProcAddress
WriteConsoleW
SetEndOfFile
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapSize
HeapReAlloc
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
HeapFree
TlsSetValue
SetWaitableTimer
DeleteFileW
SetFileAttributesW
CreateDirectoryW
CreateEventA
FormatMessageA
TlsFree
WideCharToMultiByte
DeleteCriticalSection
LocalFree
QueueUserAPC
CloseHandle
TlsAlloc
TerminateThread
FileTimeToSystemTime
GetConsoleOutputCP
WriteFile
SetEvent
SetEnvironmentVariableW
PostQueuedCompletionStatus
WaitForSingleObject
LeaveCriticalSection
WaitForMultipleObjects
EnterCriticalSection
GetLastError
CreateWaitableTimerW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetCurrentThreadId
EncodePointer
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
LCMapStringEx
GetStringTypeW
GetCPInfo
ResetEvent
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
Sleep
GetCurrentProcessId
ResumeThread
GetModuleHandleA
CreateWaitableTimerA
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemDirectoryW
FreeLibrary
LoadLibraryW
GetTickCount
GetEnvironmentVariableA
MoveFileExW
GetFileSizeEx
ReadFile
OutputDebugStringW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
SetFilePointerEx
GetStdHandle
GetTimeZoneInformation
FlushFileBuffers

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoCreateInstance

oleaut32

SafeArrayGetElement
SysFreeString
SysAllocString
VariantClear
SysStringLen
SysAllocStringLen

ws2_32

WSAStartup
WSACleanup
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSAIoctl
getaddrinfo
recv
WSASetLastError
closesocket
freeaddrinfo
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket

winhttp

WinHttpSetTimeouts
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpOpen

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore

shlwapi

PathAppendW

iphlpapi

GetAdaptersInfo

Exports

Exports

?DeleteProductKey@@YAXI@Z
?GetPPDetails@@YAJPAUPartialProductDetails@@@Z
?SetProgressDelegate@@YAXP6AXH@Z@Z
Activate
ActivateEx
ActivateFromFile
ActivationRequestToFile
ActivationRequestToFileEx
CheckAndSavePKey
Deactivate
DeactivationRequestToFile
ExtendTrial
GetCurrentProduct
GetExtraData
GetFeatureValue
GetPKey
IsActivated
IsDateValid
IsGenuine
IsGenuineEx
IsProductKeyValid
PDetsFromPath
SetCurrentProduct
SetCustomActDataPath
SetCustomProxy
TA_Activate
TA_ActivateFromFile
TA_ActivationRequestToFile
TA_CheckAndSavePKey
TA_Cleanup
TA_Deactivate
TA_DeactivationRequestToFile
TA_ExtendTrial
TA_GenuineDays
TA_GetExtraData
TA_GetFeatureValue
TA_GetHandle
TA_GetPKey
TA_GetVersion
TA_IsActivated
TA_IsDateValid
TA_IsGenuine
TA_IsGenuineEx
TA_IsProductKeyValid
TA_PDetsFromByteArray
TA_PDetsFromPath
TA_SetCustomActDataPath
TA_SetCustomProxy
TA_SetTrialCallback
TA_TrialDaysRemaining
TA_UseTrial
TA_UseTrialVerifiedFromFile
TA_UseTrialVerifiedRequest
TrialDaysRemaining
UseTrial

Sections

.text
Size: 707KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Activator/TurboActivate.exe
.exe windows:6 windows x86 arch:x86

7da7d7320771d58c1e0f1d4008db0b36

Code Sign

54:da:7a:31:e3:7d:eb:54:5d:6d:97:b0:b7:2e:24:16
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/10/2019, 00:00

Not After

16/10/2022, 23:59

Subject

SERIALNUMBER=614344,CN=wyDay\, LLC,O=wyDay\, LLC,POSTALCODE=03801,STREET=1465 Woodbury Ave.\, PMB 202,L=Portsmouth,ST=New Hampshire,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130d4e65772048616d707368697265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:e4:33:ee:9d:aa:ae:17:3f:58:75:8f:86:b3:03:74:0f:0a:c9:1e:d7:64:1e:21:ce:f8:86:76:25:de:b7:b7
Signer

Actual PE Digest

be:e4:33:ee:9d:aa:ae:17:3f:58:75:8f:86:b3:03:74:0f:0a:c9:1e:d7:64:1e:21:ce:f8:86:76:25:de:b7:b7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Wyatt\Documents\Visual Studio 2005\Projects\limelm-native-clients\bin\Release\TurboActivate.pdb

Imports

turboactivate

TA_IsProductKeyValid
TA_ExtendTrial
TA_TrialDaysRemaining
TA_SetCustomProxy
?GetPPDetails@@YAJPAUPartialProductDetails@@@Z
TA_CheckAndSavePKey
TA_Activate
?DeleteProductKey@@YAXI@Z
TA_UseTrial
TA_ActivationRequestToFile
TA_ActivateFromFile
TA_PDetsFromPath
TA_IsActivated
?SetProgressDelegate@@YAXP6AXH@Z@Z

kernel32

SetLastError
EnterCriticalSection
GetCommandLineW
lstrcpynW
GetModuleFileNameW
LeaveCriticalSection
CreateMutexW
InitializeCriticalSectionEx
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
HeapSize
MultiByteToWideChar
Sleep
GetLastError
lstrcatW
LockResource
HeapReAlloc
CloseHandle
RaiseException
CreateThread
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
LocalFree
DeleteCriticalSection
HeapFree
GetModuleHandleW
FreeLibrary
lstrcpyW
lstrcmpiW
LoadLibraryExW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GetFileType
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
ReadFile
TlsFree
TlsSetValue
SizeofResource
GetProcessHeap
LCMapStringW
WriteConsoleW
SetStdHandle
GetStringTypeW
TlsGetValue
TlsAlloc
RtlUnwind
OutputDebugStringW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
CreateFileW
FlushFileBuffers
SetEndOfFile
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

GetSystemMetrics
UnregisterClassW
SetWindowTextW
GetActiveWindow
MessageBoxW
BroadcastSystemMessageW
SetFocus
CharNextW
SetWindowLongW
GetDlgItem
GetParent
RegisterWindowMessageW
SetForegroundWindow
LoadImageW
GetWindowTextW
DestroyWindow
SendMessageW
GetWindow
PostMessageW
CallWindowProcW
DefWindowProcW
GetWindowTextLengthW
GetWindowLongW
ShowWindow

gdi32

DeleteObject
CreateFontIndirectW
GetObjectW

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW

shell32

ord680
CommandLineToArgvW
ShellExecuteW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

oleaut32

VarUI4FromStr

comctl32

PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R2R.nfo
Setup ANIMATE v1.1.8.exe
.exe windows:5 windows x86 arch:x86

20dd26497880c05caed9305b3c8b9109

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ca2fa204f288edb1fba4335cb242293

Code Sign

54:da:7a:31:e3:7d:eb:54:5d:6d:97:b0:b7:2e:24:16Certificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

6c:30:be:f9:77:a9:f5:67:9f:94:96:cd:e3:d5:75:3b:49:cf:a4:09:23:3e:6a:3f:7b:b4:7f:d2:31:91:6c:c4Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

shell32

ole32

oleaut32

ws2_32

winhttp

bcrypt

crypt32

shlwapi

iphlpapi

Exports

Exports

Sections

.text Size: 707KB - Virtual size: 706KB

.rdata Size: 306KB - Virtual size: 306KB

.data Size: 30KB - Virtual size: 38KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 42KB - Virtual size: 42KB

7da7d7320771d58c1e0f1d4008db0b36

Code Sign

54:da:7a:31:e3:7d:eb:54:5d:6d:97:b0:b7:2e:24:16Certificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

be:e4:33:ee:9d:aa:ae:17:3f:58:75:8f:86:b3:03:74:0f:0a:c9:1e:d7:64:1e:21:ce:f8:86:76:25:de:b7:b7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

turboactivate

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 83KB - Virtual size: 82KB

.reloc Size: 9KB - Virtual size: 9KB

20dd26497880c05caed9305b3c8b9109

Headers

54:da:7a:31:e3:7d:eb:54:5d:6d:97:b0:b7:2e:24:16
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

6c:30:be:f9:77:a9:f5:67:9f:94:96:cd:e3:d5:75:3b:49:cf:a4:09:23:3e:6a:3f:7b:b4:7f:d2:31:91:6c:c4
Signer

.text
Size: 707KB - Virtual size: 706KB

.rdata
Size: 306KB - Virtual size: 306KB

.data
Size: 30KB - Virtual size: 38KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 42KB - Virtual size: 42KB

54:da:7a:31:e3:7d:eb:54:5d:6d:97:b0:b7:2e:24:16
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

be:e4:33:ee:9d:aa:ae:17:3f:58:75:8f:86:b3:03:74:0f:0a:c9:1e:d7:64:1e:21:ce:f8:86:76:25:de:b7:b7
Signer

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 83KB - Virtual size: 82KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 61KB - Virtual size: 60KB

.itext
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 44KB - Virtual size: 44KB