Plazma Burst 2[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Plazma Burst 2.zip
Size

18.7MB
MD5

7049f75b8f8b32edf624845976fe32d1
SHA1

9ae5eec561ddfbdbd6df9f24b2b89e937cca4a9a
SHA256

c2e9ec8c3d75db98a0f8f82fdc59d9e5a713bf78ad2ddc6079057b939309805d
SHA512

5b2547a4a3ca8d231fedc997ef7bedf7b043d0eb1aad3f1432c205b72763467a7b5c950bc9d2a82287a9b1112cc90503873f468d7bb37c707834c9c2ca61366e
SSDEEP

393216:r4+PQLc+mkFAGm/OC6lj8Ras19e0wX76QRWpxbojO5Qu3gDkgqrh96y:rnYRmcLw6x8/epX7BWpxskQu37HWy

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Plazma Burst 2/PB2Launcher.dll
unpack001/Plazma Burst 2/PB2Launcher.exe

Files

Plazma Burst 2.zip
.zip
Plazma Burst 2/PB2Launcher.deps.json
Plazma Burst 2/PB2Launcher.dll
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\_HomeData\PC\Projects C#\PB2Launcher\obj\Release\netcoreapp3.1\PB2Launcher.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plazma Burst 2/PB2Launcher.exe
.exe windows:6 windows x86 arch:x86

bf1462ce2cfa173883d7ac57d7af7b93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\workspace\_work\1\s\artifacts\obj\win-x86.Release\corehost\cli\apphost\Release\apphost.pdb

Imports

kernel32

FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFullPathNameW
GetTempPathW
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableW
GetCurrentProcess
IsWow64Process
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
RtlUnwind
RaiseException
OutputDebugStringW
GetModuleHandleW
GetCurrentProcessId
Sleep
RemoveDirectoryW
DeleteCriticalSection
CreateDirectoryW
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
GetStringTypeW

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegGetValueW

api-ms-win-crt-runtime-l1-1-0

terminate
_controlfp_s
_register_thread_local_exe_atexit_callback
_errno
_c_exit
__p___wargv
_seh_filter_exe
__p___argc
_configure_wide_argv
_cexit
_crt_atexit
_exit
exit
_register_onexit_function
_initialize_onexit_table
_set_app_type
_initterm_e
_initterm
_get_initial_wide_environment
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment
abort

api-ms-win-crt-heap-l1-1-0

calloc
free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

frexp
__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf_s
__p__commode
fflush
_wfopen
__stdio_common_vfwprintf
fputws
fclose
fread
fseek
fwrite
__acrt_iob_func
fputwc
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

strcpy_s
memset
strcspn
wcsncmp
_wcsicmp
_wcsnicmp
wcsnlen
_wcsdup

api-ms-win-crt-locale-l1-1-0

__pctype_func
setlocale
___mb_cur_max_func
___lc_codepage_func
___lc_locale_name_func
localeconv
_unlock_locales
_lock_locales
_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_wrename
_wremove

api-ms-win-crt-convert-l1-1-0

wcstoul
_wtoi

api-ms-win-crt-time-l1-1-0

_time64
wcsftime
_gmtime64

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plazma Burst 2/PB2Launcher.pdb
Plazma Burst 2/PB2Launcher.runtimeconfig.json
Plazma Burst 2/Readme.txt
Plazma Burst 2/data/favicon.ico
Plazma Burst 2/data/flashplayer11_7r700_224_win_sa.exe
.exe windows:5 windows x86 arch:x86

731f911f2ca3e49f4175573a50f832cb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

21:36:32:9a:16:7a:6f:d6:bf:4b:b5:e8:77:8e:0b:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/02/2013, 00:00

Not After

25/02/2014, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Flash Player - Fortnight+OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:1b:2e:1d:b6:c7:6a:ce:b2:23:da:87:51:ae:d5:e5:a4:a2:a6:13
Signer

Actual PE Digest

22:1b:2e:1d:b6:c7:6a:ce:b2:23:da:87:51:ae:d5:e5:a4:a2:a6:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

FlashPlayer.pdb

Imports

oleaut32

SysFreeString

kernel32

GetCommandLineW
DeleteFileW
SetEndOfFile
WriteFile
CreateFileA
GetFileAttributesA
GetStartupInfoW
GetCommandLineA
GetModuleFileNameA
CreateFileW
GetFileSize
SetFilePointer
ReadFile
CloseHandle
GetVersionExW
GetModuleHandleA
GetSystemInfo
SwitchToThread
TlsGetValue
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetStdHandle
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringA
IsValidCodePage
GetOEMCP
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
TerminateProcess
GetStdHandle
GetSystemTimeAsFileTime
HeapReAlloc
UnhandledExceptionFilter
ExitProcess
RtlUnwind
GetStartupInfoA
IsProcessorFeaturePresent
GetProcessAffinityMask
HeapSize
HeapFree
GetProcessHeap
HeapAlloc
EnumSystemLocalesW
GetUserDefaultLCID
GetTimeFormatW
GetDateFormatW
CompareStringW
GetCurrencyFormatW
GetNumberFormatW
InterlockedCompareExchange
Sleep
GetCPInfo
GetACP
IsDBCSLeadByte
CreateProcessA
GetTempPathA
FindNextFileW
GetModuleFileNameW
GetTempFileNameW
GetSystemDirectoryW
ExpandEnvironmentStringsA
WideCharToMultiByte
MultiByteToWideChar
FindClose
GetTempPathW
CreateProcessW
GetTempFileNameA
CreateDirectoryA
DeleteFileA
GetVersionExA
GetLastError
CreateMutexA
FindFirstFileW
SetFilePointerEx
GetFileSizeEx
GetFileAttributesExW
GetFileInformationByHandle
GetVolumeInformationW
MoveFileExW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
OutputDebugStringA
CreateDirectoryW
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleHandleW
GetCurrentProcess
LoadLibraryW
GetFileAttributesW
VirtualQuery
ExitThread
GetUserDefaultLangID
GetUserDefaultUILanguage
VerifyVersionInfoW
VerSetConditionMask
GlobalFree
CreateThread
LockResource
LoadResource
FindResourceExA
FindResourceExW
GlobalAlloc
GlobalUnlock
GlobalLock
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalSize
QueueUserAPC
OpenThread
SleepEx
SetUnhandledExceptionFilter
GetCurrentProcessId
GetProcessTimes
RaiseException
WaitForSingleObject
FlushInstructionCache
SetLastError
TerminateThread
CreateEventW
SetEvent
ResetEvent
WaitForMultipleObjects
CreateWaitableTimerW
GetTickCount
SetThreadPriority
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
GetLocaleInfoW
LCMapStringW
GetSystemDirectoryA
GetExitCodeThread
DuplicateHandle
GetCurrentThread
MapViewOfFile
UnmapViewOfFile
CompareFileTime
LocalFree
ReleaseMutex
CreateFileMappingA
ReleaseSemaphore
CreateSemaphoreW
SetThreadAffinityMask
CreateEventA
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
InterlockedExchangeAdd
lstrlenW
GetVersion
DeviceIoControl
VirtualAlloc
VirtualFree
CreateSemaphoreA
GlobalMemoryStatusEx
DebugBreak
IsDebuggerPresent
SetSystemTime
FileTimeToSystemTime
TlsAlloc
TlsFree
ResumeThread
VirtualProtect

user32

GetWindow
UnregisterClassA
PostQuitMessage
GetWindowTextA
SetWindowTextA
LoadStringA
GetDlgItem
EndDialog
DialogBoxParamW
LoadStringW
InvalidateRect
InsertMenuA
InsertMenuW
RemoveMenu
GetSubMenu
GetMenu
UpdateWindow
ShowWindow
GetDlgItemTextA
GetWindowTextLengthA
GetDlgItemTextW
EnableWindow
GetWindowTextLengthW
SetFocus
SetDlgItemTextA
SetDlgItemTextW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
GetMenuStringA
GetMenuStringW
DestroyWindow
DefWindowProcW
EnableMenuItem
GetDoubleClickTime
WaitForInputIdle
GetForegroundWindow
SetWindowLongW
InflateRect
GetSystemMetrics
SetRect
PtInRect
SystemParametersInfoW
SendInput
SetPropW
GetPropW
DestroyIcon
GetCursor
SetCursor
SetRectEmpty
GetKeyState
PostMessageW
GetMonitorInfoW
MonitorFromWindow
ClientToScreen
FillRect
CreateIconIndirect
SendMessageW
SendMessageTimeoutW
GetParent
SetWindowTextW
LoadIconW
GetDesktopWindow
DialogBoxIndirectParamW
RedrawWindow
GetClientRect
ScreenToClient
MessageBoxA
KillTimer
SetTimer
GetQueueStatus
PeekMessageW
GetWindowLongW
GetWindowRect
GetFocus
CopyRect
GetWindowInfo
LoadCursorW
MessageBoxW
GetCursorPos
EnumWindows
GetCapture
CallWindowProcW
SetCapture
GetMessageTime
ReleaseCapture
TrackMouseEvent
SetCursorPos
RegisterClipboardFormatW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetClipboardData
EmptyClipboard
MoveWindow
MapWindowPoints
GetActiveWindow
FlashWindowEx
SetMenu
GetSystemMenu
IsZoomed
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
ShowWindowAsync
GetClassInfoExW
IsIconic
IsWindow
EnumDisplaySettingsW
EndPaint
BeginPaint
GetWindowTextW
RegisterClassExW
CreateWindowExW
DeleteMenu
LoadMenuW
RegisterClipboardFormatA
GetClipboardFormatNameA
InsertMenuItemW
CreateMenu
GetMenuItemInfoW
DrawMenuBar
SetMenuItemInfoW
SetMenuInfo
DestroyMenu
TrackPopupMenu
CreatePopupMenu
ShowCaret
CreateCaret
DestroyCaret
SetCaretPos
OffsetRect
DdeUninitialize
DdeFreeStringHandle
DdeDisconnect
DdeClientTransaction
DdeConnect
DdeCreateStringHandleA
DdeInitializeW
CharLowerW
CharUpperW
MapVirtualKeyW
GetKeyboardLayout
ActivateKeyboardLayout
EnumDisplayDevicesA
UpdateLayeredWindow
GetWindowThreadProcessId
EnumDisplayDevicesW
PostThreadMessageW
PostMessageA
RegisterWindowMessageA
DefWindowProcA
GetWindowLongA
DispatchMessageA
GetMessageA
SetWindowLongA
CreateWindowExA
RegisterClassExA
GetDC
ReleaseDC
SetWindowPos
CheckMenuItem

gdi32

CreateDCA
DeleteObject
CreatePalette
DeleteDC
GetICMProfileA
GetTextExtentPoint32A
BitBlt
EnumFontFamiliesExW
GetFontData
StretchDIBits
FillPath
ExtCreatePen
StrokePath
CreateSolidBrush
EndDoc
StartDocW
LPtoDP
GetStretchBltMode
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
GdiAlphaBlend
GetWorldTransform
SetGraphicsMode
SetWorldTransform
GetDeviceCaps
GetSystemPaletteEntries
SelectObject
CreateCompatibleDC
GetObjectW
GetTextCharacterExtra
DPtoLP
EnumFontFamiliesA
GetCurrentObject
GetTextExtentPoint32W
CreatePen
SetTextCharacterExtra
GetBkColor
SetBkColor
SelectClipRgn
GetTextColor
GetBkMode
GetTextAlign
SetBkMode
SetTextAlign
CreateRectRgn
GetClipRgn
IntersectClipRect
CreateFontIndirectA
SetTextColor
ExtTextOutW
ExtTextOutA
EnumFontFamiliesW
GetStockObject
GetTextMetricsW
GdiFlush
RestoreDC
SelectClipPath
PolyBezierTo
LineTo
MoveToEx
EndPath
BeginPath
EndPage
StartPage
SaveDC
SetPolyFillMode
GetClipBox
SelectPalette
RealizePalette
CreateFontIndirectW
CreateDIBSection
CreateBitmap
SetPixel

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameA
GetOpenFileNameW
PrintDlgW

shell32

DragQueryFileW
DragQueryFileA
DragAcceptFiles
SHGetSpecialFolderPathW
SHGetSettings
SHGetFolderLocation
SHAppBarMessage
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathA
SHGetDiskFreeSpaceExW
SHGetFolderPathW

ws2_32

WSACleanup
WSAStartup
select
ioctlsocket
closesocket
WSAAsyncSelect
WSAGetLastError
WSAIoctl
socket
WSASocketW
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
htons
gethostbyaddr
ntohs
getservbyport
WSASetLastError
gethostname
setsockopt
recv
send
getsockname
WSACloseEvent
recvfrom
sendto
bind
WSAAddressToStringA
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
connect
ntohl

mscms

DeleteColorTransform
TranslateBitmapBits
CreateColorTransformW
CloseColorProfile
OpenColorProfileW

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle

crypt32

CertCompareCertificate
CertCloseStore
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertCreateCertificateContext
CryptGetMessageCertificates
CryptVerifyMessageSignature
CertAddStoreToCollection
CertOpenStore
CertVerifyRevocation
CertVerifyTimeValidity
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCompareCertificateName
CryptFindOIDInfo
CertRDNValueToStrW
CertFindRDNAttr
CryptDecodeObjectEx
CertNameToStrW
CertFreeCertificateContext

urlmon

CopyStgMedium

version

GetFileVersionInfoSizeW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA

winmm

waveOutMessage
waveOutGetDevCapsA
waveInGetDevCapsA
mixerGetID
waveInOpen
waveInPrepareHeader
waveInReset
waveInUnprepareHeader
waveInClose
waveInStop
waveInAddBuffer
waveInStart
waveInGetNumDevs
waveInMessage
waveInGetDevCapsW
waveOutGetDevCapsW
waveOutGetPosition
waveOutOpen
waveOutClose
waveOutReset
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
timeGetTime
timeSetEvent
timeKillEvent
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
mixerClose
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetDevCapsA
mixerOpen
mixerGetControlDetailsA
waveOutRestart
waveOutPause
waveInGetPosition
mixerSetControlDetails
waveOutSetVolume
waveOutGetNumDevs

dsound

ord8
ord1

advapi32

CryptGetHashParam
CryptHashData
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegOpenKeyA
CryptCreateHash
CryptAcquireContextA
CryptDestroyHash
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExW
RegSetValueExA

ole32

CoUninitialize
ReleaseStgMedium
OleUninitialize
OleSetClipboard
OleFlushClipboard
CoInitialize
OleGetClipboard
OleInitialize
CoInitializeEx
CoTaskMemAlloc
MkParseDisplayName
CreateBindCtx
PropVariantClear
CoTaskMemFree
CoCreateInstance
OleIsCurrentClipboard

Exports

Exports

IAEModule_AEModule_PutKernel
IAEModule_IAEKernel_LoadModule
IAEModule_IAEKernel_UnloadModule
_WinMainSandboxed@20

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 243KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plazma Burst 2/data/icon_big.png
.png
Plazma Burst 2/data/pb2_re34_alt.swf
Plazma Burst 2/data/plazma_burst_fttp.swf

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 13KB - Virtual size: 13KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

bf1462ce2cfa173883d7ac57d7af7b93

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 6KB

731f911f2ca3e49f4175573a50f832cb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

21:36:32:9a:16:7a:6f:d6:bf:4b:b5:e8:77:8e:0b:fbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

22:1b:2e:1d:b6:c7:6a:ce:b2:23:da:87:51:ae:d5:e5:a4:a2:a6:13Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

kernel32

user32

gdi32

comdlg32

shell32

ws2_32

mscms

wininet

crypt32

urlmon

version

winmm

dsound

advapi32

ole32

Exports

Exports

Sections

.text
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

21:36:32:9a:16:7a:6f:d6:bf:4b:b5:e8:77:8e:0b:fb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

22:1b:2e:1d:b6:c7:6a:ce:b2:23:da:87:51:ae:d5:e5:a4:a2:a6:13
Signer

.text
Size: 7.5MB - Virtual size: 7.5MB

.rodata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 243KB - Virtual size: 1.1MB

.rodata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 307KB - Virtual size: 307KB

.reloc
Size: 324KB - Virtual size: 324KB