2024-02-25_f1ce31a34c46e1c88bd55b31d4336f78_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-25_f1ce31a34c46e1c88bd55b31d4336f78_magniber
Size

31.4MB
MD5

f1ce31a34c46e1c88bd55b31d4336f78
SHA1

fa6e01a94465d118ed92102962cb0b9a07d246bc
SHA256

32e52a834f24e31c8750dd2d8c049d32a1857caad5e5e137f458a2059564a205
SHA512

446acc10d4d0ae3ca82c3165316790e2254aa700775a512006f69492b59286abf4c5565643a12d739c1708ba185b3d6ea505644e2fd2d8c8b4f66ede69781b8b
SSDEEP

393216:t5mGUvUow2yyQpnWAZ2TnhUKXaYwLiAU5CH29Qayuz:fjaUowwQpnWA4TnhUKXasBmuz

Score

1^/10

Malware Config

Signatures

Files

2024-02-25_f1ce31a34c46e1c88bd55b31d4336f78_magniber
.exe windows:6 windows x86 arch:x86

3790bd88aee7c3a1f111a9c6b010d3a8

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:6a:ee:35:74:ee:c0:63:5a:5c:ff:cf
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

09/03/2021, 10:58

Not After

20/02/2024, 07:23

Subject

SERIALNUMBER=1085403018293,CN=Brandmeister LLC,O=Brandmeister LLC,STREET=ul Sibiryakov-Gvardeytsev\, 38A,L=Novosibirsk,ST=Novosibirsk region,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13124e6f766f7369626972736b204f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:38:ef:e6:c3:c1:d4:e7:42:48:7c:45:d7:3e:c5:05:06:3e:b2:39
Signer

Actual PE Digest

73:38:ef:e6:c3:c1:d4:e7:42:48:7c:45:d7:3e:c5:05:06:3e:b2:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avcodec-58

avcodec_get_class
avcodec_find_encoder
av_packet_unref
av_packet_ref
avpicture_get_size
avcodec_close
avcodec_parameters_to_context
avcodec_send_packet
avcodec_free_context
avcodec_alloc_context3
avcodec_register_all
avcodec_open2
avcodec_find_decoder
av_packet_alloc
avcodec_receive_frame
av_free_packet
avcodec_decode_audio4
av_packet_from_data
avpicture_fill
av_init_packet

avformat-58

avformat_open_input
avformat_find_stream_info
av_read_frame
av_seek_frame
avformat_close_input
av_guess_frame_rate
avformat_match_stream_specifier
av_register_all

avutil-56

av_malloc
av_free
av_freep
av_rescale_rnd
av_rescale_q
av_frame_alloc
av_get_channel_layout_nb_channels
av_samples_get_buffer_size
av_samples_alloc
av_samples_alloc_array_and_samples
av_opt_set_int
av_opt_set_sample_fmt
av_frame_free
av_strerror
av_log
av_dict_get
av_dict_set
av_get_bytes_per_sample
av_frame_unref
av_frame_move_ref
av_opt_find

swresample-3

swr_convert
swr_init
swr_free
swr_alloc_set_opts
swr_get_delay
swr_alloc

swscale-5

sws_getContext
sws_freeContext
sws_scale
sws_getCachedContext

d3d11

CreateDirect3D11DeviceFromDXGIDevice
D3D11CreateDevice

dxgi

CreateDXGIFactory1

api-ms-win-core-file-l1-1-0

FindNextFileW
GetFileSizeEx
ReadFile
SetFilePointerEx
GetFileType
DeleteFileA
SetFilePointer
RemoveDirectoryW
FindNextFileA
FindFirstFileExA
UnlockFileEx
FindFirstFileW
FlushFileBuffers
GetFileTime
WriteFile
GetFileSize
LockFileEx
GetFileAttributesExA
FindClose
SetEndOfFile
FindFirstFileExW
CreateFileA
DeleteFileW
CreateFileW
SetFileInformationByHandle
CreateDirectoryW
GetFileAttributesExW
GetFileAttributesW

api-ms-win-core-handle-l1-1-0

CloseHandle
GetHandleInformation
DuplicateHandle

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateMutexW
CreateEventW
CancelWaitableTimer
TryEnterCriticalSection
OpenEventA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ResetEvent
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeCriticalSection
ReleaseSemaphore
SetEvent
InitializeCriticalSectionEx
SetWaitableTimer
SetCriticalSectionSpinCount
CreateEventA
WaitForSingleObjectEx
CreateEventExW
CreateSemaphoreExW
OpenEventW
AcquireSRWLockExclusive
EnterCriticalSection

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
SignalObjectAndWait
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WakeConditionVariable
Sleep

api-ms-win-core-processthreads-l1-1-0

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
CreateProcessW
GetStartupInfoW
TerminateThread
GetCurrentThreadId
GetProcessTimes
SwitchToThread
ExitThread
GetExitCodeProcess
GetCurrentProcess
ExitProcess
GetExitCodeThread
ResumeThread
CreateThread
GetCurrentThread
SetThreadPriority
CreateProcessA
TerminateProcess
FlushProcessWriteBuffers
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-1

GetThreadTimes
OpenProcess
IsProcessorFeaturePresent
GetCurrentProcessorNumber

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetTickCount64
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
GetLogicalProcessorInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadResource
LoadLibraryExW
GetModuleHandleW
LockResource
SizeofResource
GetProcAddress
GetModuleHandleExW
FreeLibrary
GetModuleHandleA
FreeLibraryAndExitThread

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileExW

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplayDevicesW
EnumDisplayMonitors
GetMonitorInfoW
GetSystemMetrics

api-ms-win-core-localization-l1-2-0

EnumSystemLocalesW
IsValidLocale
LCMapStringW
IsValidCodePage
FormatMessageW
GetCPInfo
GetLocaleInfoW
GetLocaleInfoEx
GetOEMCP
GetUserDefaultLCID
LCMapStringEx
FormatMessageA
GetACP
GetSystemDefaultLCID

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoGetMalloc
CoInitializeEx
CoSetProxyBlanket
CoCreateGuid
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoIncrementMTAUsage
CreateStreamOnHGlobal
PropVariantClear

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Process32NextW
Process32FirstW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
K32GetProcessMemoryInfo

d2d1

ord2
ord1

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
CreateWaitableTimerW
WaitForMultipleObjects

xmllite

CreateXmlReaderInputWithEncodingName
CreateXmlWriter
CreateXmlReader
CreateXmlWriterOutputWithEncodingName

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringEx
MultiByteToWideChar
GetStringTypeW
CompareStringW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryA
LoadLibraryW

api-ms-win-core-normalization-l1-1-0

NormalizeString

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalAlloc
GlobalFree

oleaut32

OleCreatePropertyFrame
SysAllocString
SysStringLen
VariantClear
VariantInit
SysFreeString

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-memory-l1-1-0

VirtualAlloc
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
OpenFileMappingW
VirtualProtect
VirtualFree
CreateFileMappingW

api-ms-win-core-heap-l1-1-0

HeapQueryInformation
GetProcessHeap
HeapFree
HeapAlloc
HeapSize
HeapReAlloc

dwrite

DWriteCreateFactory

api-ms-win-core-file-l1-2-0

GetTempPathW

mfplat

MFCreateAttributes
MFStartup
MFCreateMediaType
MFTRegisterLocalByCLSID

mfreadwrite

MFCreateSourceReaderFromMediaSource

ws2_32

freeaddrinfo
getaddrinfo
connect
ioctlsocket
setsockopt
WSAGetLastError
__WSAFDIsSet
recv
select
send
socket
closesocket

api-ms-win-core-kernel32-legacy-l1-1-5

SetThreadExecutionState

api-ms-win-core-namedpipe-l1-1-0

ConnectNamedPipe
CreateNamedPipeW

api-ms-win-mm-time-l1-1-0

timeGetTime

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleMode
GetConsoleCP
WriteConsoleW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-2

GetSystemTimes

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
FreeEnvironmentStringsW
GetStdHandle
GetEnvironmentStringsW
ExpandEnvironmentStringsW
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentVariableA
SetStdHandle

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-file-l1-2-2

AreFileApisANSI
GetTempPathA

dwmapi

DwmGetWindowAttribute
DwmExtendFrameIntoClientArea

kernel32

Module32FirstW
SetDefaultDllDirectories
K32GetProcessImageFileNameW
AddDllDirectory
Module32NextW

user32

SetWindowTextW
RedrawWindow
SetForegroundWindow
EnableWindow
ReleaseCapture
SetCapture
BringWindowToTop
EndDeferWindowPos
BeginDeferWindowPos
GetCursorPos
SetWindowPos
DestroyWindow
GetClassInfoExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
UnregisterHotKey
RegisterHotKey
ScreenToClient
MapWindowPoints
SetRectEmpty
PtInRect
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
GetWindowDC
GetDCEx
GetAncestor
SetWindowLongW
EnumWindows
GetShellWindow
GetWindowPlacement
MessageBoxA
EnumChildWindows
GetWindow
GetWindowThreadProcessId
GetClassNameW
FindWindowExW
GetDesktopWindow
GetWindowLongW
GetClientRect
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
IsWindowVisible
CloseDesktop
SetThreadDesktop
OpenInputDesktop
MessageBoxW
GetWindowRect
ReleaseDC
GetDC
KillTimer
SetTimer
LoadCursorW
SetLayeredWindowAttributes
GetKeyState
IsIconic
ShowWindow
IsWindow
PostMessageW
SendMessageW
GetCapture
GetUpdateRect
GetWindowRgn
GetParent
DeferWindowPos
SendInput
DrawTextW
GetMessageW
TranslateMessage
DispatchMessageW
SetFocus
MonitorFromWindow
SetWindowRgn
SetCursor
CallWindowProcW
GetTopWindow
GetComboBoxInfo
ShowScrollBar
MessageBeep
SetWindowLongA
UnregisterClassW
ClientToScreen
LoadAcceleratorsW
TranslateAcceleratorW
TrackMouseEvent
CreateWindowExW
ChangeWindowMessageFilterEx
GetFocus
AdjustWindowRectEx
FillRect
LoadIconW

gdi32

SetDCBrushColor
CombineRgn
GetObjectW
GetTextMetricsW
CreatePen
Rectangle
CreateRoundRectRgn
SetTextColor
SetPixel
GetTextExtentExPointW
GetDeviceCaps
CreateCompatibleDC
DeleteDC
DeleteObject
EnumFontFamiliesExW
SelectObject
CreateDIBSection
BitBlt
CreateCompatibleBitmap
GetDIBits
SetBkMode
GetObjectA
CreateSolidBrush
CreateRectRgn
CreateFontIndirectW
SetBkColor
GetPixel
GetTextExtentPointW
CreateEllipticRgn
SelectClipRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

SHGetKnownFolderPath
ShellExecuteW
DragQueryFileW
DragFinish
Shell_NotifyIconW
ShellExecuteExW
DragAcceptFiles

ole32

CreateBindCtx
CoInitialize

api-ms-win-downlevel-shlwapi-l1-1-0

QISearch

gdiplus

GdipGetImageHeight
GdipGetGenericFontFamilySansSerif
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipAddPathLineI
GdipCreateLineBrushI
GdipDrawEllipseI
GdipFillRectanglesI
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipBitmapLockBits
GdipReleaseDC
GdipGetImageEncodersSize
GdipGraphicsClear
GdipFillPolygonI
GdipDrawRectangle
GdipFillEllipse
GdipGetImageEncoders
GdipDrawLines
GdipLoadImageFromFile
GdipCreateStringFormat
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipGetImagePixelFormat
GdipBitmapUnlockBits
GdipDrawImageRectI
GdipGetPropertyItem
GdipAddPathLine2I
GdipCreateBitmapFromStream
GdipCreateBitmapFromGdiDib
GdipGetDC
GdipSetPenStartCap
GdipSetPenEndCap
GdipDrawArcI
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipCreatePath
GdipDeletePath
GdipResetPath
GdipClosePathFigure
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipSetSmoothingMode
GdipFillRectangleI
GdipFillPath
GdiplusStartup
GdiplusShutdown
GdipAddPathString
GdipCreatePen1
GdipDeletePen
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipDrawPath
GdipFillRectangle
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawLineI
GdipDrawImageRectRectI
GdipFillEllipseI
GdipSetPenDashStyle
GdipSetPenDashOffset
GdipDrawLinesI
GdipSetPenDashArray
GdipGetPropertyItemSize
GdipGetImageWidth

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetOpenUrlW
InternetReadFile
InternetCrackUrlW

pdh

PdhGetCounterInfoW
PdhAddEnglishCounterW
PdhCollectQueryData
PdhGetRawCounterArrayW
PdhOpenQueryW
PdhFormatFromRawValue

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsW

mf

MFEnumDeviceSources
MFCreateDeviceSourceActivate

winmm

waveOutUnprepareHeader
waveOutPrepareHeader
waveInGetErrorTextW
waveInGetDevCapsW
waveOutReset
waveOutWrite
waveInOpen
waveInClose
waveInPrepareHeader
waveInAddBuffer
waveOutClose
waveInStop
waveInStart
waveOutOpen
PlaySoundW
waveInUnprepareHeader

processing.ndi.lib.x86

NDIlib_find_create_v2
NDIlib_destroy
NDIlib_initialize
NDIlib_recv_free_audio_v2
NDIlib_recv_free_video_v2
NDIlib_recv_capture_v2
NDIlib_find_wait_for_sources
NDIlib_recv_create_v3
NDIlib_find_destroy
NDIlib_recv_destroy
NDIlib_recv_connect
NDIlib_find_get_current_sources

mfplay

MFPCreateMediaPlayer

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList
QueryDepthSList
InterlockedFlushSList

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CloseThreadpoolWait
CloseThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
SetThreadpoolTimer
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks

comctl32

ord412
InitCommonControlsEx
ord410
ord413

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
CreateFileMappingA
UnregisterWait

api-ms-win-core-kernel32-legacy-l1-1-2

OpenFileMappingA

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueTimer
ChangeTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask
GetProcessAffinityMask

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
GetRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

api-ms-win-core-winrt-string-l1-1-0

WindowsPreallocateStringBuffer
WindowsCreateString
WindowsDeleteStringBuffer
WindowsCreateStringReference
WindowsPromoteStringBuffer
WindowsDeleteString
WindowsGetStringRawBuffer

Exports

Exports

base_get_log_handler
base_set_crash_handler
base_set_log_handler
bcrash
blog
blogva

Sections

.text
Size: 18.8MB - Virtual size: 18.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3790bd88aee7c3a1f111a9c6b010d3a8

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

41:6a:ee:35:74:ee:c0:63:5a:5c:ff:cfCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

73:38:ef:e6:c3:c1:d4:e7:42:48:7c:45:d7:3e:c5:05:06:3e:b2:39Signer

Headers

DLL Characteristics

File Characteristics

Imports

avcodec-58

avformat-58

avutil-56

swresample-3

swscale-5

d3d11

dxgi

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-file-l2-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

rpcrt4

api-ms-win-core-com-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-psapi-l1-1-0

d2d1

api-ms-win-core-file-l2-1-2

api-ms-win-core-synch-l1-2-1

xmllite

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-normalization-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-heap-l2-1-0

oleaut32

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-heap-l1-1-0

dwrite

api-ms-win-core-file-l1-2-0

mfplat

mfreadwrite

ws2_32

api-ms-win-core-kernel32-legacy-l1-1-5

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-mm-time-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-2

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

41:6a:ee:35:74:ee:c0:63:5a:5c:ff:cf
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

73:38:ef:e6:c3:c1:d4:e7:42:48:7c:45:d7:3e:c5:05:06:3e:b2:39
Signer

.text
Size: 18.8MB - Virtual size: 18.8MB

IPPCODE
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 100KB - Virtual size: 286KB

_RDATA
Size: 185KB - Virtual size: 185KB

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

.reloc
Size: 401KB - Virtual size: 401KB