2024-02-25_82597b4c4ee7c78368f820d27bf4660a_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-25_82597b4c4ee7c78368f820d27bf4660a_mafia
Size

1.4MB
MD5

82597b4c4ee7c78368f820d27bf4660a
SHA1

eb2fbdb807933e2471f8850f26798b59ecf03153
SHA256

79d5c1dd87b4370bb4a5ce3675e6122219e63faeae180411033d124a231ae525
SHA512

7791084aa9224c7527a58311373ea191531a2d1cfef23654947984609aeba0bdd1c480d334c68b82275e722075e97a7acdc730fd8d403e607489a3b6ab0d7aca
SSDEEP

24576:X/5aXwfxWpxK1GjGWEd8lzzWtzbmn+8ljqcCnyvTyJ51MU86GJ:nfJ1G1EGzKVbm+8l5Cnyvur+hJ

Score

1^/10

Malware Config

Signatures

Files

2024-02-25_82597b4c4ee7c78368f820d27bf4660a_mafia
.exe windows:5 windows x86 arch:x86

580414b121539dafcae7dccd6eb62938

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:47:16:b6:73:13:b3:03:5e:03:d1:e7:8d:30:88:63
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/04/2012, 00:00

Not After

13/04/2015, 23:59

Subject

CN=Krzysztof Kowalczyk,O=Krzysztof Kowalczyk,POSTALCODE=94110,STREET=\#202+STREET=3388 17th St,L=San Francisco,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a3:f3:e0:b1:f2:fc:9b:2d:0d:a8:e3:ab:54:c7:b7:a4:c5:a6:de:6b
Signer

Actual PE Digest

a3:f3:e0:b1:f2:fc:9b:2d:0d:a8:e3:ab:54:c7:b7:a4:c5:a6:de:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\src\sumatrapdf_buildbot\obj-rel\SumatraPDF-no-MuPDF.pdb

Imports

libmupdf

fz_drop_stroke_state
fz_new_device
fz_begin_page
fz_xml_tag
pdf_new_dict
fz_xml_next
fz_tell
fz_transform_point
fz_xml_down
fz_intersect_rect
fz_lineto
pdf_to_str_buf
fz_run_display_list
xps_free_part
pdf_dict_len
pdf_array_len
fz_calloc
fz_round_rect
pdf_resolve_indirect
fz_enable_device_hints
xps_close_document
fz_new_buffer
pdf_dict_get_val
pdf_to_ucs2_buf
fz_matrix_expansion
fz_free_text_sheet
fz_transform_rect
fz_free_device
fz_free_link_dest
pdf_to_name
pdf_open_document_with_stream
pdf_array_push_drop
fz_rethrow
fz_moveto
fz_pre_scale
fz_begin_group
xps_resolve_url
pdf_create_object
pdf_array_get
fz_new_pixmap_from_image
pdf_dict_puts_drop
pdf_update_stream
pdf_to_str_len
fz_strdup
xps_run_page
pdf_write_document
pdf_load_outline
fz_xml_att
pdf_new_string
pdf_is_array
pdf_lookup_dest
fz_new_stream
pdf_dict_get_key
pdf_parse_link_dest
fz_text_char_bbox
fz_new_text_sheet
xps_lookup_link_target_obj
fz_parse_xml
pdf_load_page_by_obj
fz_rotate
fz_pixmap_bbox
pdf_copy_dict
pdf_lookup_inherited_page_item
pdf_dict_dels
pdf_dict_getp
pdf_is_real
pdf_has_permission
pdf_load_stream
fz_atof
pdf_to_gen
pdf_new_obj_from_str
pdf_new_bool
pdf_crypt_key
fz_new_draw_device
pdf_crypt_revision
pdf_count_pages
fz_open_file_w
xps_load_outline
pdf_is_name
xps_bound_page
fz_clear_pixmap_with_value
fz_open_buffer
pdf_authenticate_password
pdf_array_push
xps_open_document_with_stream
fz_new_bbox_device
pdf_trailer
fz_free_path
fz_new_stroke_state_with_dash_len
pdf_to_real
pdf_js_supported
fz_free
pdf_is_stream
xps_count_pages
fz_new_display_list
pdf_load_name_tree
pdf_to_rect
pdf_to_num
pdf_file_spec_to_str
pdf_to_bool
pdf_free_page
fz_stroke_path
fz_fill_path
pdf_needs_password
fz_seek
pdf_run_page_with_usage
fz_rect_from_irect
fz_closepath
fz_end_group
pdf_is_int
fz_end_page
fz_drop_buffer
fz_new_text_page
fz_xml_text
pdf_get_xref_entry
pdf_bound_page
fz_clone_stream
fz_new_gdiplus_device
pdf_new_matrix
fz_new_stroke_state
xps_load_page
fz_drop_display_list
pdf_crypt_version
fz_new_link
fz_free_outline
pdf_new_indirect
pdf_create_page
fz_malloc
fz_fill_image
fz_new_image
pdf_insert_page
deflateInit_
fz_free_compressed_buffer
fz_drop_image
pdf_create_document
pdf_page_write
ddjvu_anno_get_hyperlinks
miniexp_cddr
ddjvu_free
ddjvu_message_pop
miniexp_caddr
ddjvu_document_get_filenum
ddjvu_document_get_pageinfo_imp
miniexp_stringp
ddjvu_page_create_by_pageno
ddjvu_format_create
ddjvu_format_set_row_order
ddjvu_document_get_pagetext
ddjvu_message_peek
ddjvu_document_job
ddjvu_job_status
gzerror
gztell
gzclose
gzopen
gzseek
fz_redirect_io_to_console
fz_md5_final
fz_md5_init
pdf_is_indirect
pdf_is_dict
pdf_unmark_obj
xps_read_part
fz_free_text_page
fz_xml_is_tag
fz_translate
pdf_install_load_system_font_funcs
pdf_update_object
pdf_dict_getsa
pdf_mark_obj
pdf_dict_put
fz_free_xml
pdf_xref_len
miniexp_cadr
ddjvu_job_release
miniexp_symbol
ddjvu_document_create_by_filename_utf8
minilisp_finish
ddjvu_context_create
ddjvu_page_render
ddjvu_context_release
ddjvu_page_set_rotation
ddjvu_miniexp_release
ddjvu_document_get_pageanno
ddjvu_document_get_pagenum
miniexp_to_str
ddjvu_page_get_type
ddjvu_format_release
ddjvu_document_get_fileinfo_imp
ddjvu_page_job
fz_md5_update
fz_invert_matrix
pdf_new_ref
pdf_new_array
fz_new_text_device
pdf_close_document
pdf_cache_object
fz_new_list_device
pdf_new_int
fz_new_path
fz_pre_translate
pdf_drop_obj
fz_concat
fz_read_all
fz_warn_imp
pdf_keep_obj
fz_new_pixmap_with_bbox
pdf_to_int
pdf_lex
pdf_run_page
ddjvu_stream_close
ddjvu_document_get_outline
ddjvu_document_create_by_data
pdf_dict_gets
ar_open_tar_archive
ar_open_rar_archive
ar_at_eof
ar_open_7z_archive
gzopen_w
fz_drop_colorspace
fz_open_dctd
fz_device_cmyk
fz_var_imp
fz_load_jpeg_info
fz_close
fz_device_rgb
fz_new_context_imp
fz_new_pixmap_with_data
fz_device_bgr
fz_free_context
fz_read
fz_throw_imp
fz_open_memory
fz_convert_pixmap
fz_device_gray
fz_load_jpx
fz_push_try
fz_drop_pixmap
WebPGetInfo
WebPDecodeBGRAInto
ar_parse_entry
deflateInit2_
ar_parse_entry_at
deflate
ar_entry_uncompress
ar_close_archive
ar_open_zip_archive
ar_entry_get_size
ar_open_istream
ar_open_file_w
deflateEnd
ar_close
ar_entry_get_name
ar_get_global_comment
ar_entry_get_offset
LzmaDecode
x86_Convert
crc32
gzread

advapi32

RegEnumKeyW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RegCloseKey
RegOpenKeyExW
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW

kernel32

ResetEvent
QueueUserAPC
WaitForMultipleObjectsEx
ReadDirectoryChangesW
CompareFileTime
RaiseException
GetFileInformationByHandle
DeleteFileW
GetShortPathNameW
GetFileAttributesExW
GetFileTime
CancelIo
WideCharToMultiByte
MultiByteToWideChar
GetThreadContext
VirtualQuery
GetCurrentThread
Thread32First
Thread32Next
OpenThread
GetModuleFileNameA
GetModuleHandleA
SuspendThread
ResumeThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetEnvironmentVariableW
GetExitCodeProcess
TryEnterCriticalSection
GetACP
SetFilePointer
EncodePointer
DecodePointer
MoveFileA
FileTimeToSystemTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetConsoleCtrlHandler
FindFirstFileExW
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetFileAttributesA
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
RtlUnwind
SetHandleCount
LCMapStringW
GetLongPathNameW
GetFileSizeEx
GetPrivateProfileIntW
GetTempPathW
WritePrivateProfileStringW
CreateFileW
ReadFile
GetVolumePathNameW
WriteFile
CreateDirectoryW
GetDriveTypeW
GetTempFileNameW
lstrcpyW
GetConsoleScreenBufferInfo
GetStdHandle
VerifyVersionInfoW
GetModuleFileNameW
LoadLibraryW
FormatMessageA
SetConsoleScreenBufferSize
VerSetConditionMask
CreateProcessW
AllocConsole
GetUserDefaultUILanguage
MulDiv
GetLogicalDrives
InterlockedDecrement
InterlockedIncrement
Module32NextW
OutputDebugStringA
GetCurrentThreadId
CreateToolhelp32Snapshot
GetSystemInfo
Module32FirstW
GlobalMemoryStatusEx
GetEnvironmentVariableA
TerminateProcess
HeapCreate
HeapDestroy
GetVersionExW
HeapFree
GetCurrentProcess
SetUnhandledExceptionFilter
HeapAlloc
GetLocaleInfoA
HeapReAlloc
LockResource
SizeofResource
LoadResource
FindResourceW
GetSystemTime
QueryPerformanceFrequency
SetThreadExecutionState
QueryPerformanceCounter
SystemTimeToFileTime
CreateEventW
GetTickCount
SetEvent
GetTimeFormatW
GetLocaleInfoW
GetDateFormatW
GetProcAddress
FindNextFileW
FindClose
FindFirstFileW
GlobalAddAtomW
GlobalDeleteAtom
GetWindowsDirectoryW
GetSystemDirectoryW
CreateThread
DeleteCriticalSection
GlobalFree
EnterCriticalSection
GlobalUnlock
LeaveCriticalSection
GlobalAlloc
InitializeCriticalSection
WaitForSingleObject
GlobalLock
SetFileAttributesW
LocalFree
GetCurrentProcessId
CloseHandle
CreateFileMappingW
GetLastError
GetFileAttributesW
FormatMessageW
CopyFileW
Sleep
GetSystemTimeAsFileTime
GetModuleHandleW
MoveFileExW
SetErrorMode
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
ExitProcess
GetFullPathNameW
PeekNamedPipe
CreateFileA
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateProcessA
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
WriteConsoleW
CompareStringW
SetEnvironmentVariableA

user32

ShowWindowAsync
GetWindowTextLengthW
GetMessagePos
RedrawWindow
DrawFrameControl
ReleaseCapture
SetMenuDefaultItem
GetMenuItemCount
ReleaseDC
OffsetRect
GetMenuItemInfoW
DrawEdge
InvalidateRgn
TrackMouseEvent
FillRect
GetWindowDC
GetSystemMenu
OpenClipboard
EmptyClipboard
GetCapture
CloseClipboard
BeginPaint
DrawTextW
SetActiveWindow
EndPaint
ValidateRect
GetUpdateRect
GetWindow
EnableWindow
SetDlgItemTextW
CheckRadioButton
IsDlgButtonChecked
CheckDlgButton
SendDlgItemMessageW
ReuseDDElParam
GetDlgItem
DialogBoxParamW
DialogBoxIndirectParamW
wsprintfA
GetCursor
GetScrollInfo
SetCursor
GetDC
IsCharAlphaNumericW
MonitorFromRect
DdeFreeDataHandle
GetMonitorInfoW
DdeDisconnect
SetMenuItemInfoW
SetClipboardData
DdeConnect
DdeClientTransaction
AdjustWindowRectEx
GetCursorPos
GetDesktopWindow
MonitorFromWindow
DdeUninitialize
DdeFreeStringHandle
GetWindowInfo
DdeCreateStringHandleW
EnumDisplayMonitors
DdeInitializeW
ClientToScreen
SetLayeredWindowAttributes
GetPropW
SetPropW
RemovePropW
SetForegroundWindow
MessageBeep
IsWindowUnicode
UnpackDDElParam
HideCaret
LoadImageW
CopyImage
ShowCaret
SetClassLongW
CallWindowProcW
PostMessageW
SystemParametersInfoW
TrackPopupMenu
GetMenuItemID
CreateMenu
ModifyMenuW
GetMenu
CheckMenuRadioItem
AppendMenuW
EnableMenuItem
CreatePopupMenu
RemoveMenu
InsertMenuW
MapWindowPoints
CheckMenuItem
DestroyWindow
TranslateAcceleratorW
MapVirtualKeyW
SetTimer
ScreenToClient
GetWindowRect
EndDialog
GetMessageW
SetCapture
DispatchMessageW
MoveWindow
GetWindowThreadProcessId
DefWindowProcW
GetScrollPos
SetScrollInfo
EndDeferWindowPos
DestroyMenu
UpdateWindow
SendMessageW
AllowSetForegroundWindow
IsWindowVisible
GetSystemMetrics
BeginDeferWindowPos
MessageBoxW
DeferWindowPos
CreateWindowExW
ShowScrollBar
FindWindowExW
IsWindow
LoadBitmapW
SetMenu
ShowWindow
SetWindowPos
GetSysColor
SetWindowLongW
GetAncestor
GetWindowLongW
InvalidateRect
LoadIconW
RegisterClassExW
GetForegroundWindow
LoadAcceleratorsW
TranslateMessage
CharLowerW
IsCharUpperW
SetFocus
GetClientRect
FindWindowW
SetParent
LoadCursorW
GetParent
GetFocus
GetKeyState
IsZoomed
KillTimer
IsIconic
PostQuitMessage

gdi32

SetTextColor
CreateSolidBrush
ExtSelectClipRgn
GetClipBox
CreateRectRgn
ExcludeClipRect
SetViewportOrgEx
BitBlt
GetObjectA
IntersectClipRect
StretchBlt
CreatePen
Rectangle
SetBkColor
CreateFontIndirectW
TextOutW
RoundRect
CreateRoundRectRgn
SetBkMode
GetTextExtentPoint32W
SetLayout
GetObjectW
GetDIBColorTable
SetDIBits
CreateCompatibleBitmap
SetDIBColorTable
GetDIBits
CreateDIBSection
LineTo
SetGraphicsMode
MoveToEx
ExtTextOutW
SetROP2
CreatePatternBrush
CreateBitmap
SetBrushOrgEx
PatBlt
EndPage
StartPage
DeleteDC
SelectClipRgn
GetDeviceCaps
CreateDCW
SelectObject
CreateCompatibleDC
SetMapMode
SetStretchBltMode
StartDocW
EndDoc
AbortDoc
DeleteObject
GetStockObject
SetWorldTransform

comdlg32

PrintDlgExW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

shell32

SHBindToParent
SHGetFolderPathW
ShellExecuteExW
SHGetDesktopFolder
DragFinish
DragQueryFileW
SHChangeNotify
DragAcceptFiles
SHGetFileInfoW
SHAddToRecentDocs

gdiplus

GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipSetImageAttributesWrapMode
GdipSetPenDashOffset
GdipInvertMatrix
GdipTransformMatrixPoints
GdipGetFamily
GdipSetWorldTransform
GdipSetPenDashArray
GdipGetFamilyName
GdipDrawLine
GdipDrawRectangle
GdipDrawImageRectRect
GdipGetImageHorizontalResolution
GdipAddPathLine
GdipDrawRectangleI
GdipCreateBitmapFromGraphics
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDeleteFontFamily
GdipCreateLineBrushFromRect
GdipDeleteMatrix
GdipFillRectangle
GdipClonePath
GdipTransformPath
GdipSetPenMiterLimit
GdipGetPathWorldBoundsI
GdipSetPenMode
GdipCreateMatrix
GdipCreateStringFormat
GdipGetFontHeight
GdipDrawImageI
GdipCreateBitmapFromGdiDib
GdipSetPropertyItem
GdipReleaseDC
GdipGetDC
GdipGetLogFontW
GdipBitmapLockBits
GdipStringFormatGetGenericTypographic
GdipGetImageEncoders
GdipMeasureCharacterRanges
GdipRotateMatrix
GdipSetStringFormatMeasurableCharacterRanges
GdipGetImageEncodersSize
GdipTranslateMatrix
GdipBitmapUnlockBits
GdipGetRegionBounds
GdipBitmapSetResolution
GdipCreateBitmapFromStream
GdipMeasureString
GdipGetStringFormatFlags
GdipScaleMatrix
GdipCloneBitmapAreaI
GdipFillEllipseI
GdipCreateRegion
GdipSetClipRectI
GdipGetClip
GdipSetClipRegion
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDrawImageRectRectI
GdipCreateFontFromDC
GdipCreateFromHWND
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipGetPathData
GdipSetCompositingQuality
GdipSetSolidFillColor
GdipTranslateWorldTransform
GdipSetCompositingMode
GdipCloneStringFormat
GdipDrawString
GdipTransformPointsI
GdipDeleteRegion
GdipSetPageUnit
GdipResetWorldTransform
GdipCreateRegionPath
GdipSetPenWidth
GdipSetPenColor
GdipDeletePathIter
GdipPathIterNextMarkerPath
GdipAddPathArcI
GdipCreatePathIter
GdipAddPathLineI
GdipClosePathFigure
GdipSetSmoothingMode
GdipAddPathEllipseI
GdipDeleteFont
GdipSetTextRenderingHint
GdipSetPathMarker
GdipIsVisiblePathPointI
GdipStartPathFigure
GdipSetStringFormatLineAlign
GdipStringFormatGetGenericDefault
GdipCreatePath2
GdipGetRegionHRgn
GdipPathIterRewind
GdipCreateFontFromLogfontA
GdipIsVisibleRectI
GdipGetPointCount
GdipSetStringFormatFlags
GdipCreatePath
GdipFillPath
GdipDeletePath
GdipDrawPath
GdipWindingModeOutline
GdipAddPathRectangleI
GdipCreatePen1
GdipDrawLineI
GdipFillRectangleI
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteGraphics
GdipCloneBrush
GdipDeletePen
GdipDeleteBrush
GdipGetImageWidth
GdipCloneImage
GdipSaveImageToFile
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipAlloc
GdipGetImageHeight
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCreatePen2

ole32

CoCreateInstance
ReleaseStgMedium
CoGetMalloc
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemAlloc
OleInitialize

comctl32

ImageList_AddMasked
ImageList_Create
CreatePropertySheetPageW
ImageList_Draw
ImageList_GetIconSize
InitCommonControlsEx
ord413
ord410
ord412
ImageList_Destroy

msimg32

GradientFill

winspool.drv

ord203
OpenPrinterW
DocumentPropertiesW
GetPrinterW
ClosePrinter
DeviceCapabilitiesW

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
InternetConnectW
InternetReadFile
InternetOpenUrlW
InternetOpenW

urlmon

CoInternetGetSession

oleaut32

SysAllocString
SafeArrayPutElement
VariantInit
VariantClear
SysFreeString
SafeArrayCreateVector

shlwapi

SHDeleteValueW
ord219
PathIsRelativeW
StrStrW
StrRStrIW
StrStrIW
SHGetValueW
SHDeleteKeyW
PathAppendW
SHSetValueW
PathIsNetworkPathW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 804KB - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

580414b121539dafcae7dccd6eb62938

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

c5:47:16:b6:73:13:b3:03:5e:03:d1:e7:8d:30:88:63Certificate

Extended Key Usages

Key Usages

a3:f3:e0:b1:f2:fc:9b:2d:0d:a8:e3:ab:54:c7:b7:a4:c5:a6:de:6bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libmupdf

advapi32

kernel32

user32

gdi32

comdlg32

shell32

gdiplus

ole32

comctl32

msimg32

winspool.drv

wininet

urlmon

oleaut32

shlwapi

version

Sections

.text Size: 804KB - Virtual size: 804KB

.rdata Size: 468KB - Virtual size: 468KB

.data Size: 11KB - Virtual size: 25KB

.rsrc Size: 140KB - Virtual size: 139KB

.reloc Size: 42KB - Virtual size: 42KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

c5:47:16:b6:73:13:b3:03:5e:03:d1:e7:8d:30:88:63
Certificate

a3:f3:e0:b1:f2:fc:9b:2d:0d:a8:e3:ab:54:c7:b7:a4:c5:a6:de:6b
Signer

.text
Size: 804KB - Virtual size: 804KB

.rdata
Size: 468KB - Virtual size: 468KB

.data
Size: 11KB - Virtual size: 25KB

.rsrc
Size: 140KB - Virtual size: 139KB

.reloc
Size: 42KB - Virtual size: 42KB