lghub_system_tray[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

lghub_system_tray.exe
Size

43.9MB
MD5

762153003d8e91dcb46c86687c1a231a
SHA1

9197c2e9667886ea297330f11134098a7285c32b
SHA256

48a104f2e3804e93371c0a02e26ed8e0ebb22bb5526551172cede47a70b9df91
SHA512

010baabb3ec3ec43430205851bffda17eef46d492a3a77d1357d0b660d692c5c9a3d171c890609375f11a1c4e0f2f61a39d80d423ad7ae978250d8c274b2b0b3
SSDEEP

49152:ajd42Imvw8QeKmP0blqai/VOxcKy2/z3KdhQsjoEuA4MhlQAcMQk9p4uS51cHr1N:hlJvlhGd6NM/AuS3YB65Z4SN1IzmI

Score

1^/10

Malware Config

Signatures

Files

lghub_system_tray.exe
.exe windows:6 windows x64 arch:x64

8d565668e9c42738ac26a705dbe47644

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02-11-2023 08:32

Not After

30-10-2034 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:60:c5:35:4d:86:1d:ed:2f:31:76:45:dc:3f:ab:ca
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2021 00:00

Not After

12-09-2024 23:59

Subject

CN=Logitech Inc,O=Logitech Inc,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:79:db:3b:8f:55:0e:f1:f5:6e:9a:52:0f:73:42:89:72:3f:fc:21:b3:22:72:2e:df:27:24:8e:c9:dc:50:ee
Signer

Actual PE Digest

5b:79:db:3b:8f:55:0e:f1:f5:6e:9a:52:0f:73:42:89:72:3f:fc:21:b3:22:72:2e:df:27:24:8e:c9:dc:50:ee

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\builds\kragle\lego\build\x64\logi\system_tray\win\Release\lghub_system_tray.pdb

Imports

kernel32

CreateDirectoryW
GetFileAttributesW
GetCurrentThreadId
GetDynamicTimeZoneInformation
WideCharToMultiByte
GetStdHandle
WriteFile
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateDirectoryA
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
GetTempPathA
GetProcessTimes
EnterCriticalSection
LeaveCriticalSection
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
LoadLibraryA
DeleteCriticalSection
GetModuleHandleA
CreateFileW
GetFileType
SetUnhandledExceptionFilter
SleepEx
CreateProcessW
FormatMessageA
SetLastError
GetSystemTimeAsFileTime
FormatMessageW
InitializeCriticalSectionAndSpinCount
SetThreadPriority
GetCurrentThread
TerminateProcess
GetCurrentProcess
Sleep
GetProcessHeap
HeapFree
HeapAlloc
GetTempPathW
VerSetConditionMask
GetModuleFileNameW
GetModuleFileNameA
OutputDebugStringA
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
SetEvent
CloseHandle
FreeLibrary
LoadLibraryExW
GetLastError
DebugBreak
LoadLibraryW
GetProcAddress
GetCurrentProcessId
LocalFree
GetCommandLineW
GetModuleHandleW
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitOnceComplete
InterlockedPushEntrySList
InterlockedFlushSList
InitOnceBeginInitialize
OpenEventA
CreateEventA
MultiByteToWideChar
VerifyVersionInfoW
CreatePipe
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
SetHandleInformation
TlsFree
TlsSetValue
GetLocaleInfoEx
TlsGetValue
TlsAlloc
TerminateThread
QueueUserAPC
CreateWaitableTimerW
SetWaitableTimer
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
DisableThreadLibraryCalls
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
WaitForSingleObjectEx
ResetEvent
GetFileInformationByHandleEx
GetFileAttributesExW
AreFileApisANSI

advapi32

CryptEnumProvidersW
SetSecurityDescriptorDacl
GetUserNameW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptEnumProvidersA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
RegCloseKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetDC
LoadImageW
SetProcessDPIAware
ShowWindow
BringWindowToTop
SetForegroundWindow
SetActiveWindow
SetFocus
ReleaseDC
GetClientRect
GetSystemMetrics
MonitorFromWindow
GetWindowThreadProcessId
FindWindowW
GetWindowRect
GetWindowLongW
SetWindowLongW
GetDesktopWindow
GetForegroundWindow
DestroyIcon
RegisterWindowMessageW

ws2_32

WSAStartup
WSASetLastError
WSAGetLastError
WSAIoctl
WSARecv
WSASend
WSASocketW
htons
accept
freeaddrinfo
recv
listen
send
__WSAFDIsSet
shutdown
closesocket
connect
ioctlsocket
ntohl
getpeername
getsockname
getsockopt
getaddrinfo
htonl
ntohs
select
WSAAddressToStringW
setsockopt
WSACleanup
bind

gdi32

GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SelectObject

shell32

Shell_NotifyIconW
CommandLineToArgvW
SHGetKnownFolderPath

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoInitializeEx

coremessaging

CreateDispatcherQueueController

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
realloc
malloc
free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
strerror
_crt_atexit
_seh_filter_dll
signal
_configure_narrow_argv
_invalid_parameter_noinfo
_register_thread_local_exe_atexit_callback
_c_exit
_invalid_parameter_noinfo_noreturn
_errno
_initterm_e
_exit
_get_wide_winmain_command_line
_seh_filter_exe
_execute_onexit_table
abort
_set_app_type
_initialize_narrow_environment
_initialize_onexit_table
exit
_initialize_wide_environment
terminate
_beginthreadex
_register_onexit_function
strerror_s
_configure_wide_argv
raise

api-ms-win-crt-string-l1-1-0

strcmp
tolower
strcat_s
isalnum
_strnicmp
strcspn
strspn
isspace
isdigit
strncpy
iswspace
strncmp
wcsncpy_s
_stricmp

api-ms-win-crt-math-l1-1-0

ceilf
_dclass
__setusermatherr
_fdsign
_dsign
_fdclass
_ldclass
roundf
_ldsign

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtoll
strtoull
strtod
strtol

api-ms-win-crt-stdio-l1-1-0

_fsopen
__stdio_common_vsnprintf_s
_filelengthi64
feof
ferror
fopen
__stdio_common_vfprintf
__stdio_common_vswprintf
_fileno
__acrt_iob_func
_wfopen
_set_fmode
_setmode
_wfopen_s
fwrite
ftell
fseek
fread
fflush
fclose
__stdio_common_vsscanf
fputs
__p__commode
fgets
__stdio_common_vsprintf
_wfsopen

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
_localtime64
strftime
_localtime64_s
_gmtime64_s

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_wrename
_wmkdir
_wremove

api-ms-win-crt-environment-l1-1-0

getenv

msvcp140

?toupper@?$ctype@D@std@@QEBADD@Z
?eof@ios_base@std@@QEBA_NXZ
?fail@ios_base@std@@QEBA_NXZ
?bad@ios_base@std@@QEBA_NXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Mtx_current_owns
_Cnd_init_in_situ
_Cnd_wait
_Cnd_timedwait
_Cnd_broadcast
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Thrd_detach
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
?id@?$numpunct@_W@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
_Cnd_signal
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_join
_Thrd_sleep
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
_Strcoll
_Strxfrm
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?classic@locale@std@@SAAEBV12@XZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z

comctl32

ord412
ord413
ord410

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

vcruntime140

wcsrchr
__std_terminate
memcpy
memmove
memcmp
_CxxThrowException
__std_exception_destroy
__std_exception_copy
_purecall
memset
memchr
__std_type_info_compare
strrchr
strstr
__C_specific_handler
wcsstr
__current_exception
__current_exception_context
strchr
__std_type_info_destroy_list

vcruntime140_1

__CxxFrameHandler4

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW

api-ms-win-core-fibers-l2-1-0

DeleteFiber
ConvertFiberToThread

crypt32

CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore

bcrypt

BCryptGenRandom

api-ms-win-core-console-l1-1-0

ReadConsoleW
ReadConsoleA
SetConsoleMode

api-ms-win-crt-utility-l1-1-0

qsort

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
SysStringLen
SetErrorInfo

Exports

Exports

DllGetActivationFactory
VSDesignerCanUnloadNow
VSDesignerDllMain

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37.8MB - Virtual size: 37.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 420KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 494KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d565668e9c42738ac26a705dbe47644

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

01:60:c5:35:4d:86:1d:ed:2f:31:76:45:dc:3f:ab:caCertificate

Extended Key Usages

Key Usages

5b:79:db:3b:8f:55:0e:f1:f5:6e:9a:52:0f:73:42:89:72:3f:fc:21:b3:22:72:2e:df:27:24:8e:c9:dc:50:eeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

ws2_32

gdi32

shell32

ole32

coremessaging

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

msvcp140

comctl32

api-ms-win-shcore-scaling-l1-1-1

vcruntime140

vcruntime140_1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-fibers-l2-1-0

crypt32

bcrypt

api-ms-win-core-console-l1-1-0

api-ms-win-crt-utility-l1-1-0

oleaut32

Exports

Exports

Sections

.text Size: 4.8MB - Virtual size: 4.8MB

.rdata Size: 37.8MB - Virtual size: 37.8MB

.data Size: 420KB - Virtual size: 490KB

.pdata Size: 308KB - Virtual size: 307KB

CPADinfo Size: 512B - Virtual size: 56B

.rsrc Size: 494KB - Virtual size: 494KB

.reloc Size: 81KB - Virtual size: 81KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

01:60:c5:35:4d:86:1d:ed:2f:31:76:45:dc:3f:ab:ca
Certificate

5b:79:db:3b:8f:55:0e:f1:f5:6e:9a:52:0f:73:42:89:72:3f:fc:21:b3:22:72:2e:df:27:24:8e:c9:dc:50:ee
Signer

.text
Size: 4.8MB - Virtual size: 4.8MB

.rdata
Size: 37.8MB - Virtual size: 37.8MB

.data
Size: 420KB - Virtual size: 490KB

.pdata
Size: 308KB - Virtual size: 307KB

CPADinfo
Size: 512B - Virtual size: 56B

.rsrc
Size: 494KB - Virtual size: 494KB

.reloc
Size: 81KB - Virtual size: 81KB