eb1f68751279f513b8a447449b58e34aa8bb7563cc13a8014383c35ee241fe0a

Sharing

Copy URL Twitter E-mail

General

Target

eb1f68751279f513b8a447449b58e34aa8bb7563cc13a8014383c35ee241fe0a
Size

27.5MB
MD5

2ad64031522362dbbc2fee7d5ec08f07
SHA1

4998714664e85d87c56a95f0707bb2c50b36b32f
SHA256

eb1f68751279f513b8a447449b58e34aa8bb7563cc13a8014383c35ee241fe0a
SHA512

3aa2b2d50965e54476aebcd811df94c08b581571856ff74b1be02899baa5be512fe263085afd7aa646eddd9e41bd010aea9c3a5367fa3fa25fad77c14a163b2c
SSDEEP

393216:yn/EtQZaoiJUXpd/zu4DY60KwVvyrkOoEJsv6tWKFdu9CaI:1inF5kU

Score

1^/10

Malware Config

Signatures

Files

eb1f68751279f513b8a447449b58e34aa8bb7563cc13a8014383c35ee241fe0a
.exe windows:6 windows x64 arch:x64

441a98f44c24e7f4b944a47f32814900

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/01/2022, 00:00

Not After

12/01/2025, 23:59

Subject

CN=ADLICE,O=ADLICE,ST=Loire-Atlantique,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c5:f2:f0:64:18:3d:59:cb:df:29:80:60:af:a1:70:21:36:7d:18:03
Signer

Actual PE Digest

c5:f2:f0:64:18:3d:59:cb:df:29:80:60:af:a1:70:21:36:7d:18:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Adlice\UpdateChecker\x64\RelWithDebInfo\UCheck.pdb

Imports

ws2_32

freeaddrinfo
getnameinfo
inet_pton
WSAIoctl
getaddrinfo

winmm

timeKillEvent
timeSetEvent
PlaySoundW

netapi32

NetApiBufferFree
NetShareEnum

kernel32

GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
SwitchToFiber
DeleteFiber
CreateFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FormatMessageA
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
CreateFileMappingA
SwitchToThread
CompareStringEx
SetThreadPriority
GetThreadPriority
GetLocalTime
GetTickCount64
OutputDebugStringW
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetLogicalDrives
SetEndOfFile
SetFileTime
GetFileInformationByHandleEx
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
UnregisterWaitEx
RegisterWaitForSingleObject
GetTimeZoneInformation
OpenThread
CheckRemoteDebuggerPresent
GlobalUnlock
GlobalLock
GlobalSize
lstrcmpW
CreateFileA
GetUserDefaultLangID
InitializeCriticalSection
GetACP
GetConsoleCP
SetStdHandle
GetFullPathNameA
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
SetConsoleCtrlHandler
ExitProcess
InterlockedPushEntrySList
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
EncodePointer
GetStringTypeW
GlobalFree
GlobalAlloc
SetFilePointer
GetVolumePathNamesForVolumeNameW
DefineDosDeviceW
K32GetModuleInformation
Module32NextW
Module32FirstW
CreateRemoteThread
WriteProcessMemory
GetOEMCP
FindFirstFileExA
FindNextFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetPrivateProfileStringW
CreateThread
GetModuleFileNameA
GetVersionExA
ResumeThread
GetCurrentThread
OutputDebugStringA
GetEnvironmentVariableW
RtlCaptureContext
lstrcpyW
lstrcmpA
LockResource
GetFileSize
HeapCreate
VirtualQueryEx
AreFileApisANSI
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
GetFileSizeEx
IsBadWritePtr
IsBadReadPtr
lstrlenW
VirtualFree
VirtualAlloc
GetVolumeNameForVolumeMountPointW
SetFilePointerEx
QueryDosDeviceW
GetVolumePathNameW
GetFileType
GetFileInformationByHandle
GetDiskFreeSpaceW
DeviceIoControl
LocalAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
GetTempPathW
GetTempFileNameW
GetTickCount
CreateMutexW
ReleaseMutex
GetThreadLocale
GetUserGeoID
GetGeoInfoW
GetLocaleInfoW
GetModuleHandleW
CancelIo
GetOverlappedResult
WaitNamedPipeW
CreateNamedPipeW
PeekNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
SetHandleInformation
WriteFile
ReadFile
FlushFileBuffers
WaitForMultipleObjects
CreateEventW
ResetEvent
SetEvent
Thread32Next
Thread32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32GetModuleBaseNameW
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectW
IsValidCodePage
GetModuleHandleA
ReadProcessMemory
GetProcessId
CreateProcessW
TerminateThread
GetExitCodeProcess
TerminateProcess
GetProcessTimes
WaitForSingleObject
SetLastError
DuplicateHandle
GetCurrentProcessId
GetCommandLineW
GetVersionExW
VerSetConditionMask
MoveFileExW
MoveFileW
SetFileAttributesW
RemoveDirectoryW
GetFileTime
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
CopyFileW
DeleteFileW
GetShortPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatW
GetDateFormatW
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
CompareFileTime
OpenProcess
GetCurrentProcess
CloseHandle
GetComputerNameW
LoadLibraryW
FormatMessageW
LocalFree
GetProcAddress
FreeLibrary
GetSystemDirectoryW
GetSystemInfo
GetSystemTimes
Sleep
SetErrorMode
GetLastError
GetCurrentDirectoryW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleWindow
GetLongPathNameW
GetDriveTypeW
GetVolumeInformationW
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
WTSGetActiveConsoleSessionId

user32

SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyCursor
GetWindow
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
DrawMenuBar
CreateMenu
ChangeWindowMessageFilterEx
DestroyIcon
GetDC
ReleaseDC
DrawIconEx
GetIconInfo
GetSystemMenu
EnableMenuItem
GetSystemMetrics
GetSysColor
SystemParametersInfoW
MessageBoxW
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetCursorInfo
EnumDisplayDevicesW
GetClipboardFormatNameW
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
PostMessageW
ShowWindow
GetShellWindow
EnumWindows
RealGetWindowClassW
GetWindowThreadProcessId
UnregisterClassW
CharNextW
GetProcessWindowStation
GetUserObjectInformationW
EndPaint
BeginPaint
SendInput
GetClassNameW
EnumChildWindows
SetForegroundWindow
GetForegroundWindow
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
IsChild
AttachThreadInput
SendMessageW
UpdateLayeredWindowIndirect
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
SetWindowLongPtrW
GetWindowLongPtrW
SendMessageA
FindWindowA
TranslateMessage
DispatchMessageW
PeekMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DestroyWindow
GetWindowTextW

gdi32

CreateDIBSection
BitBlt
CombineRgn
CreateRectRgn
OffsetRgn
SelectClipRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
GetRegionData
GdiFlush
SelectObject
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
SetGraphicsMode

shell32

ord51
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW
SHGetKnownFolderPath
SHGetMalloc
SHCreateItemFromParsingName
ExtractIconExW
SHGetFileInfoW
SHGetStockIconInfo
ord727
SHCreateItemFromIDList
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect

ole32

RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
StringFromCLSID
OleIsCurrentClipboard
DoDragDrop
ReleaseStgMedium
CoLockObjectExternal
CoInitialize
CoSetProxyBlanket
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoGetMalloc

oleaut32

SafeArrayCreate
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
SafeArrayDestroy
SafeArrayGetUBound

advapi32

RegCreateKeyExW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
RegSetKeySecurity
RegGetKeySecurity
GetAce
GetSecurityInfo
StartServiceW
SetServiceObjectSecurity
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
ConvertStringSidToSidW
ConvertSidToStringSidW
LookupAccountNameW
LookupAccountSidW
IsValidSid
InitializeAcl
GetLengthSid
CopySid
GetUserNameW
DuplicateToken
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
EnumDependentServicesW
EnumServicesStatusW
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
MapGenericMask
AccessCheck
RegFlushKey
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
InitializeSecurityDescriptor
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
LookupPrivilegeValueW
SetEntriesInAclW
RegCloseKey
DuplicateTokenEx
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
CreateProcessAsUserW

mpr

WNetGetConnectionW

userenv

CreateEnvironmentBlock
GetUserProfileDirectoryW
GetProfilesDirectoryW
DestroyEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

StrCmpIW
StrDupW
AssocQueryStringW
StrFormatByteSizeW
PathUnExpandEnvStringsW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveBlanksW
PathRemoveBackslashW
PathRemoveArgsW
PathQuoteSpacesW
PathIsNetworkPathW
PathIsRelativeW
PathIsPrefixW
PathIsDirectoryW
PathGetDriveNumberW
PathGetArgsW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCommonPrefixW
PathAppendW
PathAddBackslashW
PathSearchAndQualifyW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

ntdll

NtQueryKey
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPcToFileHeader
NtQuerySystemInformation
NtOpenKey
NtCreateKey
NtSetValueKey
NtDeleteValueKey
NtDeleteKey
RtlInitUnicodeString
NtLoadDriver
NtUnloadDriver

wininet

InternetGetConnectedState

wsock32

shutdown
inet_ntoa
getsockname
getsockopt
ntohs
WSAStartup
WSAAsyncSelect
gethostname
sendto
recvfrom
htonl
select
__WSAFDIsSet
htons
getpeername
socket
setsockopt
listen
connect
closesocket
bind
accept
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

crypt32

CertFreeCertificateContext
CertNameToStrW
CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext

bcrypt

BCryptDeriveKeyPBKDF2
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptGenRandom
BCryptOpenAlgorithmProvider

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmSetWindowAttribute

uxtheme

GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeBackgroundRegion
GetThemeMargins
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName
GetThemeEnumValue
GetThemeInt
GetThemeColor
GetThemePartSize
OpenThemeData
IsThemeBackgroundPartiallyTransparent

imm32

ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey

Sections

.text
Size: 17.2MB - Virtual size: 17.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

441a98f44c24e7f4b944a47f32814900

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7bCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

c5:f2:f0:64:18:3d:59:cb:df:29:80:60:af:a1:70:21:36:7d:18:03Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winmm

netapi32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

mpr

userenv

version

shlwapi

wtsapi32

ntdll

wininet

wsock32

crypt32

wintrust

bcrypt

dwmapi

uxtheme

imm32

Sections

.text Size: 17.2MB - Virtual size: 17.2MB

.rdata Size: 8.5MB - Virtual size: 8.5MB

.data Size: 277KB - Virtual size: 541KB

.pdata Size: 1.0MB - Virtual size: 1.0MB

.tls Size: 512B - Virtual size: 13B

.qtmimed Size: 315KB - Virtual size: 315KB

.qtmetad Size: 2KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 504B

_RDATA Size: 1024B - Virtual size: 544B

.rsrc Size: 75KB - Virtual size: 74KB

.reloc Size: 108KB - Virtual size: 108KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

c5:f2:f0:64:18:3d:59:cb:df:29:80:60:af:a1:70:21:36:7d:18:03
Signer

.text
Size: 17.2MB - Virtual size: 17.2MB

.rdata
Size: 8.5MB - Virtual size: 8.5MB

.data
Size: 277KB - Virtual size: 541KB

.pdata
Size: 1.0MB - Virtual size: 1.0MB

.tls
Size: 512B - Virtual size: 13B

.qtmimed
Size: 315KB - Virtual size: 315KB

.qtmetad
Size: 2KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 504B

_RDATA
Size: 1024B - Virtual size: 544B

.rsrc
Size: 75KB - Virtual size: 74KB

.reloc
Size: 108KB - Virtual size: 108KB