blankgrabber | plague_1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

plague_1.zip
Size

9.4MB
MD5

c84faeb2206174ccf58b9b01dace6b1a
SHA1

7478c806e5d03cc263da40044f6fd3958ee8b172
SHA256

dbe1dc3ea5abe1bff1fe5466e82c11d4160245fd34b1ffbb11b66417144ac5f1
SHA512

794a73870a3ed7e181cae38e67c8eaae2588983b76b19a0f4f7cf09f02e649cebddd6fa4d9cbb449a437eeee8b76dc42942633fcb755017c2307b63b37d78e77
SSDEEP

196608:SkVPKcoAHUdmFPy7tnvFsIWytddwplRW5aMrwR6bjNmuf9q6m:3dR1ImF67VvJzEplkQMcR6bjN91q6m

Score

10^/10

blankgrabber

Malware Config

Signatures

A stealer written in Python and packaged with Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack002/��&Vr.pyc	blankgrabber

Blankgrabber family
blankgrabber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/plague_loader/AutoHotkey.exe

Files

plague_1.zip
.zip
plague_loader/AutoHotkey.exe
.exe windows:5 windows x64 arch:x64

75c4575d393c87d632a926665a508a79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

gethostbyname
ioctlsocket
connect
WSAGetLastError
WSACleanup
shutdown
gethostname
htons
getservbyname
htonl
inet_addr
ntohs
getservbyport
gethostbyaddr
inet_ntoa
WSAAsyncSelect
recv
socket
closesocket
WSASetLastError
send
WSAStartup

winmm

joyGetDevCapsW
waveOutSetVolume
waveOutGetVolume
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetLineControlsW
mixerClose
mixerGetLineInfoW
mixerGetDevCapsW
mixerOpen
mciSendStringW
joyGetPosEx

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comctl32

ImageList_GetIconSize
ImageList_Create
CreateStatusWindowW
ImageList_AddMasked
ImageList_Destroy
ImageList_ReplaceIcon

shlwapi

HashData

crypt32

CryptBinaryToStringA

psapi

GetModuleFileNameExW
GetModuleBaseNameW
GetProcessImageFileNameW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
InternetOpenW

kernel32

VirtualProtect
InitializeCriticalSection
SetErrorMode
LoadLibraryW
GetProcAddress
AddVectoredExceptionHandler
GlobalLock
GlobalUnlock
WideCharToMultiByte
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
GetCurrentThreadId
GetEnvironmentVariableW
SuspendThread
ResumeThread
EnterCriticalSection
LeaveCriticalSection
OpenThread
lstrcmpiW
GetStringTypeExW
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexW
GetLastError
GetModuleHandleW
MultiByteToWideChar
SystemTimeToFileTime
SetFilePointerEx
ReadFile
SetFilePointer
GlobalSize
lstrcpyA
lstrlenA
lstrcmpiA
lstrcmpA
LocalFileTimeToFileTime
CreateDirectoryA
CreateDirectoryW
IsBadReadPtr
CreateFileW
CreateFileA
WriteFile
SetFileTime
DuplicateHandle
LoadResource
LockResource
GetProcessTimes
GetCurrentDirectoryA
GetLocalTime
FileTimeToDosDateTime
GetFileInformationByHandle
GetFileSize
lstrlenW
FindFirstFileW
FindNextFileW
FindClose
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
SetLastError
FlushInstructionCache
RtlAddFunctionTable
GetTempPathA
HeapAlloc
HeapReAlloc
VirtualAlloc
VirtualFree
GetProcessHeap
HeapCreate
HeapFree
HeapDestroy
GetCommandLineW
WaitForSingleObject
GetThreadLocale
VirtualQuery
GetSystemInfo
GetVersionExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
GetFileAttributesW
OpenProcess
GetCurrentProcessId
GetFullPathNameW
LocalFree
GetShortPathNameW
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
TerminateProcess
SetPriorityClass
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceExW
SetVolumeLabelW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceW
GetCurrentDirectoryW
DeleteFileW
CopyFileW
SetFileAttributesW
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetSystemWindowsDirectoryW
GetTempPathW
TryEnterCriticalSection
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
HeapWalk
HeapSize
SetEndOfFile
GetACP
GetFileType
GetStdHandle
FileTimeToSystemTime
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
RemoveVectoredExceptionHandler
ExitProcess
ExitThread
GetCurrentProcess
CheckRemoteDebuggerPresent
GetCurrentThread
GlobalFree
_lclose
_lopen
_lread
GetModuleFileNameA
GlobalAlloc
GetModuleHandleA
FindResourceW
GetCPInfo
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
GetSystemTimeAsFileTime
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
SizeofResource
RtlCaptureContext

user32

UnregisterClassW
DestroyAcceleratorTable
LoadCursorW
RegisterClassExW
CreateWindowExW
LoadAcceleratorsW
SetClipboardViewer
ChangeClipboardChain
LoadImageW
CharLowerA
CheckMenuItem
GetMenu
BlockInput
IsWindowVisible
SetWindowTextW
GetIconInfo
SetRect
DrawTextW
AdjustWindowRectEx
SystemParametersInfoW
GetClientRect
GetWindowRect
MoveWindow
EnumChildWindows
SetActiveWindow
SetFocus
SetWindowRgn
SetWindowPos
SetLayeredWindowAttributes
InvalidateRect
EnableWindow
GetWindowTextLengthW
EnumWindows
IsZoomed
IsIconic
EnumDisplayMonitors
RegisterWindowMessageW
GetSysColor
GetSysColorBrush
DrawIconEx
FillRect
DefWindowProcW
SetForegroundWindow
DialogBoxParamW
SendDlgItemMessageW
GetDlgItem
SetDlgItemTextW
MessageBeep
ClientToScreen
GetCursorInfo
GetLastInputInfo
GetSystemMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetScrollInfo
ScrollWindow
SetMenu
FlashWindow
GetPropW
SetPropW
RemovePropW
MapWindowPoints
RedrawWindow
SetParent
SetWindowLongPtrW
GetClassInfoExW
DefDlgProcW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongPtrW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
GetWindowLongPtrW
CreateAcceleratorTableW
InsertMenuItemW
SetMenuDefaultItem
DestroyWindow
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
GetDesktopWindow
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetTopWindow
GetQueueStatus
MapVirtualKeyW
VkKeyScanExW
MapVirtualKeyExW
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
MessageBoxW
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
WindowFromPoint
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetScrollInfo
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
DestroyIcon
IsCharAlphaW
RemoveMenu
GetClassNameW
GetMonitorInfoW

gdi32

GetClipBox
GetPixel
BitBlt
CreateCompatibleBitmap
GetCharABCWidthsW
SetBkMode
SetBkColor
SetBrushOrgEx
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
GetSystemPaletteEntries
FillRgn
SetTextColor
ExcludeClipRect
GetClipRgn
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
CreateSolidBrush
CreateFontW
DeleteObject
CreatePatternBrush
GetDeviceCaps

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

advapi32

CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegCloseKey
RegConnectRegistryW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW

shell32

SHGetPathFromIDListW
SHFileOperationW
SHEmptyRecycleBinW
DragQueryPoint
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW
ExtractIconW
DragQueryFileW
DragFinish
Shell_NotifyIconW

ole32

CoUninitialize
StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoGetObject

oleaut32

OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
VariantChangeType
VariantClear
SafeArrayCreate
SysAllocString
SysFreeString
SafeArrayDestroy
GetActiveObject
SysStringLen

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__std_terminate
__C_specific_handler
wcsrchr
_purecall
memcpy
wcschr
strchr
strstr
wcsstr
__std_exception_copy
memmove
memcmp
__RTDynamicCast
_CxxThrowException
__current_exception_context
__current_exception
__std_exception_destroy

api-ms-win-crt-convert-l1-1-0

_wtof
_wcstoi64
_wtoi64
_ultow
_ui64tow
wcstombs
wcstoul
wcstol
_itow
_wtoi
strtol
_ui64toa
_i64tow
wcstod
atof
_atoi64
strtoul
_i64toa
atoi
_ultoa
_itoa
_wcstoui64

api-ms-win-crt-string-l1-1-0

isxdigit
strcmp
toupper
_wcsdup
_wcsnicmp
wcsncpy
iswxdigit
isdigit
wcscspn
_wcsupr
_strnicmp
towupper
iswspace
iswdigit
tolower
_isctype
strcpy_s
strncpy_s
wcsncmp
strcat_s
strncmp
_stricmp
_wcsicmp

api-ms-win-crt-heap-l1-1-0

realloc
free
calloc
_expand
_callnewh
_set_new_mode
_msize
malloc

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_initterm
_c_exit
_configure_wide_argv
_get_wide_winmain_command_line
_initialize_wide_environment
terminate
_set_app_type
_seh_filter_exe
_cexit
__p___wargv
__p___argc
exit
_beginthreadex
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

fclose
fread
ftell
__stdio_common_vsprintf_s
fseek
fwrite
__stdio_common_vsprintf
__stdio_common_vswprintf
setvbuf
_set_fmode
__acrt_iob_func
_wfopen
__p__commode

api-ms-win-crt-utility-l1-1-0

qsort
bsearch
rand

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath

api-ms-win-crt-math-l1-1-0

fmod
pow
sin
log
log10
__setusermatherr
floor
exp
tan
cos
ceil
atan
asin
sqrt
acos

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

ADDFILE
ADDSCRIPT
AHKASSIGN
AHKEXEC
AHKEXECUTELINE
AHKFINDFUNC
AHKFINDLABEL
AHKFUNCTION
AHKGETVAR
AHKISUNICODE
AHKLABEL
AHKPAUSE
AHKPOSTFUNCTION
AddFile
AddScript
Addfile
Addscript
AhkAssign
AhkExec
AhkExecuteLine
AhkExecuteline
AhkFindFunc
AhkFindLabel
AhkFindfunc
AhkFindlabel
AhkFunction
AhkGetVar
AhkGetvar
AhkIsUnicode
AhkIsunicode
AhkLabel
AhkPause
AhkPostFunction
AhkPostfunction
Ahkassign
Ahkexec
AhkexecuteLine
Ahkexecuteline
AhkfindFunc
AhkfindLabel
Ahkfindfunc
Ahkfindlabel
Ahkfunction
AhkgetVar
Ahkgetvar
AhkisUnicode
Ahkisunicode
Ahklabel
Ahkpause
AhkpostFunction
Ahkpostfunction
MinHookDisable
MinHookEnable
addFile
addScript
addfile
addscript
ahkAssign
ahkExec
ahkExecuteLine
ahkExecuteline
ahkFindFunc
ahkFindLabel
ahkFindfunc
ahkFindlabel
ahkFunction
ahkGetVar
ahkGetvar
ahkIsUnicode
ahkIsunicode
ahkLabel
ahkPause
ahkPostFunction
ahkPostfunction
ahkassign
ahkexec
ahkexecuteLine
ahkexecuteline
ahkfindFunc
ahkfindLabel
ahkfindfunc
ahkfindlabel
ahkfunction
ahkgetVar
ahkgetvar
ahkisUnicode
ahkisunicode
ahklabel
ahkpause
ahkpostFunction
ahkpostfunction

Sections

.text
Size: 946KB - Virtual size: 945KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plague_loader/Plague_Loader.exe
.exe windows:5 windows x64 arch:x64

1af6c885af093afc55142c2f1761dbe8

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:30:f7:31:2a:22:3c:d1:1f:52:6b:77:eb:03:19:78:9a:dc:60:60:61:f7:d9:b1:7c:cd:02:d3:cd:a8:51:ff
Signer

Actual PE Digest

0d:30:f7:31:2a:22:3c:d1:1f:52:6b:77:eb:03:19:78:9a:dc:60:60:61:f7:d9:b1:7c:cd:02:d3:cd:a8:51:ff

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetCPInfo
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��&Vr.pyc
plague_loader/README.txt
plague_loader/imgui.ini

Sharing

General

Malware Config

Signatures

Files

75c4575d393c87d632a926665a508a79

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

version

comctl32

shlwapi

crypt32

psapi

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

vcruntime140_1

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 946KB - Virtual size: 945KB

.rdata Size: 216KB - Virtual size: 215KB

.data Size: 14KB - Virtual size: 39KB

.pdata Size: 26KB - Virtual size: 26KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

1af6c885af093afc55142c2f1761dbe8

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

0d:30:f7:31:2a:22:3c:d1:1f:52:6b:77:eb:03:19:78:9a:dc:60:60:61:f7:d9:b1:7c:cd:02:d3:cd:a8:51:ffSigner

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 85KB - Virtual size: 85KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 946KB - Virtual size: 945KB

.rdata
Size: 216KB - Virtual size: 215KB

.data
Size: 14KB - Virtual size: 39KB

.pdata
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

0d:30:f7:31:2a:22:3c:d1:1f:52:6b:77:eb:03:19:78:9a:dc:60:60:61:f7:d9:b1:7c:cd:02:d3:cd:a8:51:ff
Signer

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 85KB - Virtual size: 85KB

.reloc
Size: 2KB - Virtual size: 1KB