2024-03-12_3b63b21fdd3b1a53f9eb1d590ff7b350_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-12_3b63b21fdd3b1a53f9eb1d590ff7b350_magniber_revil
Size

4.9MB
MD5

3b63b21fdd3b1a53f9eb1d590ff7b350
SHA1

fdd28f5cfdc855209e1fd552e910df591d6fa0d6
SHA256

42b7ee1324b979517debf30d73e8dc1362992712bc3e90d6d663ae942e62c12d
SHA512

7d89a904abfc6483124683b1dc5a1a031df7ae1fecd8fb20a8669a1e3c108d1c9405b7352211d84bc1aa584cc301503d98a8b0642588d4e18ba848b6434d9098
SSDEEP

49152:Kl+BZANo5rth1LFNDaAPv0cKHibM+HLuacJ+5bK9CMFEdfUxGj/se65ZipnwYnPS:Kl+RLFNn0ccaLE4ZMFmfUxYpwYzXls

Score

1^/10

Malware Config

Signatures

Files

2024-03-12_3b63b21fdd3b1a53f9eb1d590ff7b350_magniber_revil
.exe windows:6 windows x86 arch:x86

f67a7c5a381ad0df3ec858fa1d22b759

Code Sign

0d:1a:c7:13:ae:e1:d5:36:c8:58:1e:12:bb:be:f5:2b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/05/2023, 00:00

Not After

06/05/2026, 23:59

Subject

SERIALNUMBER=4725181,CN=Authentic8\, Inc.,O=Authentic8\, Inc.,L=Redwood City,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:02:2d:ff:07:4d:71:04:ea:e3:82:8a:b2:c0:b3:e3:81:b5:e0:d1:9c:33:c2:64:1b:ff:76:ac:47:b8:5c:b2
Signer

Actual PE Digest

48:02:2d:ff:07:4d:71:04:ea:e3:82:8a:b2:c0:b3:e3:81:b5:e0:d1:9c:33:c2:64:1b:ff:76:ac:47:b8:5c:b2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Project\client_build-2.9.24\client_build\build\freerdp\release\Release\wfreerdp.pdb

Imports

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetOpenStatus
ImmGetContext

d3d9

Direct3DCreate9

shlwapi

PathFindFileNameA

winmm

waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutSetVolume
waveOutWrite
waveOutReset

ws2_32

gethostbyaddr
inet_ntoa
inet_addr
getservbyport
htonl
gethostbyname
select
WSASetLastError
ntohs
sendto
recvfrom
getpeername
listen
bind
htons
accept
WSAStartup
WSACleanup
WSAResetEvent
gethostname
ioctlsocket
getsockname
getsockopt
setsockopt
WSACreateEvent
WSAEventSelect
closesocket
connect
getservbyname
recv
send
shutdown
socket
freeaddrinfo
getaddrinfo
WSAGetLastError

winscard

SCardEstablishContext
SCardReleaseContext
SCardListReadersA
SCardIsValidContext
SCardListReadersW
SCardAccessStartedEvent
SCardLocateCardsByATRA
SCardLocateCardsByATRW
SCardGetStatusChangeA
SCardGetStatusChangeW
SCardCancel
SCardConnectA
SCardConnectW
SCardReconnect
SCardDisconnect
SCardBeginTransaction
SCardEndTransaction
SCardState
SCardStatusA
SCardStatusW
SCardTransmit
SCardControl
SCardGetAttrib
SCardFreeMemory

kernel32

CreateEventW
Sleep
GetTickCount64
GetCurrentThreadId
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetLastError
GlobalSize
OutputDebugStringA
SetEvent
CreateThread
AllocConsole
GetConsoleWindow
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
GetSystemInfo
GetSystemTimeAsFileTime
K32GetProcessMemoryInfo
CreateFileA
WriteFile
CloseHandle
SetNamedPipeHandleState
GetModuleFileNameA
WaitNamedPipeA
FreeLibrary
GetProcAddress
LoadLibraryA
ReleaseMutex
CreateMutexW
WaitForMultipleObjects
QueryPerformanceCounter
ReleaseSemaphore
CreateSemaphoreW
CreateDirectoryA
GetFileAttributesA
SetFileAttributesA
LoadLibraryW
MultiByteToWideChar
FormatMessageW
QueryPerformanceFrequency
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ResetEvent
GetCurrentThread
CreateSemaphoreA
GetModuleHandleExW
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualAlloc
VirtualProtect
VirtualFree
VirtualLock
GetEnvironmentVariableW
SwitchToFiber
DeleteFiber
CreateFiberEx
WideCharToMultiByte
GetSystemDirectoryA
FormatMessageA
GetStdHandle
GetFileType
GetModuleHandleW
GetACP
ConvertFiberToThread
ConvertThreadToFiberEx
TryEnterCriticalSection
GetExitCodeThread
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
InterlockedFlushSList
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
ExitProcess
GetCommandLineA
GetCommandLineW
DuplicateHandle
ExitThread
ResumeThread
FreeLibraryAndExitThread
ReadFile
GetTimeZoneInformation
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
SetConsoleCtrlHandler
GetModuleFileNameW
WriteConsoleW
GetStringTypeW
HeapAlloc
HeapFree
GetTempPathW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
SetEnvironmentVariableW
SetStdHandle
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
SetCurrentDirectoryW
GetCurrentDirectoryW
DecodePointer
DeleteFileW
OutputDebugStringW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapSize
SetEndOfFile
WaitForSingleObject
CreateEventA

user32

EnumDisplayMonitors
GetProcessWindowStation
GetUserObjectInformationW
GetMonitorInfoW
SetRect
LoadImageA
LoadIconW
LoadCursorW
MessageBoxW
GetWindowRect
UpdateWindow
MsgWaitForMultipleObjects
SetWindowPos
RegisterClassExW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetKeyboardLayoutNameA
IsWindowVisible
SystemParametersInfoW
SetWindowLongW
AdjustWindowRectEx
GetClientRect
SetWindowTextW
GetForegroundWindow
GetSystemMetrics
EnableWindow
BringWindowToTop
MoveWindow
EnumDisplayDevicesA
EmptyClipboard
GetClipboardFormatNameA
EnumClipboardFormats
CountClipboardFormats
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
GetClipboardSequenceNumber
OpenClipboard
CreateIconIndirect
DestroyIcon
DestroyCursor
CreateCursor
CallNextHookEx
GetWindowLongW
ClientToScreen
GetCursorPos
SetCursor
EndPaint
BeginPaint
KillTimer
SetTimer
ReleaseCapture
SetCapture
ToUnicode
GetKeyboardState
GetAsyncKeyState
GetKeyState
GetFocus
DestroyWindow
PostQuitMessage
CreateWindowExW
EnumDisplaySettingsA
ShowWindow
SetForegroundWindow
GetDC
ReleaseDC
InvalidateRect
FillRect
PostMessageA
CloseClipboard
DefWindowProcW

gdi32

SelectClipRgn
GetDeviceCaps
GetStockObject
GdiFlush
GdiAlphaBlend
CreateCompatibleBitmap
SetBrushOrgEx
Polyline
MoveToEx
CreateDIBSection
SetTextColor
SetROP2
SetBkMode
SetBkColor
SelectObject
BitBlt
PatBlt
LineTo
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePen
CreateCompatibleDC
CreateBrushIndirect
CreateBitmap

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptGenRandom
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
RegOpenKeyExA

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenSystemStoreW
CertDuplicateCertificateContext
CertCloseStore

Exports

Exports

BitBlt_16bpp
BitBlt_32bpp
BitBlt_8bpp
Bitmap_Alloc
Bitmap_Free
Bitmap_New
Bitmap_SetDimensions
Bitmap_SetRectangle
Bitmap_SetSurface
FillRect_16bpp
FillRect_32bpp
FillRect_8bpp
Glyph_Alloc
Glyph_BeginDraw
Glyph_Draw
Glyph_EndDraw
Glyph_Free
Glyph_New
LineTo_16bpp
LineTo_32bpp
LineTo_8bpp
PatBlt_16bpp
PatBlt_32bpp
PatBlt_8bpp
Pointer_Alloc
Pointer_Free
Pointer_New
Pointer_Set
Pointer_SetDefault
Pointer_SetNull
_ber_skip_length
_der_skip_length
ber_get_content_length
ber_read_application_tag
ber_read_bit_string
ber_read_boolean
ber_read_contextual_tag
ber_read_enumerated
ber_read_integer
ber_read_integer_length
ber_read_length
ber_read_octet_string_tag
ber_read_sequence_tag
ber_read_universal_tag
ber_skip_contextual_tag
ber_skip_integer
ber_skip_octet_string
ber_skip_sequence
ber_skip_sequence_tag
ber_write_application_tag
ber_write_boolean
ber_write_contextual_tag
ber_write_enumerated
ber_write_integer
ber_write_length
ber_write_octet_string
ber_write_octet_string_tag
ber_write_sequence_tag
ber_write_universal_tag
bitmap_cache_free
bitmap_cache_get
bitmap_cache_new
bitmap_cache_put
bitmap_cache_register_callbacks
bitmap_decompress
brush_cache_free
brush_cache_get
brush_cache_new
brush_cache_put
brush_cache_register_callbacks
cache_free
cache_new
certificate_data_free
certificate_data_match
certificate_data_new
certificate_data_print
certificate_data_replace
certificate_store_free
certificate_store_new
compress_rdp
compress_rdp_4
compress_rdp_5
credssp_authenticate
credssp_free
credssp_new
crypto_base64_decode
crypto_base64_encode
crypto_cert_fingerprint
crypto_cert_free
crypto_cert_get_public_key
crypto_cert_issuer
crypto_cert_print_info
crypto_cert_read
crypto_cert_subject
crypto_cert_subject_alt_name
crypto_cert_subject_common_name
crypto_des3_decrypt
crypto_des3_decrypt_init
crypto_des3_encrypt
crypto_des3_encrypt_init
crypto_des3_free
crypto_get_certificate_data
crypto_hmac_final
crypto_hmac_free
crypto_hmac_new
crypto_hmac_sha1_init
crypto_hmac_update
crypto_md5_final
crypto_md5_init
crypto_md5_update
crypto_nonce
crypto_rc4
crypto_rc4_free
crypto_rc4_init
crypto_reverse
crypto_rsa_private_decrypt
crypto_rsa_private_encrypt
crypto_rsa_public_decrypt
crypto_rsa_public_encrypt
crypto_sha1_final
crypto_sha1_init
crypto_sha1_update
decompress_rdp
decompress_rdp_4
decompress_rdp_5
decompress_rdp_6
decompress_rdp_61
der_get_content_length
der_skip_contextual_tag
der_skip_octet_string
der_skip_sequence_tag
der_write_contextual_tag
der_write_length
der_write_octet_string
der_write_sequence_tag
extension_free
extension_load_and_init_plugins
extension_new
extension_post_connect
extension_pre_connect
freerdp_alpha_cursor_convert
freerdp_append_shared_library_suffix
freerdp_bitmap_flip
freerdp_blob_alloc
freerdp_blob_copy
freerdp_blob_free
freerdp_channels_check_fds
freerdp_channels_close
freerdp_channels_data
freerdp_channels_free
freerdp_channels_get_fds
freerdp_channels_global_init
freerdp_channels_global_uninit
freerdp_channels_load_plugin
freerdp_channels_new
freerdp_channels_pop_event
freerdp_channels_post_connect
freerdp_channels_pre_connect
freerdp_channels_send_event
freerdp_check_fds
freerdp_check_file_exists
freerdp_close_library
freerdp_clrconv_free
freerdp_clrconv_new
freerdp_color_convert_bgr
freerdp_color_convert_bgr_rgb
freerdp_color_convert_rgb
freerdp_color_convert_rgb_bgr
freerdp_color_convert_var
freerdp_color_convert_var_bgr
freerdp_color_convert_var_rgb
freerdp_connect
freerdp_construct_path
freerdp_context_free
freerdp_context_new
freerdp_detect_development_mode
freerdp_detect_keyboard_layout_from_system_locale
freerdp_detect_paths
freerdp_disconnect
freerdp_dsp_context_free
freerdp_dsp_context_new
freerdp_error_info
freerdp_event_free
freerdp_event_new
freerdp_free
freerdp_get_config_path
freerdp_get_current_path
freerdp_get_fds
freerdp_get_home_path
freerdp_get_library_symbol
freerdp_get_parent_path
freerdp_get_system_locale_id
freerdp_get_system_locale_name_from_id
freerdp_get_unix_time_from_generalized_time
freerdp_get_unix_time_from_windows_time
freerdp_get_version
freerdp_get_windows_time_from_unix_time
freerdp_glyph_convert
freerdp_hexdump
freerdp_icon_convert
freerdp_image_convert
freerdp_image_flip
freerdp_image_swap_color_order
freerdp_input_send_extended_mouse_event
freerdp_input_send_keyboard_event
freerdp_input_send_mouse_event
freerdp_input_send_synchronize_event
freerdp_input_send_unicode_keyboard_event
freerdp_keyboard_get_layout_name_from_id
freerdp_keyboard_get_layouts
freerdp_keyboard_get_rdp_scancode_from_virtual_key_code
freerdp_keyboard_get_rdp_scancode_from_x11_keycode
freerdp_keyboard_get_x11_keycode_from_rdp_scancode
freerdp_keyboard_init
freerdp_keyboard_set_layout_code
freerdp_load_channel_plugin
freerdp_load_library_symbol
freerdp_load_plugin
freerdp_load_static_plugin
freerdp_mkdir
freerdp_mono_image_convert
freerdp_mutex_free
freerdp_mutex_lock
freerdp_mutex_new
freerdp_mutex_unlock
freerdp_new
freerdp_open_library
freerdp_parse_args
freerdp_passphrase_read
freerdp_path_contains_separator
freerdp_read_rectangle_16
freerdp_rectangle_16_free
freerdp_rectangle_16_new
freerdp_register_static_plugin
freerdp_sem_free
freerdp_sem_new
freerdp_sem_signal
freerdp_sem_wait
freerdp_send_keylayout
freerdp_set_hidden
freerdp_shall_disconnect
freerdp_sleep
freerdp_string_free
freerdp_string_read_length32
freerdp_tcp_connect
freerdp_tcp_disconnect
freerdp_tcp_read
freerdp_tcp_set_no_delay
freerdp_tcp_write
freerdp_thread_free
freerdp_thread_new
freerdp_thread_start
freerdp_thread_stop
freerdp_time_zone_detect
freerdp_uds_connect
freerdp_uniconv_free
freerdp_uniconv_in
freerdp_uniconv_new
freerdp_uniconv_out
freerdp_uniconv_uppercase
freerdp_usleep
freerdp_windows_gmtime
freerdp_write_rectangle_16
freerdp_wsa_cleanup
freerdp_wsa_startup
gdi_BitBlt
gdi_CRectToCRgn
gdi_CRectToRgn
gdi_CRgnToCRect
gdi_CRgnToRect
gdi_ClipCoords
gdi_CopyOverlap
gdi_CopyRect
gdi_CreateBitmap
gdi_CreateCompatibleBitmap
gdi_CreateCompatibleDC
gdi_CreateDC
gdi_CreatePatternBrush
gdi_CreatePen
gdi_CreateRect
gdi_CreateRectRgn
gdi_CreateSolidBrush
gdi_DeleteDC
gdi_DeleteObject
gdi_Ellipse
gdi_EqualRgn
gdi_FillRect
gdi_GetClipRgn
gdi_GetDC
gdi_GetPenColor_16bpp
gdi_GetPenColor_32bpp
gdi_GetPenColor_8bpp
gdi_GetPixel
gdi_GetPixel_16bpp
gdi_GetPixel_32bpp
gdi_GetPixel_8bpp
gdi_GetPointer_16bpp
gdi_GetPointer_32bpp
gdi_GetPointer_8bpp
gdi_InvalidateRegion
gdi_LineTo
gdi_MoveToEx
gdi_PatBlt
gdi_PolyPolygon
gdi_PolyPolyline
gdi_Polygon
gdi_Polyline
gdi_PolylineTo
gdi_PtInRect
gdi_RectToCRgn
gdi_RectToRgn
gdi_Rectangle
gdi_RgnToCRect
gdi_RgnToRect
gdi_SelectObject
gdi_SetClipRgn
gdi_SetNullClipRgn
gdi_SetPixel
gdi_SetPixel_16bpp
gdi_SetPixel_32bpp
gdi_SetPixel_8bpp
gdi_SetRect
gdi_SetRectRgn
gdi_SetRgn
gdi_composite
gdi_free
gdi_get_bitmap_pointer
gdi_get_brush_pointer
gdi_get_color_16bpp
gdi_get_color_32bpp
gdi_get_color_8bpp
gdi_init
gdi_is_mono_pixel_set
gdi_resize
gdi_rop3_code
glyph_cache_fragment_get
glyph_cache_fragment_put
glyph_cache_free
glyph_cache_get
glyph_cache_new
glyph_cache_put
glyph_cache_register_callbacks
graphics_free
graphics_new
graphics_register_bitmap
graphics_register_glyph
graphics_register_pointer
jpeg_decompress
list_dequeue
list_enqueue
list_free
list_new
list_next
list_peek
list_remove
list_size
mppc_dec_free
mppc_dec_new
mppc_enc_free
mppc_enc_new
nine_grid_cache_free
nine_grid_cache_get
nine_grid_cache_new
nine_grid_cache_put
nine_grid_cache_register_callbacks
nsc_compose_message
nsc_context_free
nsc_context_new
nsc_context_set_cpu_opt
nsc_context_set_pixel_format
nsc_process_message
offscreen_cache_delete
offscreen_cache_free
offscreen_cache_get
offscreen_cache_new
offscreen_cache_put
offscreen_cache_register_callbacks
palette_cache_free
palette_cache_get
palette_cache_new
palette_cache_put
palette_cache_register_callbacks
pcap_add_record
pcap_close
pcap_flush
pcap_get_next_record
pcap_get_next_record_content
pcap_get_next_record_header
pcap_has_next_record
pcap_open
per_read_choice
per_read_enumerated
per_read_integer
per_read_integer16
per_read_length
per_read_number_of_sets
per_read_numeric_string
per_read_object_identifier
per_read_octet_string
per_read_padding
per_read_selection
per_write_choice
per_write_enumerated
per_write_integer
per_write_integer16
per_write_length
per_write_number_of_sets
per_write_numeric_string
per_write_object_identifier
per_write_octet_string
per_write_padding
per_write_selection
png_decompress
pointer_cache_free
pointer_cache_get
pointer_cache_new
pointer_cache_put
pointer_cache_register_callbacks
rail_CreateWindow
rail_DestroyWindow
rail_UpdateWindow
rail_clone_order
rail_free
rail_free_cloned_order
rail_new
rail_read_unicode_string
rail_register_update_callbacks
rail_unicode_string_alloc
rail_unicode_string_free
rail_write_unicode_string
rail_write_unicode_string_value
rdp_send_monitors
rfx_compose_message
rfx_compose_message_header
rfx_context_free
rfx_context_new
rfx_context_reset
rfx_context_set_cpu_opt
rfx_context_set_pixel_format
rfx_message_free
rfx_message_get_rect
rfx_message_get_rect_count
rfx_message_get_tile
rfx_message_get_tile_count
rfx_process_message
sspi_CopyAuthIdentity
sspi_GlobalFinish
sspi_GlobalInit
sspi_SecBufferAlloc
sspi_SecBufferFree
sspi_SetAuthIdentity
stream_extend
stream_free
stream_new
svc_plugin_init
svc_plugin_send
svc_plugin_send_event
tls_accept
tls_connect
tls_disconnect
tls_print_certificate_error
tls_print_certificate_name_mismatch_error
tls_print_error
tls_rdp_free
tls_rdp_new
tls_read
tls_read_all
tls_verify_certificate
tls_write
tls_write_all
wait_obj_clear
wait_obj_free
wait_obj_get_fds
wait_obj_is_set
wait_obj_new
wait_obj_new_with_fd
wait_obj_select
wait_obj_set
window_list_clear
window_list_create
window_list_delete
window_list_free
window_list_get_by_extra_id
window_list_get_by_id
window_list_get_next
window_list_has_next
window_list_new
window_list_rewind
window_list_update
window_state_update
winpr_HexDump
x509_verify_certificate
xfree
xmalloc
xrealloc
xstrdup
xstrtoup
xwcsdup
xzalloc

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 858KB - Virtual size: 858KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f67a7c5a381ad0df3ec858fa1d22b759

Code Sign

0d:1a:c7:13:ae:e1:d5:36:c8:58:1e:12:bb:be:f5:2bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

48:02:2d:ff:07:4d:71:04:ea:e3:82:8a:b2:c0:b3:e3:81:b5:e0:d1:9c:33:c2:64:1b:ff:76:ac:47:b8:5c:b2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

d3d9

shlwapi

winmm

ws2_32

winscard

kernel32

user32

gdi32

advapi32

crypt32

Exports

Exports

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rodata Size: 1KB - Virtual size: 1KB

.rdata Size: 858KB - Virtual size: 858KB

.data Size: 26KB - Virtual size: 43KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 144KB - Virtual size: 143KB

0d:1a:c7:13:ae:e1:d5:36:c8:58:1e:12:bb:be:f5:2b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

48:02:2d:ff:07:4d:71:04:ea:e3:82:8a:b2:c0:b3:e3:81:b5:e0:d1:9c:33:c2:64:1b:ff:76:ac:47:b8:5c:b2
Signer

.text
Size: 3.9MB - Virtual size: 3.9MB

.rodata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 858KB - Virtual size: 858KB

.data
Size: 26KB - Virtual size: 43KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 144KB - Virtual size: 143KB