2024-03-13_2b1059799cc4a58ae74bfebaea954a56_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-13_2b1059799cc4a58ae74bfebaea954a56_magniber
Size

5.5MB
MD5

2b1059799cc4a58ae74bfebaea954a56
SHA1

6bd3816ec8e71f4cc1f77fc43d061cc0a66975d1
SHA256

ed8e874770110e131052ec76e060dee47484b6690e18fe476ebc7108a088c0fb
SHA512

e062da88d753db4988ad6117aee69f25245ab3880bc589676dde80f1d1a5dd1485df4b9dc0207681543d48b0f230818712c82c6a6ab54f17dfe79d7da337eb78
SSDEEP

98304:ucjwNvs6/1+BlrcXIxVzMfJ70Z6jFkPA/ip1Nv8RgyS2P:uh9s7cXIEfJ700jFb/ip1sSo

Score

1^/10

Malware Config

Signatures

Files

2024-03-13_2b1059799cc4a58ae74bfebaea954a56_magniber
.exe windows:6 windows x86 arch:x86

e77d6598dac8e040975ca29bdfecbfad

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:ca:a1:a2:b7:46:f7:b7:0f:ac:53:1d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

22/03/2023, 06:47

Not After

22/03/2024, 06:47

Subject

SERIALNUMBER=91420107MA49P7DP5R,CN=武汉锐森卓鑫网络科技有限公司,O=武汉锐森卓鑫网络科技有限公司,STREET=青山区八大家花园45号楼（华开数科创新中心）3层卡位A区625号（集群登记）,L=武汉市,ST=湖北省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#1305575548414e,1.3.6.1.4.1.311.60.2.1.2=#13054855424549,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:ca:a1:a2:b7:46:f7:b7:0f:ac:53:1d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

22/03/2023, 06:47

Not After

22/03/2024, 06:47

Subject

SERIALNUMBER=91420107MA49P7DP5R,CN=武汉锐森卓鑫网络科技有限公司,O=武汉锐森卓鑫网络科技有限公司,STREET=青山区八大家花园45号楼（华开数科创新中心）3层卡位A区625号（集群登记）,L=武汉市,ST=湖北省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#1305575548414e,1.3.6.1.4.1.311.60.2.1.2=#13054855424549,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b7:31:fd:3f:76:1d:51:4c:cc:65:48:f7:d3:a6:9e:f2:e7:6a:6f:63:94:61:e4:00:e6:7e:37:ee:34:b8:49:9b
Signer

Actual PE Digest

b7:31:fd:3f:76:1d:51:4c:cc:65:48:f7:d3:a6:9e:f2:e7:6a:6f:63:94:61:e4:00:e6:7e:37:ee:34:b8:49:9b

Digest Algorithm

sha256

PE Digest Matches

true

3d:0d:35:07:92:53:86:ab:0b:6a:57:f6:5f:67:00:ac:89:3e:38:bf
Signer

Actual PE Digest

3d:0d:35:07:92:53:86:ab:0b:6a:57:f6:5f:67:00:ac:89:3e:38:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\工作资料\code\startplayer\player1\nativeplayer\StellarDownload\Publish\uninst.pdb

Imports

kernel32

GetVersionExW
GetNativeSystemInfo
CreatePipe
CreateProcessW
PeekNamedPipe
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
GetDriveTypeW
CopyFileW
GetComputerNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetCurrentDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetCommandLineW
GetDiskFreeSpaceW
GetTempFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLogicalDrives
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcess
MoveFileExW
GetFileAttributesExW
SetFileAttributesW
LoadLibraryA
K32GetProcessImageFileNameW
GetProcessId
QueryFullProcessImageNameW
GlobalSize
GetExitCodeProcess
GetLocalTime
GetFileTime
FileTimeToSystemTime
GetConsoleWindow
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
HeapCreate
FlushInstructionCache
GetFullPathNameW
FreeResource
FreeLibrary
GetVersionExA
GetSystemTime
GetModuleHandleA
IsBadReadPtr
DeleteFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetUserDefaultUILanguage
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetSystemTimeAsFileTime
GetFileAttributesA
GetEnvironmentVariableA
GetModuleHandleW
GetProcessHeap
HeapDestroy
DecodePointer
HeapAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FindResourceW
LoadResource
FindResourceExW
RaiseException
HeapReAlloc
LockResource
HeapSize
GetSystemInfo
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ExitProcess
RemoveDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
SystemTimeToTzSpecificLocalTime
GetFileType
GetModuleHandleExW
ResumeThread
ExitThread
GetCommandLineA
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
IsProcessorFeaturePresent
RtlCaptureStackBackTrace
QueueUserWorkItem
AreFileApisANSI
CreateHardLinkW
FindFirstFileExW
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
GetStringTypeW
TryEnterCriticalSection
LoadLibraryW
GetSystemDirectoryW
GetProcAddress
QueryPerformanceFrequency
ResetEvent
QueryPerformanceCounter
GetCurrentProcessId
WriteConsoleW
OpenProcess
GetCurrentThreadId
GetFileAttributesW
InitializeCriticalSectionEx
CreateMutexW
GetTempPathW
GetModuleFileNameW
TerminateProcess
HeapFree
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
lstrcpyW
CreateThread
lstrcatW
GetExitCodeThread
WaitForMultipleObjects
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
FormatMessageW
FlushFileBuffers
SetFilePointerEx
GetFileInformationByHandle
CreateFileW
SetEndOfFile
DeviceIoControl
lstrcpynW
WriteFile
GetFileSizeEx
GetVolumeInformationW
GetLastError
ReadFile
GetTickCount
FormatMessageA
lstrcpyA
OutputDebugStringW
lstrlenA
OutputDebugStringA
LocalFree
Sleep
LocalAlloc
SetLastError
CloseHandle
SetEvent
CreateEventW
WaitForSingleObject
CreateDirectoryW
lstrlenW
GetTickCount64

user32

PostMessageW
CharNextA
SetForegroundWindow
SystemParametersInfoW
GetDesktopWindow
FindWindowW
CharNextW
GetForegroundWindow
wsprintfW
IsWindow
GetShellWindow
UpdateLayeredWindow
IsMenu
IsWindowEnabled
CreatePopupMenu
DestroyMenu
CheckMenuItem
UnregisterClassW
GetSystemMetrics
SendMessageTimeoutW
GetWindowRect
GetWindowThreadProcessId
GetMenuItemCount
InsertMenuW
AppendMenuW
DeleteMenu
OffsetRect
SetTimer
DestroyWindow
TrackPopupMenu
MessageBoxW
IsRectEmpty
AllowSetForegroundWindow
KillTimer
RegisterWindowMessageW
MapVirtualKeyA
CharLowerBuffW
AttachThreadInput
SetCaretPos
DrawIconEx
EnumDisplayDevicesW
EnumDisplaySettingsW
GetActiveWindow
WaitForInputIdle
EnumWindows
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
GetDC
ReleaseDC
GetMonitorInfoW
MonitorFromWindow
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo
DisplayConfigSetDeviceInfo
GetLastInputInfo
GetWindowPlacement
ShowWindow
InflateRect
SetWindowRgn
IsWindowVisible
LoadCursorW
DestroyCursor
SetCursor
CopyRect
IntersectRect
UnionRect
EqualRect
PtInRect
DefWindowProcW
CallWindowProcW
RegisterClassExW
CreateWindowExW
SetWindowPos
GetDlgItem
GetClientRect
MapWindowPoints
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
TrackMouseEvent
PostQuitMessage
HideCaret
CreateCaret
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
EnableWindow
SetActiveWindow
SendMessageW
SystemParametersInfoA
DrawTextW
MonitorFromRect
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetSysColor
EnableMenuItem
SetRect
ClientToScreen
PostThreadMessageW
GetMessageW
LoadImageW
CreateIconFromResource
LoadBitmapW
GetIconInfo
GetKeyState
GetFocus
DestroyIcon
GetClassNameW
ScreenToClient
GetCursorPos
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow

gdi32

DeleteObject
CreateDIBitmap
GetObjectW
BitBlt
EnumFontsW
CreateBitmap
CreateCompatibleDC
DeleteDC
SelectObject
SetGraphicsMode
CreateRectRgn
CreateSolidBrush
GetClipBox
GetStockObject
Rectangle
SetBkMode
GetDCOrgEx
StretchBlt
CreateCompatibleBitmap
SetViewportOrgEx
CreateFontIndirectW
CombineRgn
CreateRoundRectRgn
ExtCreateRegion
IntersectClipRect
SelectClipRgn
SetWorldTransform
CreateDIBSection
GetCurrentObject
GetViewportOrgEx
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
SetTextAlign
GetTextMetricsW
ExtTextOutW
GetTextFaceW
GdiFlush
GetDeviceCaps

comdlg32

GetOpenFileNameW

advapi32

RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegGetValueW
CreateProcessAsUserW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
DuplicateTokenEx
OpenProcessToken
GetUserNameW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegDeleteKeyValueW
RegCreateKeyExW
RegEnumKeyExW

shell32

SHOpenFolderAndSelectItems
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW
ShellExecuteExW
ord190
ord155
CommandLineToArgvW
ord165
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW

ole32

GetHGlobalFromStream
CLSIDFromString
CoCreateGuid
OleUninitialize
OleInitialize
CoSetProxyBlanket
CoInitializeSecurity
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
CreateBindCtx
IIDFromString
CoUninitialize
CoInitialize
OleLockRunning

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
SetErrorInfo
VariantInit
GetErrorInfo
VariantChangeType
CreateErrorInfo
VariantClear

winhttp

WinHttpSendRequest
WinHttpConnect
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders

shlwapi

StrToIntExW
ord12
PathRemoveFileSpecW
PathFindFileNameW
SHDeleteKeyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipImageSelectActiveFrame
GdipSaveImageToFile
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFileICM
GdipCreateFromHDC
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDrawImageI
GdipSetSmoothingMode
GdipDrawImageRectI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageRawFormat
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipGraphicsClear
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipLoadImageFromFile

ws2_32

inet_ntop
WSAGetLastError
inet_ntoa
gethostname
getaddrinfo
gethostbyname

iphlpapi

GetAdaptersAddresses

netapi32

NetApiBufferFree
NetGetJoinInformation

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

imm32

ImmCreateContext
ImmDestroyContext
ImmGetContext
ImmAssociateContext
ImmReleaseContext

usp10

ScriptItemize
ScriptFreeCache
ScriptShape

opengl32

wglGetCurrentContext
wglGetProcAddress

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 866KB - Virtual size: 866KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 37B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 680KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e77d6598dac8e040975ca29bdfecbfad

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

61:ca:a1:a2:b7:46:f7:b7:0f:ac:53:1dCertificate

Extended Key Usages

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

61:ca:a1:a2:b7:46:f7:b7:0f:ac:53:1dCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

b7:31:fd:3f:76:1d:51:4c:cc:65:48:f7:d3:a6:9e:f2:e7:6a:6f:63:94:61:e4:00:e6:7e:37:ee:34:b8:49:9bSigner

3d:0d:35:07:92:53:86:ab:0b:6a:57:f6:5f:67:00:ac:89:3e:38:bfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

winhttp

shlwapi

version

gdiplus

ws2_32

iphlpapi

netapi32

setupapi

imm32

usp10

opengl32

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 866KB - Virtual size: 866KB

.data Size: 99KB - Virtual size: 197KB

.gfids Size: 5KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 37B

.rsrc Size: 680KB - Virtual size: 680KB

.reloc Size: 218KB - Virtual size: 217KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

61:ca:a1:a2:b7:46:f7:b7:0f:ac:53:1d
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

61:ca:a1:a2:b7:46:f7:b7:0f:ac:53:1d
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

b7:31:fd:3f:76:1d:51:4c:cc:65:48:f7:d3:a6:9e:f2:e7:6a:6f:63:94:61:e4:00:e6:7e:37:ee:34:b8:49:9b
Signer

3d:0d:35:07:92:53:86:ab:0b:6a:57:f6:5f:67:00:ac:89:3e:38:bf
Signer

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 866KB - Virtual size: 866KB

.data
Size: 99KB - Virtual size: 197KB

.gfids
Size: 5KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 37B

.rsrc
Size: 680KB - Virtual size: 680KB

.reloc
Size: 218KB - Virtual size: 217KB