2024-03-14_c1191bbb68b4559eb8dfdf4dff259aef_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-14_c1191bbb68b4559eb8dfdf4dff259aef_mafia
Size

18.7MB
MD5

c1191bbb68b4559eb8dfdf4dff259aef
SHA1

1a5f0142128bbc985b890a43724ad657e3c469d1
SHA256

5d447f1fe007dae3b9ad0687212e71cdec0343f6385fcc2db4ee3e0198e995c0
SHA512

bce9d986e448ca58905d502eca471a405bc98f794ac25707e6d57b3a697a39d0a3a566f76367031ff5e63107c7fc67d4f229d91b1c75e65cdf49c91315039f3b
SSDEEP

196608:eFu3PEnIIbRjJy0eCynfYjxadkmiqOsQ3sDyh7HABI8KOzNglZItKkguAb3ENseC:x/EnbX2fmES/FHyfNEi8b36pYR8psao

Score

1^/10

Malware Config

Signatures

Files

2024-03-14_c1191bbb68b4559eb8dfdf4dff259aef_mafia
.exe windows:5 windows x86 arch:x86

059a26bb8127f967bdb8d6244500a50a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:01
Certificate

Issuer

OU=Starfield Class 2 Certification Authority,O=Starfield Technologies\, Inc.,C=US

Not Before

16/11/2006, 01:15

Not After

16/11/2026, 01:15

Subject

SERIALNUMBER=10688435,CN=Starfield Secure Certification Authority,OU=http://certificates.starfieldtech.com/repository,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:43:0e:53:29:6b:f1
Certificate

Issuer

SERIALNUMBER=10688435,CN=Starfield Secure Certification Authority,OU=http://certificates.starfieldtech.com/repository,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2013, 07:56

Not After

03/05/2016, 20:33

Subject

CN=Foxit Corporation,O=Foxit Corporation,L=Fremont,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

58:2e:89:05:63:ea:85:a0:cb:8d:6f:81:46:76:2b:4d:a9:19:c9:bf
Signer

Actual PE Digest

58:2e:89:05:63:ea:85:a0:cb:8d:6f:81:46:76:2b:4d:a9:19:c9:bf

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\lwj\products\Phantom6.0_Localization\Updater\Release\Foxit_Updater.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

SetHandleCount
HeapCreate
HeapDestroy
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW
FatalAppExitA
GetConsoleCP
GetConsoleMode
GetFileAttributesA
SetConsoleCtrlHandler
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateProcessA
CreateFileA
SetCurrentDirectoryW
GetDriveTypeW
GetFullPathNameA
SetEnvironmentVariableA
GetProcessHeap
InterlockedCompareExchange
SizeofResource
LockResource
LoadResource
FindResourceW
MultiByteToWideChar
GetModuleFileNameW
GetTimeZoneInformation
WritePrivateProfileStringA
GetEnvironmentStringsW
lstrcmpW
GetModuleHandleW
GetLastError
WideCharToMultiByte
lstrlenW
GetVersion
VirtualQuery
RemoveDirectoryW
DeleteFileW
CopyFileW
CreateDirectoryW
GetTempPathW
ReleaseMutex
WaitForSingleObject
Sleep
SetLastError
CreateMutexW
ResumeThread
SuspendThread
CreateEventW
CloseHandle
SetEvent
GetExitCodeThread
GetTickCount
lstrcpyW
WinExec
lstrcatW
CreateThread
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
TerminateThread
GetShortPathNameW
GetCurrentThreadId
GetCurrentProcess
GetProcAddress
FindClose
SetFileAttributesW
FreeEnvironmentStringsW
GetStdHandle
GetPrivateProfileStringA
SetUnhandledExceptionFilter
GetModuleFileNameA
FindFirstFileA
FindNextFileA
GetSystemTime
SleepEx
InterlockedExchangeAdd
SetFilePointerEx
DeleteFileA
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapQueryInformation
HeapSize
ExitThread
GetFileType
SetStdHandle
HeapReAlloc
ExitProcess
HeapAlloc
DecodePointer
EncodePointer
HeapFree
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
LocalLock
LocalUnlock
FindResourceExW
GetDiskFreeSpaceW
ReplaceFileW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetNumberFormatW
SetErrorMode
CopyFileA
MoveFileA
GetThreadPriority
WaitForMultipleObjects
TryEnterCriticalSection
GetCurrentDirectoryW
GlobalFlags
FindFirstFileW
Process32NextW
TerminateProcess
GetFileTime
GetFileSizeEx
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExW
SystemTimeToFileTime
GetAtomNameW
GlobalGetAtomNameW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentProcessId
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
MoveFileW
lstrcmpiW
GetThreadLocale
GetStringTypeExW
FindNextFileW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LeaveCriticalSection
EnterCriticalSection
OpenProcess
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
ActivateActCtx
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
SetThreadPriority
lstrlenA
lstrcmpA
GlobalFree
GlobalSize
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
LocalAlloc
ReadFile
CreateFileW
GetFileSize
LocalFree
OutputDebugStringW
GlobalAlloc
GetSystemDirectoryW
LoadLibraryA
CreateProcessW
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
lstrcpynW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesW
GetVersionExW
GetExitCodeProcess
GetACP
GetPrivateProfileStringW
GetTempFileNameW
CreateToolhelp32Snapshot
Process32FirstW

user32

UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
RegisterClipboardFormatW
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
InsertMenuItemW
TranslateAcceleratorW
LoadImageW
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
OffsetRect
CharNextW
DestroyIcon
IsIconic
GetDialogBaseUnits
WaitMessage
KillTimer
SetTimer
DeleteMenu
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
RealChildWindowFromPoint
UnregisterClassW
GetSysColorBrush
IntersectRect
MapVirtualKeyW
GetKeyNameTextW
DestroyMenu
CharUpperW
GetSystemMetrics
ScrollWindowEx
ShowWindow
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
IsMenu
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
PostQuitMessage
IsWindowEnabled
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
InSendMessage
CreateMenu
PostThreadMessageW
SetMenuDefaultItem
IsClipboardFormatAvailable
SendNotifyMessageW
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
CopyRect
GetWindow
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
MapVirtualKeyExW
SubtractRect
DrawIcon
WindowFromDC
GetWindowRgn
GetDCEx
GetTabbedTextExtentW
EndPaint
GetKeyState
PeekMessageW
ValidateRect
GetMenuState
AppendMenuW
GetMenuItemID
InsertMenuW
RemoveMenu
SetFocus
DestroyCursor
SetDlgItemTextW
EnumChildWindows
GetDlgCtrlID
SetWindowTextW
SetWindowPos
GetMenuItemCount
wsprintfW
GetMenuItemInfoW
SetMenuItemInfoW
ScreenToClient
LoadBitmapW
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetMessagePos
SystemParametersInfoW
LoadMenuW
GetSubMenu
GetMenuStringW
PostMessageW
GetCursorPos
LoadIconW
SetActiveWindow
UpdateWindow
GetSystemMenu
EnableMenuItem
MessageBeep
SetWindowLongW
LoadCursorW
CopyIcon
GetSysColor
SetCursor
ReleaseCapture
EnableWindow
GetParent
SetCapture
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
GetClientRect
GetWindowRect
InflateRect
PtInRect
SetForegroundWindow
SendMessageW
GetClassInfoW
IsWindow
MessageBoxW
FindWindowW
WindowFromPoint

gdi32

LineTo
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
GetPixel
StartDocW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
PatBlt
SetRectRgn
CombineRgn
ExcludeClipRect
OffsetClipRgn
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetTextColor
GetRgnBox
GetCharWidthW
StretchDIBits
GetCurrentObject
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
GetDIBits
SetPixel
RoundRect
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
SetPixelV
DPtoLP
IntersectClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
CreateDCW
CopyMetaFileW
GetDeviceCaps
StretchBlt
BitBlt
GetBkColor
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateFontW
SelectObject
DeleteObject
GetTextExtentPoint32W
GetStockObject
GetObjectW
GetMapMode
CreateFontIndirectW

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

GetJobW
OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
GetFileSecurityW
SetFileSecurityW
RegEnumKeyW
RegSetValueW
RegOpenKeyW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
RegCloseKey

shell32

SHAppBarMessage
ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHAddToRecentDocs
ExtractIconW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteExW
DragQueryFileW
DragFinish
SHGetDesktopFolder

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx
ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathFileExistsW
PathIsUNCW

ole32

OleCreateStaticFromData
OleCreate
OleLoad
GetHGlobalFromILockBytes
OleSetContainedObject
OleCreateFromFile
OleCreateLinkToFile
CreateDataAdviseHolder
CreateOleAdviseHolder
CoGetMalloc
OleCreateLinkFromData
OleIsRunning
WriteClassStm
OleQueryCreateFromData
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoGetClassObject
OleRegGetMiscStatus
CLSIDFromProgID
CoCreateGuid
StgOpenStorageOnILockBytes
OleSave
OleCreateFromData
GetRunningObjectTable
OleSaveToStream
CoInitializeEx
CoCreateInstance
CoUninitialize
OleDuplicateData
PropVariantCopy
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CreateStreamOnHGlobal
OleSetMenuDescriptor
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
StgIsStorageFile
StgOpenStorage
CreateFileMoniker
StgCreateDocfile
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleRun
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleQueryLinkFromData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CoInitialize
CreateGenericComposite
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateItemMoniker
CLSIDFromString
CoDisconnectObject
OleGetClipboard
StringFromGUID2
OleRegEnumVerbs
OleGetIconOfClass

oleaut32

SysFreeString
OleCreateFontIndirect
VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysAllocString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate

oledlg

OleUIBusyW

wininet

InternetOpenUrlW
GopherOpenFileW
FtpFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpOpenFileW
GopherGetAttributeW
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
GopherFindFirstFileW
InternetFindNextFileW
InternetErrorDlg
FtpGetFileW
FtpPutFileW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpRenameFileW
FtpDeleteFileW
InternetQueryDataAvailable
InternetGetCookieW
InternetSetCookieW
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
HttpQueryInfoW
InternetReadFile
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetCloseHandle
InternetOpenW
InternetConnectW
InternetAttemptConnect

winhttp

WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSetOption
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpCrackUrl

netapi32

Netbios

dbghelp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo
GetNetworkParams

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDrawImageI
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetImageHeight

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 922KB - Virtual size: 921KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14.1MB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

059a26bb8127f967bdb8d6244500a50a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

02:01Certificate

Key Usages

04:43:0e:53:29:6b:f1Certificate

Extended Key Usages

Key Usages

58:2e:89:05:63:ea:85:a0:cb:8d:6f:81:46:76:2b:4d:a9:19:c9:bfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

wininet

winhttp

netapi32

dbghelp

iphlpapi

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 922KB - Virtual size: 921KB

.data Size: 72KB - Virtual size: 110KB

.rsrc Size: 14.1MB - Virtual size: 14.1MB

.reloc Size: 235KB - Virtual size: 235KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

02:01
Certificate

04:43:0e:53:29:6b:f1
Certificate

58:2e:89:05:63:ea:85:a0:cb:8d:6f:81:46:76:2b:4d:a9:19:c9:bf
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 922KB - Virtual size: 921KB

.data
Size: 72KB - Virtual size: 110KB

.rsrc
Size: 14.1MB - Virtual size: 14.1MB

.reloc
Size: 235KB - Virtual size: 235KB