2024-03-27_33fb7482fe19a90a9f2c9f036088d8b4_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-27_33fb7482fe19a90a9f2c9f036088d8b4_mafia
Size

2.7MB
MD5

33fb7482fe19a90a9f2c9f036088d8b4
SHA1

a25447a24b1b37c2e8afcbeccbab7ca278d7e4da
SHA256

04debf10c7008e7db03cd76d7b4c7f44288a8b77377f3247e8a8548864e25718
SHA512

684c36b0feb3db83cbf623eb6d9007f0d413b4a766a5a12429fd2657fccbd2ed70e312b9437f3246724cdb3185d11e2292d5a8c8755ec1e50fd5afdf5c0ccba2
SSDEEP

49152:Pzf0PAdV1889VpIzOvFpvfqHm91eOuj826avBHTi+Fr/anA+IKWRCZesdwpqXR+y:Pzf0mlpbv7nOmOOuj8mBHTi+FrzKWRC1

Score

1^/10

Malware Config

Signatures

Files

2024-03-27_33fb7482fe19a90a9f2c9f036088d8b4_mafia
.exe windows:5 windows x86 arch:x86

276496217e5d2887f39717598df4eda6

Code Sign

d1:9d:b1:a5:42:ff:d3:d9:9b:83:20:8f:e9:e8:0f:e3
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

10/12/2020, 00:00

Not After

10/12/2023, 23:59

Subject

CN=ZOHO Corporation Private Limited,O=ZOHO Corporation Private Limited,POSTALCODE=603202,STREET=Estancia IT Park\, GST Road,L=Chengalpattu,ST=Tamil Nadu,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:b7:0e:6c:bb:84:f4:84:f8:5c:69:e1:09:82:fe:31:54:bc:74:23:79:5a:e4:26:e1:c7:ae:fb:45:71:4c:59
Signer

Actual PE Digest

4f:b7:0e:6c:bb:84:f4:84:f8:5c:69:e1:09:82:fe:31:54:bc:74:23:79:5a:e4:26:e1:c7:ae:fb:45:71:4c:59

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Webhost\14-11-2023\WindowsBuilds\DC_NATIVE\7330859\desktopcentral\CLOUD_PRODUCTION\SA_SRC\native\agent\Release\dcusbsummary.pdb

Imports

setupapi

CM_Get_DevNode_Status
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
CM_Get_Child_Ex
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Sibling_Ex
CM_Get_Device_ID_ExW
SetupDiDestroyDeviceInfoList

wtsapi32

WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

wsock32

WSAStartup
WSACleanup
WSAGetLastError

userenv

UnloadUserProfile
DestroyEnvironmentBlock
LoadUserProfileA
CreateEnvironmentBlock

iphlpapi

GetAdaptersInfo

winhttp

WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpAddRequestHeaders
WinHttpQueryOption
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpSetOption
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpWriteData

crypt32

CertNameToStrW
CertGetNameStringA
CertFindCertificateInStore
CertCloseStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryA
CertCreateCertificateContext
PFXImportCertStore
PFXVerifyPassword
CertDeleteCertificateFromStore
CertVerifyTimeValidity
CertFreeCertificateContext

netapi32

DsGetDcNameA
NetApiBufferFree
NetGetJoinInformation

dclibxml2

xmlNewTextReaderFilename
xmlStrcmp
xmlTextReaderDepth
xmlFreeTextReader
xmlTextReaderAttributeCount
xmlTextReaderGetAttribute
xmlParseMemory
xmlParseFile
xmlDocGetRootElement
xmlFreeDoc
xmlCleanupParser
xmlNodeListGetString
xmlFree
xmlTextReaderValue
xmlTextReaderRead
xmlTextReaderName

advapi32

LogonUserA
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegQueryValueW
CryptGetHashParam
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegEnumValueW
LookupPrivilegeNameA
GetTokenInformation
LookupAccountSidA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
LookupPrivilegeValueA
CreateProcessAsUserW
RegCreateKeyExW
CreateProcessAsUserA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExA
ControlService
CryptGetUserKey
CryptGenKey
RegEnumKeyW
CloseServiceHandle
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExA

shlwapi

PathFindExtensionA
StrStrIA
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
StrTrimA

shell32

SHCreateDirectoryExA
CommandLineToArgvW
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHAppBarMessage
SHCreateDirectoryExW

odbc32

ord49
ord3
ord19
ord12
ord16
ord20
ord2
ord48
ord31
ord41
ord9
ord11
ord72
ord26
ord13
ord43
ord39
ord29
ord36
ord4
ord8
ord1
ord18

gdiplus

GdipSetInterpolationMode
GdipCreateBitmapFromStream
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImagePalette
GdiplusShutdown
GdipFree
GdipCreateFontFromDC
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGetImageHeight
GdipCreateFromHDC
GdipCreateFontFromLogfontW
GdipDrawString
GdipLoadImageFromStream
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipDrawImageRectI
GdipDisposeImage
GdipDeleteFont

kernel32

lstrlenW
DeleteAtom
GlobalAddAtomW
lstrcpyW
lstrlenA
FindResourceW
LoadResource
WideCharToMultiByte
Sleep
SizeofResource
ReadFile
CreateFileW
MultiByteToWideChar
GetFileSizeEx
GetLastError
LockResource
CloseHandle
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
GetFileSize
MulDiv
SetLastError
CreateDirectoryW
GetModuleHandleW
WriteFile
GetProcAddress
LocalAlloc
DeleteFileW
LocalFree
FormatMessageW
GetSystemTime
CreateMutexW
SystemTimeToFileTime
WaitForSingleObject
InitializeCriticalSection
BackupRead
BackupWrite
GetLocalTime
DeleteCriticalSection
ReleaseMutex
FindFirstFileW
FindClose
FindNextFileW
DeleteFileA
GetCommandLineW
CreateFileA
GetCurrentProcess
FormatMessageA
LoadLibraryW
FindResourceExW
GetModuleHandleA
GetLocaleInfoA
FreeLibrary
LoadLibraryA
GetVersionExA
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetExitCodeProcess
OpenProcess
TerminateProcess
CreateProcessA
SetCurrentDirectoryA
GetCurrentDirectoryA
InterlockedDecrement
CreateThread
FindNextFileA
FindFirstFileA
CopyFileA
GetSystemInfo
FileTimeToSystemTime
Process32Next
Process32First
CreateToolhelp32Snapshot
GetTickCount
SetDllDirectoryA
CreateMutexA
GetCurrentProcessId
SetFilePointer
GetModuleFileNameA
ConnectNamedPipe
CreateNamedPipeA
SetCurrentDirectoryW
ProcessIdToSessionId
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetSystemDirectoryA
GetCurrentThreadId
CreateTimerQueue
CreateTimerQueueTimer
CreateDirectoryA
FlushFileBuffers
CopyFileW
DisconnectNamedPipe
lstrcmpW
GetFileAttributesExA
GetFullPathNameA
GetComputerNameExW
GlobalFree
GlobalAlloc
QueryPerformanceCounter
SuspendThread
ResumeThread
GetNativeSystemInfo
GetEnvironmentVariableA
LocalLock
MoveFileExA
GlobalUnlock
GlobalLock
GlobalSize
DeactivateActCtx
ActivateActCtx
GetModuleFileNameW
CreateActCtxW
ReleaseActCtx
CompareStringW
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
FreeResource
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetThreadPriority
GlobalGetAtomNameW
GetThreadLocale
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalFlags
lstrcmpiW
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetWindowsDirectoryW
GetNumberFormatW
SetErrorMode
GetFileAttributesExW
GetFileAttributesW
GetFileTime
GetTempFileNameW
GetTempPathW
InitializeCriticalSectionAndSpinCount
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
HeapSetInformation
GetStartupInfoW
MoveFileA
HeapFree
EncodePointer
DecodePointer
HeapAlloc
VirtualAlloc
VirtualQuery
ExitProcess
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
HeapReAlloc
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetDriveTypeA
FindFirstFileExA
ExitThread
HeapQueryInformation
HeapSize
SetStdHandle
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetStringTypeW
LCMapStringW
EnumSystemLocalesA
IsValidLocale
GetFileAttributesA
CreatePipe
WriteConsoleW
GetProcessHeap
GetDriveTypeW
SetEnvironmentVariableA
LocalUnlock
InterlockedCompareExchange

user32

WindowFromPoint
GetCursorPos
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
InflateRect
IntersectRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
LoadMenuW
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
ValidateRect
TranslateMessage
GetMessageW
RealChildWindowFromPoint
UnregisterClassW
SetRectEmpty
DeleteMenu
SetTimer
KillTimer
EnumDisplayMonitors
SetLayeredWindowAttributes
WaitMessage
DestroyIcon
CharUpperW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
GetMenuDefaultItem
CreatePopupMenu
GetAsyncKeyState
InvertRect
HideCaret
EnableScrollBar
NotifyWinEvent
GetIconInfo
CopyImage
DrawIconEx
TranslateAcceleratorW
BringWindowToTop
InsertMenuItemW
LoadAcceleratorsW
ReuseDDElParam
UnpackDDElParam
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
SetClassLongW
DrawStateW
DrawEdge
DrawFrameControl
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
LockWindowUpdate
RegisterClipboardFormatW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
IsCharLowerW
MapVirtualKeyExW
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
GetUpdateRect
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
DestroyCursor
GetWindowRgn
IsChild
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
ShowWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
PostMessageW
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
GetMenu
SetWindowPos
GetWindow
UnhookWindowsHookEx
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MapVirtualKeyW
GetKeyNameTextW
IsWindow
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
MessageBoxA
wsprintfW
FillRect
LoadIconW
GetClassInfoW
GetSysColorBrush
DefWindowProcW
RedrawWindow
GetSysColor
GetSystemMenu
IsIconic
LoadImageW
DrawIcon
CreateIconIndirect
OffsetRect
AppendMenuW
GetDesktopWindow
FrameRect
GetSystemMetrics
UpdateWindow
CopyRect
LoadBitmapW
EnableWindow
SetCursor
RemovePropW
ScreenToClient
GetWindowRect
SetCapture
GetParent
LoadCursorW
GetClientRect
SetPropW
GetDC
DrawFocusRect
InvalidateRect
GetWindowLongW
ReleaseDC
GetDlgItem
SetWindowLongW
ReleaseCapture
SendMessageW
GetPropW
CallWindowProcW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
SetMenu
WinHelpW
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
GetMonitorInfoW
MonitorFromWindow
PostQuitMessage

gdi32

CreateRectRgn
SelectClipRgn
GetViewportExtEx
SetLayout
GetLayout
Polygon
SetTextAlign
GetWindowExtEx
GetPixel
PtVisible
RectVisible
ExtTextOutW
Escape
ScaleWindowExtEx
SetViewportOrgEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
Ellipse
SaveDC
PatBlt
CreateRectRgnIndirect
CreateBitmap
CreateDCW
CopyMetaFileW
LPtoDP
GetMapMode
GetDeviceCaps
GetStockObject
BitBlt
DeleteDC
Polyline
CreateEllipticRgn
CreatePolygonRgn
CreateRoundRectRgn
ExtSelectClipRgn
CreatePatternBrush
CreateDIBSection
SetDIBColorTable
SelectObject
CreateCompatibleBitmap
SetStretchBltMode
TextOutW
CreateSolidBrush
StretchBlt
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
DeleteObject
SetWindowExtEx
GetObjectW
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
SetRectRgn
CombineRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
GetTextFaceW
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
EnumFontFamiliesExW
OffsetRgn
Rectangle
SetPixel

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

comctl32

ImageList_GetIconSize
InitCommonControlsEx
_TrackMouseEvent

ole32

RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoRegisterMessageFilter
CoRevokeClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoInitialize
CoCreateInstance

oleaut32

SystemTimeToVariantTime
SysAllocStringLen
VariantTimeToSystemTime
SafeArrayAccessData
SysAllocStringByteLen
SysStringLen
VariantChangeType
VariantClear
VariantInit
SafeArrayGetLBound
SysFreeString
SafeArrayDestroy
VarBstrFromDate
SysAllocString
OleCreateFontIndirect
SafeArrayGetUBound
VariantCopy

oledlg

OleUIBusyW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

276496217e5d2887f39717598df4eda6

Code Sign

d1:9d:b1:a5:42:ff:d3:d9:9b:83:20:8f:e9:e8:0f:e3Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

4f:b7:0e:6c:bb:84:f4:84:f8:5c:69:e1:09:82:fe:31:54:bc:74:23:79:5a:e4:26:e1:c7:ae:fb:45:71:4c:59Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

wtsapi32

wsock32

userenv

iphlpapi

winhttp

crypt32

netapi32

dclibxml2

advapi32

shlwapi

shell32

odbc32

gdiplus

kernel32

user32

gdi32

msimg32

comdlg32

comctl32

ole32

oleaut32

oledlg

oleacc

imm32

winmm

winspool.drv

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 466KB - Virtual size: 466KB

.data Size: 75KB - Virtual size: 107KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 229KB - Virtual size: 229KB

d1:9d:b1:a5:42:ff:d3:d9:9b:83:20:8f:e9:e8:0f:e3
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

4f:b7:0e:6c:bb:84:f4:84:f8:5c:69:e1:09:82:fe:31:54:bc:74:23:79:5a:e4:26:e1:c7:ae:fb:45:71:4c:59
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 466KB - Virtual size: 466KB

.data
Size: 75KB - Virtual size: 107KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 229KB - Virtual size: 229KB