metasploit | 2390ce75aab699c968eb8628abf194962a5564056bc604a55c2a95a99b607039

Sharing

Copy URL

Twitter E-mail

General

Target

2390ce75aab699c968eb8628abf194962a5564056bc604a55c2a95a99b607039
Size

4.8MB
MD5

5e2952688c2ed5536d6a4e2b09f7bd0d
SHA1

e16efde9f3f1b4755978f5f017844aa41cbe8f0e
SHA256

2390ce75aab699c968eb8628abf194962a5564056bc604a55c2a95a99b607039
SHA512

6289d3ccac7aae041b26804212622556cdd40660a7e48d402c7f5a35730ae515f028831b1ed9d8fdba8ba6d6bf877db882b9785e66b7faf1cc205830d49a2ab5
SSDEEP

98304:d/eOsXNtZrp/2FnUQwC78UENebwkwNvSJW:d/UZ0kC789UU9SJW

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

103.146.230.238:9612

Signatures

Metasploit family
metasploit

Files

2390ce75aab699c968eb8628abf194962a5564056bc604a55c2a95a99b607039
.exe windows:6 windows x86 arch:x86

365ff4db680408e13adabe823d8c07c9

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:41

Not After

08-05-2033 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:ca:a1:a2:b7:46:f7:b7:0f:ac:53:1d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

22-03-2023 06:47

Not After

22-03-2024 06:47

Subject

SERIALNUMBER=91420107MA49P7DP5R,CN=武汉锐森卓鑫网络科技有限公司,O=武汉锐森卓鑫网络科技有限公司,STREET=青山区八大家花园45号楼（华开数科创新中心）3层卡位A区625号（集群登记）,L=武汉市,ST=湖北省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#1305575548414e,1.3.6.1.4.1.311.60.2.1.2=#13054855424549,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:ca:a1:a2:b7:46:f7:b7:0f:ac:53:1d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

22-03-2023 06:47

Not After

22-03-2024 06:47

Subject

SERIALNUMBER=91420107MA49P7DP5R,CN=武汉锐森卓鑫网络科技有限公司,O=武汉锐森卓鑫网络科技有限公司,STREET=青山区八大家花园45号楼（华开数科创新中心）3层卡位A区625号（集群登记）,L=武汉市,ST=湖北省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#1305575548414e,1.3.6.1.4.1.311.60.2.1.2=#13054855424549,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:44

Not After

08-05-2033 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:ae:2f:dd:a2:81:61:4a:2e:77:56:81:47:51:df:50:cb:4a:5e:76:78:f8:f2:1a:9a:45:18:8f:46:ef:05:8a
Signer

Actual PE Digest

25:ae:2f:dd:a2:81:61:4a:2e:77:56:81:47:51:df:50:cb:4a:5e:76:78:f8:f2:1a:9a:45:18:8f:46:ef:05:8a

Digest Algorithm

sha256

PE Digest Matches

false

70:e7:d1:ee:0b:be:82:5d:0e:a3:5f:e3:be:4d:d7:61:d3:fc:47:25
Signer

Actual PE Digest

70:e7:d1:ee:0b:be:82:5d:0e:a3:5f:e3:be:4d:d7:61:d3:fc:47:25

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\工作资料\code\startplayer\player1\nativeplayer\StellarDownload\Publish\uninst.pdb

Imports

kernel32

GetVersionExW
GetNativeSystemInfo
CreatePipe
CreateProcessW
PeekNamedPipe
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
GetDriveTypeW
CopyFileW
GetComputerNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetCurrentDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetCommandLineW
GetDiskFreeSpaceW
GetTempFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLogicalDrives
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcess
MoveFileExW
GetFileAttributesExW
SetFileAttributesW
LoadLibraryA
K32GetProcessImageFileNameW
GetProcessId
QueryFullProcessImageNameW
GlobalSize
GetExitCodeProcess
GetLocalTime
GetFileTime
FileTimeToSystemTime
GetConsoleWindow
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
HeapCreate
FlushInstructionCache
GetFullPathNameW
FreeResource
FreeLibrary
GetVersionExA
GetSystemTime
GetModuleHandleA
IsBadReadPtr
DeleteFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetUserDefaultUILanguage
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetSystemTimeAsFileTime
GetFileAttributesA
GetEnvironmentVariableA
GetModuleHandleW
GetProcessHeap
HeapDestroy
DecodePointer
HeapAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
RtlCaptureStackBackTrace
FindResourceW
LoadResource
FindResourceExW
RaiseException
HeapReAlloc
GetSystemInfo
HeapSize
WriteConsoleW
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleCP
ExitProcess
RemoveDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
SystemTimeToTzSpecificLocalTime
GetFileType
GetModuleHandleExW
ResumeThread
ExitThread
GetCommandLineA
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
AreFileApisANSI
CreateHardLinkW
FindFirstFileExW
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
TryEnterCriticalSection
GetStringTypeW
LoadLibraryW
GetSystemDirectoryW
GetProcAddress
QueryPerformanceFrequency
ResetEvent
QueryPerformanceCounter
GetCurrentProcessId
LockResource
OpenProcess
GetCurrentThreadId
GetFileAttributesW
InitializeCriticalSectionEx
CreateMutexW
GetTempPathW
GetModuleFileNameW
TerminateProcess
HeapFree
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
lstrcpyW
CreateThread
lstrcatW
GetExitCodeThread
WaitForMultipleObjects
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
FormatMessageW
FlushFileBuffers
SetFilePointerEx
GetFileInformationByHandle
CreateFileW
SetEndOfFile
DeviceIoControl
lstrcpynW
WriteFile
GetFileSizeEx
GetVolumeInformationW
ReadFile
GetTickCount
GetLastError
FormatMessageA
lstrcpyA
OutputDebugStringW
lstrlenA
OutputDebugStringA
LocalFree
Sleep
LocalAlloc
SetLastError
CloseHandle
SetEvent
CreateEventW
WaitForSingleObject
CreateDirectoryW
lstrlenW
GetTickCount64

user32

GetDesktopWindow
FindWindowW
CharNextW
SystemParametersInfoW
AttachThreadInput
IsWindow
GetShellWindow
UnregisterClassW
GetSystemMetrics
SetCaretPos
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
IsMenu
IsWindowEnabled
CreatePopupMenu
DestroyMenu
CheckMenuItem
SetForegroundWindow
CharNextA
PostMessageW
wsprintfW
HideCaret
GetForegroundWindow
SendMessageTimeoutW
GetWindowRect
GetWindowThreadProcessId
OffsetRect
IsWindowVisible
GetMenuItemCount
InsertMenuW
AppendMenuW
DeleteMenu
TrackPopupMenu
GetFocus
GetParent
DestroyWindow
SendMessageW
GetCursorPos
MoveWindow
SetTimer
DrawIconEx
KillTimer
MessageBoxW
IsRectEmpty
AllowSetForegroundWindow
EnumDisplayDevicesW
EnumDisplaySettingsW
WaitForInputIdle
EnumWindows
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
GetDC
ReleaseDC
GetMonitorInfoW
MonitorFromWindow
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo
DisplayConfigSetDeviceInfo
GetLastInputInfo
GetWindowPlacement
ShowWindow
InflateRect
SetWindowRgn
LoadCursorW
DestroyCursor
SetCursor
CopyRect
IntersectRect
UnionRect
EqualRect
PtInRect
DefWindowProcW
SetFocus
GetMessageW
PostThreadMessageW
CallWindowProcW
RegisterClassExW
CreateWindowExW
SetWindowPos
GetDlgItem
GetClientRect
MapWindowPoints
CreateCaret
SystemParametersInfoA
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
EnableWindow
SetActiveWindow
GetActiveWindow
GetWindowLongW
SetWindowLongW
DrawTextW
MonitorFromRect
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetSysColor
EnableMenuItem
SetRect
ClientToScreen
LoadImageW
CreateIconFromResource
LoadBitmapW
GetIconInfo
GetKeyState
DestroyIcon
GetClassNameW
ScreenToClient
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
TrackMouseEvent
GetWindow

gdi32

CreateDIBitmap
GetObjectW
CombineRgn
BitBlt
EnumFontsW
CreateBitmap
CreateCompatibleDC
DeleteDC
SelectObject
GetDeviceCaps
DeleteObject
CreateSolidBrush
GetClipBox
GetStockObject
Rectangle
SetBkMode
GetDCOrgEx
StretchBlt
CreateCompatibleBitmap
SetViewportOrgEx
CreateFontIndirectW
CreateRoundRectRgn
CreateRectRgn
ExtCreateRegion
IntersectClipRect
SelectClipRgn
SetWorldTransform
CreateDIBSection
GetCurrentObject
GetViewportOrgEx
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
SetTextAlign
GetTextMetricsW
ExtTextOutW
GetTextFaceW
GdiFlush
SetGraphicsMode

comdlg32

GetOpenFileNameW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegGetValueW
CreateProcessAsUserW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
DuplicateTokenEx
OpenProcessToken
GetUserNameW
RegDeleteValueW
RegDeleteKeyW
RegDeleteKeyValueW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteW
SHGetFolderPathW
SHBrowseForFolderW
ShellExecuteExW
CommandLineToArgvW
ord165
SHGetSpecialFolderPathW
SHFileOperationW
SHGetSpecialFolderLocation

ole32

GetHGlobalFromStream
CLSIDFromString
CoCreateGuid
OleUninitialize
OleInitialize
CoSetProxyBlanket
CoInitializeSecurity
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
CreateBindCtx
IIDFromString
CoUninitialize
CoInitialize
OleLockRunning

oleaut32

SysAllocString
VariantInit
VariantClear
SetErrorInfo
GetErrorInfo
VariantChangeType
SysFreeString
CreateErrorInfo
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysStringLen

shlwapi

SHDeleteKeyW
StrToIntExW
ord12
PathRemoveFileSpecW
PathFindFileNameW

winhttp

WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpSetOption
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpenRequest
WinHttpReadData

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipImageSelectActiveFrame
GdipSaveImageToFile
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDisposeImage
GdipCloneImage
GdipCreateFromHDC
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDrawImageI
GdipSetSmoothingMode
GdipDrawImageRectI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageRawFormat
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipGraphicsClear
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipLoadImageFromFileICM

ws2_32

WSAGetLastError
gethostbyname
inet_ntop
gethostname
getaddrinfo
inet_ntoa

iphlpapi

GetAdaptersAddresses

netapi32

NetApiBufferFree
NetGetJoinInformation

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

dbghelp

MakeSureDirectoryPathExists

imm32

ImmCreateContext
ImmDestroyContext
ImmGetContext
ImmAssociateContext
ImmReleaseContext

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

opengl32

wglGetCurrentContext
wglGetProcAddress

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 844KB - Virtual size: 844KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 37B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

365ff4db680408e13adabe823d8c07c9

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

61:ca:a1:a2:b7:46:f7:b7:0f:ac:53:1dCertificate

Extended Key Usages

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

61:ca:a1:a2:b7:46:f7:b7:0f:ac:53:1dCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

25:ae:2f:dd:a2:81:61:4a:2e:77:56:81:47:51:df:50:cb:4a:5e:76:78:f8:f2:1a:9a:45:18:8f:46:ef:05:8aSigner

70:e7:d1:ee:0b:be:82:5d:0e:a3:5f:e3:be:4d:d7:61:d3:fc:47:25Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

winhttp

version

gdiplus

ws2_32

iphlpapi

netapi32

setupapi

dbghelp

imm32

usp10

opengl32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 844KB - Virtual size: 844KB

.data Size: 92KB - Virtual size: 190KB

.gfids Size: 5KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 37B

.rsrc Size: 143KB - Virtual size: 142KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

61:ca:a1:a2:b7:46:f7:b7:0f:ac:53:1d
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

61:ca:a1:a2:b7:46:f7:b7:0f:ac:53:1d
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

25:ae:2f:dd:a2:81:61:4a:2e:77:56:81:47:51:df:50:cb:4a:5e:76:78:f8:f2:1a:9a:45:18:8f:46:ef:05:8a
Signer

70:e7:d1:ee:0b:be:82:5d:0e:a3:5f:e3:be:4d:d7:61:d3:fc:47:25
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 844KB - Virtual size: 844KB

.data
Size: 92KB - Virtual size: 190KB

.gfids
Size: 5KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 37B

.rsrc
Size: 143KB - Virtual size: 142KB

.reloc
Size: 209KB - Virtual size: 209KB