2024-04-08_9c87ee303671efe3d1d19fd8caa55308_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-08_9c87ee303671efe3d1d19fd8caa55308_mafia
Size

4.2MB
MD5

9c87ee303671efe3d1d19fd8caa55308
SHA1

1bf70b46f6710b0f64f7df126fd04edc6d584b29
SHA256

5e2012c186d359038b324145040484878a9e3cda200a44ec49fcf4d90559524b
SHA512

a8221265cc82f11185ec0ef1a5273c86c7c592502018444daba5e461b1ba59a51c06508c71a9b3f2dd03cd2c0d23a094810d108324a4a8c3e655c0861f263dd6
SSDEEP

98304:ecKZPMF0gAptUR4B+Y5I7F6ip+UyPg+kEFRcgtMeoXkdLWcPHo:ela0TuAipgg+kmtMeoXa+

Score

1^/10

Malware Config

Signatures

Files

2024-04-08_9c87ee303671efe3d1d19fd8caa55308_mafia
.exe windows:5 windows x86 arch:x86

26cc881418cd10a3190849716962875c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/08/2012, 00:00

Not After

03/09/2015, 23:59

Subject

CN=Hewlett Packard,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop Consumer Solutions,O=Hewlett Packard,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

98:41:8d:6d:59:89:c2:d1:3c:73:6c:08:c8:4e:ce:52:05:50:36:f6
Signer

Actual PE Digest

98:41:8d:6d:59:89:c2:d1:3c:73:6c:08:c8:4e:ce:52:05:50:36:f6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\jnks\workspace\Karnak12_P1_Prod_Active_Build\build1180\SxS\src\Release\hpqDTSS.pdb

Imports

kernel32

ExitProcess
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
GetTimeZoneInformation
GetCPInfo
CreateThread
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSetInformation
SetEnvironmentVariableA
InterlockedCompareExchange
GetProcessHeap
CancelIo
GetOverlappedResult
ExitThread
HeapSize
HeapQueryInformation
RaiseException
RtlUnwind
HeapReAlloc
HeapAlloc
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
HeapFree
GetACP
GetStartupInfoW
ReleaseSemaphore
CreateSemaphoreW
SetHandleInformation
MoveFileExW
DeviceIoControl
ProcessIdToSessionId
GetUserDefaultLangID
SetCurrentDirectoryW
GetComputerNameExW
GetSystemDefaultLCID
FlushViewOfFile
GlobalMemoryStatusEx
CreatePipe
WaitForMultipleObjects
TryEnterCriticalSection
PeekNamedPipe
GetLocalTime
ResetEvent
OpenEventW
TerminateThread
GetExitCodeProcess
GetExitCodeThread
GetDiskFreeSpaceExW
CreateProcessW
DecodePointer
EncodePointer
WriteConsoleW
GetLastError
SetLastError
QueryPerformanceCounter
GetModuleFileNameW
ExpandEnvironmentStringsW
InitializeCriticalSection
GetCurrentProcessId
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
CreateFileW
Sleep
SetFilePointer
WriteFile
CloseHandle
OutputDebugStringW
GetCurrentThreadId
OpenProcess
GetFileAttributesExW
GetTempFileNameW
GetLongPathNameW
SearchPathW
FormatMessageW
LocalFree
CreateMutexW
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
CreateDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetEnvironmentVariableW
GetFullPathNameW
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
WideCharToMultiByte
GetWindowsDirectoryW
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStringA
GetSystemTime
GetLocaleInfoW
OpenFileMappingW
OpenMutexW
SizeofResource
LockResource
LoadResource
FindResourceW
MulDiv
lstrlenW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CopyFileW
GlobalFree
GlobalGetAtomNameW
lstrcmpA
lstrlenA
FileTimeToSystemTime
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
DeactivateActCtx
ReleaseActCtx
ActivateActCtx
CompareStringW
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcmpW
GlobalFlags
GlobalAddAtomW
lstrcmpiW
ReadFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetShortPathNameW
SetThreadPriority
ResumeThread
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
FreeResource
InterlockedExchange
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetSystemDirectoryW
lstrcpyW
GetNumberFormatW
GetCurrentDirectoryW
GetTempPathW
GetProfileIntW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
GetCommandLineW

rpcrt4

UuidToStringW

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathIsFileSpecW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

psapi

EnumProcesses
GetModuleFileNameExW
GetModuleBaseNameW
EnumProcessModules

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

user32

BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
RedrawWindow
UpdateWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
CopyRect
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
CharUpperW
SetActiveWindow
SetWindowPos
MoveWindow
SetWindowLongW
IsDialogMessageW
wsprintfW
GetForegroundWindow
RemovePropW
GetPropW
SetPropW
SendDlgItemMessageW
GetDlgItem
GetClassLongW
GetCapture
IsChild
WinHelpW
CheckDlgButton
GetScrollPos
SetScrollPos
SendDlgItemMessageA
LoadIconW
RegisterWindowMessageW
IsIconic
PostQuitMessage
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
InflateRect
IntersectRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
CopyImage
SetRectEmpty
EnumDisplayMonitors
SetLayeredWindowAttributes
GetMenuDefaultItem
CreatePopupMenu
IsRectEmpty
MapVirtualKeyW
InvalidateRect
GetWindowThreadProcessId
IsWindow
EnumWindows
IsWindowVisible
ShowWindow
SetForegroundWindow
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
GetWindowTextW
GetWindowTextLengthW
GetSysColorBrush
SetCapture
GetAsyncKeyState
ReleaseCapture
InvertRect
DrawFocusRect
HideCaret
EnableScrollBar
SetCursor
NotifyWinEvent
MessageBeep
GetNextDlgTabItem
OffsetRect
GetIconInfo
LoadImageW
SetTimer
KillTimer
GetNextDlgGroupItem
DrawIconEx
EndDialog
CreateDialogIndirectParamW
ShowOwnedPopups
DeleteMenu
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
WindowFromPoint
SetClassLongW
LoadMenuW
GetSystemMenu
DrawStateW
DrawEdge
DrawFrameControl
CopyAcceleratorTableW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
LockWindowUpdate
SetRect
SendMessageCallbackW
MsgWaitForMultipleObjects
AllowSetForegroundWindow
ExitWindowsEx
CloseDesktop
OpenDesktopW
SetThreadDesktop
GetThreadDesktop
SetProcessWindowStation
GetProcessWindowStation
CloseWindowStation
OpenWindowStationW
WaitForInputIdle
MsgWaitForMultipleObjectsEx
GetSysColor
ReleaseDC
SetCursorPos
BringWindowToTop
GetWindowRgn
DestroyCursor
DrawIcon
MapDialogRect
SubtractRect
GetDoubleClickTime
CharUpperBuffW
CopyIcon
RegisterClipboardFormatW
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
WaitMessage
PostThreadMessageW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExW
IsCharLowerW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetDC
GetSystemMetrics
LoadCursorW
UnhookWindowsHookEx
GetKeyNameTextW
DestroyIcon
SetFocus
GetFocus
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW

gdi32

PlayEnhMetaFile
DeleteEnhMetaFile
SetEnhMetaFileBits
GetTextFaceW
EndDoc
EndPage
StartPage
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
Rectangle
SetPixel
StretchBlt
SetDIBColorTable
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetBkColor
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateCompatibleBitmap
CreateDIBitmap
GetTextExtentPoint32W
DPtoLP
PatBlt
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectW
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateDCW
CopyMetaFileW
GetDeviceCaps

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW
FindClosePrinterChangeNotification
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
EndDocPrinter
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterW
EnumPortsW
EnumMonitorsW
DeleteMonitorW
AddMonitorW
ord203
ord204
EnumJobsW
SetJobW
SetPrinterW
EnumPrinterDriversW
GetPrinterDriverDirectoryW
DeletePrinterDriverExW
GetPrinterW
XcvDataW
GetPrinterDriverW
AddPrinterDriverW
SetPrinterDataExW
GetPrinterDataExW
EnumPrintersW
DeletePrinter
AddPrinterW

comdlg32

GetFileTitleW

advapi32

RevertToSelf
DuplicateToken
ImpersonateLoggedOnUser
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptReleaseContext
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegSetValueExW
RegEnumValueW
OpenProcessToken
CheckTokenMembership
OpenSCManagerW
OpenServiceW
GetUserNameW
RegQueryInfoKeyW
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
BackupEventLogW
CloseEventLog
OpenEventLogW
FreeSid
AllocateAndInitializeSid
CreateProcessAsUserW
ChangeServiceConfigW
QueryServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle

shell32

DragQueryFileW
DragFinish
SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
ExtractIconW
CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW
SHAppBarMessage

ole32

RevokeDragDrop
PropVariantClear
CoInitializeSecurity
RegisterDragDrop
OleGetClipboard
OleRun
OleUninitialize
CreateStreamOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
CoInitializeEx
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateGuid
GetHGlobalFromStream
CoUninitialize
CoInitialize
CLSIDFromString
CoCreateInstance
DoDragDrop
OleInitialize
CoLockObjectExternal

oleaut32

VarBstrFromDate
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
VariantChangeType
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString
VariantInit
GetErrorInfo
SafeArrayCreateVector

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiCallClassInstaller
SetupDiOpenClassRegKey
SetupDiCreateDevRegKeyW
SetupDiOpenDevRegKey
SetupDiBuildDriverInfoList
SetupDiDestroyDriverInfoList
SetupDiRemoveDevice
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetLineTextW
SetupCloseInfFile
CMP_WaitNoPendingInstallEvents
SetupDiSetClassInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
CM_Disable_DevNode
CM_Set_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_IDW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo

ws2_32

shutdown
WSAStringToAddressW
WSACleanup
WSASocketW
setsockopt
WSAAddressToStringW
freeaddrinfo
getaddrinfo
send
recv
accept
listen
bind
WSADuplicateSocketW
WSACloseEvent
closesocket
WSAStartup
WSAResetEvent
WSAGetLastError
WSAEnumNetworkEvents
WSAConnect
WSAEventSelect
WSACreateEvent

wininet

InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetQueryOptionW
InternetSetOptionW
HttpSendRequestW
InternetErrorDlg
HttpAddRequestHeadersW
InternetReadFileExA
HttpQueryInfoA
HttpQueryInfoW

iphlpapi

GetAdaptersInfo
GetIfEntry
GetInterfaceInfo
IpReleaseAddress
IpRenewAddress
AddIPAddress
DeleteIPAddress
IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle
NotifyAddrChange
GetAdaptersAddresses

crypt32

CertCloseStore
CertDeleteCertificateFromStore
CertAddEncodedCertificateToStore
CertOpenStore
CryptUnprotectData

Exports

Exports

Create_Config_JobFactory

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 454KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

26cc881418cd10a3190849716962875c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

98:41:8d:6d:59:89:c2:d1:3c:73:6c:08:c8:4e:ce:52:05:50:36:f6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

rpcrt4

msimg32

comctl32

shlwapi

psapi

oleacc

gdiplus

imm32

winmm

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

version

secur32

setupapi

ws2_32

wininet

iphlpapi

crypt32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 42KB - Virtual size: 98KB

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 454KB - Virtual size: 454KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

98:41:8d:6d:59:89:c2:d1:3c:73:6c:08:c8:4e:ce:52:05:50:36:f6
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 42KB - Virtual size: 98KB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 454KB - Virtual size: 454KB