2024-04-08_ff5ae40208ad555d9b3948143a77a67c_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-08_ff5ae40208ad555d9b3948143a77a67c_mafia
Size

4.3MB
MD5

ff5ae40208ad555d9b3948143a77a67c
SHA1

3a07f2e78516950b23554073eebee1ac50a34b64
SHA256

4d34979cb51d81fb8891711d275b5232e23614e9f800edc6ca848073c9514fd8
SHA512

9af6982f2228e7086f8e645e9affb7f7134d4d27824609a0155e96b15083be7cd9d80568f3568f778491f28c112da84060d01c5f0ae1f514861ceffee1f6a9a2
SSDEEP

98304:8HvT3jvr3TfnTvb3D/fGmZ2dkJVBVJ9VB9NOZdDH09hBd6pEBKLRMuV5NSUoR0A/:sOVJO+79qu/pr5sqLHw

Score

1^/10

Malware Config

Signatures

Files

2024-04-08_ff5ae40208ad555d9b3948143a77a67c_mafia
.exe windows:5 windows x86 arch:x86

326bd06d2ea14cead823925adcf2bc93

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/08/2012, 00:00

Not After

03/09/2015, 23:59

Subject

CN=Hewlett Packard,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop Consumer Solutions,O=Hewlett Packard,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:aa:74:97:62:3d:0f:44:1b:4a:68:59:4b:a3:65:03:2d:5e:e1:74
Signer

Actual PE Digest

09:aa:74:97:62:3d:0f:44:1b:4a:68:59:4b:a3:65:03:2d:5e:e1:74

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\jnks\workspace\Karnak12_P1_Prod_Active_Build\build1180\SxS\src\Release\UDCApp.pdb

Imports

kernel32

GetTickCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetCurrentProcessId
InitializeCriticalSection
CreateFileW
SetThreadPriority
CancelIo
GetOverlappedResult
ResumeThread
SetEvent
CreateEventW
GetCurrentDirectoryW
GetSystemDirectoryW
lstrcpyW
GetVersionExW
ReleaseActCtx
InterlockedDecrement
GlobalFlags
CompareStringW
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
DeleteFileW
GetPrivateProfileIntW
GlobalAddAtomW
GlobalGetAtomNameW
lstrlenA
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
GlobalFindAtomW
FreeResource
lstrcmpiW
ExpandEnvironmentStringsW
SetFilePointer
WriteFile
CloseHandle
OutputDebugStringW
GetCurrentThreadId
QueryPerformanceCounter
OpenProcess
GetFileAttributesExW
GetProcessHeap
ReadFile
FlushFileBuffers
GetTempFileNameW
GetLongPathNameW
SearchPathW
FormatMessageW
LocalFree
CreateMutexW
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
CreateDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
SetHandleInformation
ReleaseSemaphore
CreateSemaphoreW
RemoveDirectoryW
MoveFileExW
DeviceIoControl
ProcessIdToSessionId
GetUserDefaultLangID
SetCurrentDirectoryW
GetComputerNameExW
GetSystemDefaultLCID
FlushViewOfFile
OpenFileMappingW
GlobalMemoryStatusEx
CreatePipe
WaitForMultipleObjects
TryEnterCriticalSection
PeekNamedPipe
OpenMutexW
GetSystemTime
GetLocalTime
ResetEvent
OpenEventW
TerminateThread
GetExitCodeProcess
GetExitCodeThread
GetDiskFreeSpaceExW
CreateProcessW
InterlockedCompareExchange
GetModuleFileNameW
GetLastError
Sleep
GetCommandLineW
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
GetTempPathW
SetFileAttributesW
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
GetProfileIntW
GetNumberFormatW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
HeapFree
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
HeapAlloc
RtlUnwind
ExitProcess
HeapReAlloc
RaiseException
ExitThread
CreateThread
HeapQueryInformation
HeapSize
VirtualAlloc
GetSystemInfo
GlobalFree
VirtualQuery
SetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStdHandle
GetEnvironmentVariableW
WideCharToMultiByte
GetWindowsDirectoryW
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStringA
GetCurrentProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
MulDiv
InterlockedExchange
LoadLibraryExW
GetLocaleInfoW
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleHandleW
GlobalAlloc
lstrcmpW
GlobalLock
DeactivateActCtx
ActivateActCtx
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetConsoleCP
GetUserDefaultUILanguage
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
lstrlenW
GlobalUnlock
GlobalSize
CopyFileW
SetEnvironmentVariableA
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetConsoleMode

user32

ReleaseDC
PostQuitMessage
PostMessageW
AppendMenuW
GetMenuStringW
GetMenuState
ValidateRect
GetCursorPos
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetWindowRgn
DestroyCursor
DrawIcon
MapDialogRect
GetNextDlgGroupItem
HideCaret
InvertRect
SubtractRect
MapVirtualKeyExW
GetKeyNameTextW
IsCharLowerW
GetIconInfo
GetDoubleClickTime
CharUpperBuffW
CopyIcon
RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetMenuDefaultItem
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageW
GetSystemMetrics
GetDC
SetForegroundWindow
SendMessageW
ShowWindow
IsIconic
EnumWindows
GetWindowTextW
PeekMessageW
GetKeyState
GetWindowTextLengthW
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetCursor
ShowOwnedPopups
DeleteMenu
CopyRect
SetRectEmpty
GetMonitorInfoW
SystemParametersInfoW
EnumDisplayMonitors
GetSysColor
SetLayeredWindowAttributes
LoadCursorW
GetClientRect
MapWindowPoints
DefWindowProcW
GetClassInfoW
GetSysColorBrush
UnhookWindowsHookEx
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ScreenToClient
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
SetWindowTextW
PtInRect
GetClassNameW
GetWindowLongW
GetWindowRect
GetDlgCtrlID
GetWindow
RealChildWindowFromPoint
GetDesktopWindow
UpdateWindow
InvalidateRect
SetTimer
KillTimer
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowThreadProcessId
SetWindowPos
SetWindowLongW
GetMenu
CallWindowProcW
GetWindowPlacement
SetWindowPlacement
SetScrollInfo
GetScrollInfo
IsWindowVisible
wsprintfW
DeferWindowPos
EqualRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoExW
CreateWindowExW
CreateMenu
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
LoadImageW
InsertMenuItemW
TranslateAcceleratorW
CopyImage
DestroyIcon
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
IntersectRect
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
RedrawWindow
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
SetMenu
TrackPopupMenu
ScrollWindow
MonitorFromWindow
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
SendMessageCallbackW
MsgWaitForMultipleObjects
AllowSetForegroundWindow
ExitWindowsEx
CloseDesktop
OpenDesktopW
SetThreadDesktop
GetThreadDesktop
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
SetProcessWindowStation
GetProcessWindowStation
CloseWindowStation
OpenWindowStationW
DestroyMenu
GetMenuItemInfoW
InflateRect
CharUpperW
MoveWindow
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
MsgWaitForMultipleObjectsEx
WaitForInputIdle
GetMenuItemID

gdi32

PlayEnhMetaFile
DeleteEnhMetaFile
SetEnhMetaFileBits
SetPixelV
GetTextFaceW
EndDoc
EndPage
StartPage
EnumFontFamiliesExW
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
LPtoDP
GetSystemPaletteEntries
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Rectangle
SetPixel
StretchBlt
RealizePalette
SetDIBColorTable
GetRgnBox
OffsetRgn
DPtoLP
SetRectRgn
Polygon
Ellipse
Polyline
CreateEllipticRgn
PatBlt
GetTextColor
GetBkColor
CombineRgn
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetTextExtentPoint32W
CreateHatchBrush
GetObjectType
SelectPalette
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
CreatePatternBrush
CreateSolidBrush
CreatePen
GetStockObject
CreateDIBitmap
CreateBitmap
CreateDCW
CopyMetaFileW
GetDeviceCaps

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
FindClosePrinterChangeNotification
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
EndDocPrinter
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterW
EnumPortsW
EnumMonitorsW
DeleteMonitorW
AddMonitorW
OpenPrinterW
EnumJobsW
SetJobW
SetPrinterW
EnumPrinterDriversW
GetPrinterDriverDirectoryW
DeletePrinterDriverExW
GetPrinterW
XcvDataW
GetPrinterDriverW
AddPrinterDriverW
SetPrinterDataExW
GetPrinterDataExW
EnumPrintersW
DeletePrinter
AddPrinterW
ord204
GetJobW
ClosePrinter
ord203

advapi32

ControlService
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RevertToSelf
DuplicateToken
ImpersonateLoggedOnUser
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegDeleteKeyW
GetUserNameW
RegQueryInfoKeyW
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
BackupEventLogW
CloseEventLog
OpenEventLogW
FreeSid
AllocateAndInitializeSid
CreateProcessAsUserW
ChangeServiceConfigW
QueryServiceConfigW
RegDeleteValueW
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
CheckTokenMembership
OpenProcessToken
RegEnumKeyW
RegQueryValueW
RegSetValueExW

shell32

CommandLineToArgvW
SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderPathW
ExtractIconW
DragFinish
DragQueryFileW
SHAppBarMessage
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
ShellExecuteExW
SHGetFolderPathW

comctl32

ImageList_GetIconSize

shlwapi

PathIsFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW

ole32

DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
GetHGlobalFromStream
OleRun
OleGetClipboard
RegisterDragDrop
CoInitializeSecurity
CoLockObjectExternal
RevokeDragDrop
CLSIDFromProgID
PropVariantClear
OleUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoCreateGuid
CoInitializeEx
CoUninitialize
CoInitialize
CLSIDFromString
CoCreateInstance
OleInitialize

oleaut32

SafeArrayGetVartype
SafeArrayCreateVector
GetErrorInfo
VariantInit
VarBstrFromDate
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayCopy
SafeArrayGetElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
SafeArrayUnaccessData

psapi

GetModuleFileNameExW
GetModuleBaseNameW
EnumProcessModules
EnumProcesses

gdiplus

GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipAlloc
GdipFree
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipDrawImageI

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

setupapi

SetupFindFirstLineW
SetupCloseInfFile
CMP_WaitNoPendingInstallEvents
SetupDiSetClassInstallParamsW
SetupOpenInfFileW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiRemoveDevice
SetupDiDestroyDriverInfoList
SetupGetLineTextW
SetupDiBuildDriverInfoList
SetupDiOpenDevRegKey
SetupDiCreateDevRegKeyW
SetupDiOpenClassRegKey
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Get_Device_IDW
CM_Get_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_PropertyW
CM_Disable_DevNode
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiCallClassInstaller

ws2_32

WSAGetLastError
WSAAddressToStringW
freeaddrinfo
getaddrinfo
send
recv
accept
listen
bind
WSADuplicateSocketW
WSACloseEvent
closesocket
WSAStartup
WSAStringToAddressW
WSACleanup
WSASocketW
setsockopt
WSACreateEvent
WSAEventSelect
WSAConnect
WSAEnumNetworkEvents
WSAResetEvent
shutdown

iphlpapi

IcmpCloseHandle
GetAdaptersAddresses
GetIfEntry
GetInterfaceInfo
IpReleaseAddress
IpRenewAddress
AddIPAddress
DeleteIPAddress
NotifyAddrChange
GetAdaptersInfo
IcmpSendEcho
IcmpCreateFile

crypt32

CertOpenStore
CertCloseStore
CertDeleteCertificateFromStore
CryptUnprotectData
CertAddEncodedCertificateToStore

Exports

Exports

Create_Config_JobFactory

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

326bd06d2ea14cead823925adcf2bc93

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

09:aa:74:97:62:3d:0f:44:1b:4a:68:59:4b:a3:65:03:2d:5e:e1:74Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

psapi

gdiplus

oleacc

imm32

winmm

version

secur32

setupapi

ws2_32

iphlpapi

crypt32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 45KB - Virtual size: 101KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 458KB - Virtual size: 458KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

44:23:9c:21:87:ef:ae:7b:a9:f3:cd:89:c4:fe:9d:84
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

09:aa:74:97:62:3d:0f:44:1b:4a:68:59:4b:a3:65:03:2d:5e:e1:74
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 45KB - Virtual size: 101KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 458KB - Virtual size: 458KB