Loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Loader.exe
Size

9.9MB
MD5

57d10d1a791d983dd8041e291e3519e0
SHA1

446f72b1b82f8a713cd3e2d1fbd138921929bbe0
SHA256

f09e8dd9d144d9b54cfdecf925d340fc5e672ba6992ba78b543e3d9c18a7ecbb
SHA512

fd70d3d9e71b9b7f5c7dad41bf345522ee712ec981737d844642e6db44973c0256da4f45ef8c36a6fea79585d45c7ba97cf04164d22f2f87222d66638e7350b2
SSDEEP

196608:xpk6hM0dBWLPpzq+Sy3BTMAODONaPIR62489ESf8JcynTiTPc5dI68Q8O0:x5M5PTSyJ7OzIU2L9RneTiTPc/P6O0

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Files

Loader.exe
.exe windows:6 windows x64 arch:x64

9ce30f14d5784f14941321f1c1403720

Code Sign

a7:5f:24:b1:7f:ae:1a:87:ec:14:59:be:25:7a:3b:6c
Certificate

Issuer

CN=EasyAntiCheat Oy,O=Certigo US.

Not Before

27/10/2021, 04:00

Not After

29/11/2024, 04:59

Subject

CN=EasyAntiCheat Oy,O=Certigo US.

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d0:b3:09:bc:44:3b:e4:1e:63:dc:f9:96:b0:95:e8:bc:7e:d2:a7:e5
Signer

Actual PE Digest

d0:b3:09:bc:44:3b:e4:1e:63:dc:f9:96:b0:95:e8:bc:7e:d2:a7:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapDestroy
GetSystemInfo
CheckRemoteDebuggerPresent
IsDebuggerPresent
DebugBreak
GlobalFindAtomA
HeapSize
InitializeCriticalSectionEx
DeleteCriticalSection
CreateThread
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
QueryFullProcessImageNameW
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
HeapReAlloc
GetConsoleWindow
GetThreadContext
VirtualProtectEx
LoadLibraryW
Process32Next
GetCurrentThread
GlobalAddAtomA
Sleep
VerifyVersionInfoA
QueryPerformanceCounter
GetTickCount
MoveFileExA
WaitForSingleObjectEx
MultiByteToWideChar
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
WideCharToMultiByte
LoadLibraryExA
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
CreateToolhelp32Snapshot
OutputDebugStringA
SetConsoleTitleA
VirtualProtect
WriteProcessMemory
Process32First
FreeLibrary
GetProcessHeap
HeapAlloc
LoadLibraryA
HeapFree
CreateDirectoryA
LocalFree
CreateFileA
GetLastError
OpenProcess
GetCurrentDirectoryA
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
CreateSymbolicLinkW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
SetLastError
GetFileAttributesExA
GetCurrentProcess
GetTempPathW
GetCurrentProcessId
GetProcAddress
CloseHandle
GetModuleHandleA
GetCurrentThreadId
CreateFileW
VirtualAlloc
DeviceIoControl
VirtualFree
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

FindWindowA
MessageBoxA
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

comdlg32

GetOpenFileNameA

advapi32

CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
RegOpenKeyA
RegDeleteKeyA
RegSetValueExA
OpenProcessToken
RegSetKeyValueW
RegCloseKey
RegDeleteTreeW
RegCreateKeyW
RegOpenKeyW
CryptEncrypt
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeValueW
RegCreateKeyA
CryptImportKey
CryptDestroyKey
CryptDestroyHash
AdjustTokenPrivileges
CryptHashData
CryptCreateHash

ole32

StringFromGUID2

msvcp140

_Thrd_join
_Thrd_id
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setf@ios_base@std@@QEAAHHH@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
_Query_perf_counter
_Cnd_do_broadcast_at_thread_exit
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Winerror_map@std@@YAHH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?good@ios_base@std@@QEBA_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

ntdll

NtQuerySystemInformation
NtUnloadDriver
NtLoadDriver
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
VerSetConditionMask

dbghelp

SymSetOptions
SymGetTypeInfo
SymLoadModuleEx
SymCleanup
SymGetTypeFromName
SymInitialize
SymFromName
ImageDirectoryEntryToData
ImageRvaToVa
SymUnloadModule64
ImageNtHeader

urlmon

URLDownloadToFileA

normaliz

IdnToAscii

wldap32

ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertGetCertificateChain
CertCloseStore
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertAddCertificateContextToStore
CertFindExtension
CertFreeCertificateChain
CertGetNameStringA
CertOpenStore

ws2_32

select
getaddrinfo
ioctlsocket
sendto
gethostname
ntohl
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
__WSAFDIsSet
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
recv
send
recvfrom
closesocket
ntohs
freeaddrinfo

shlwapi

PathFindFileNameW

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strrchr
strchr
memset
__current_exception
memcpy
memcmp
memchr
_CxxThrowException
__C_specific_handler
strstr
__std_terminate
wcsstr
__std_exception_copy
__std_exception_destroy
__current_exception_context
memmove

api-ms-win-crt-stdio-l1-1-0

fputc
fflush
fopen
fputs
__stdio_common_vsscanf
fclose
fgetc
_set_fmode
__p__commode
fseek
fwrite
ftell
fgetpos
setvbuf
feof
_popen
fgets
_pclose
ungetc
__stdio_common_vfprintf
fsetpos
_lseeki64
_read
__acrt_iob_func
fread
__stdio_common_vsprintf
_fseeki64
_get_stream_buffer_pointers
_write
_close
_open

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-filesystem-l1-1-0

_unlink
_access
_wremove
_lock_file
_fstat64
_unlock_file
_stat64
remove

api-ms-win-crt-string-l1-1-0

isupper
strncpy
strspn
strcspn
strcmp
_strdup
strpbrk
_stricmp
strncmp
tolower

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
_localtime64
_time64

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_crt_atexit
_initialize_onexit_table
_initialize_narrow_environment
abort
_cexit
_seh_filter_exe
_set_app_type
exit
_getpid
_register_onexit_function
_beginthreadex
_configure_narrow_argv
system
terminate
_errno
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
__p___argv
strerror
_resetstkoflw
__sys_nerr
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo
_c_exit

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
malloc
free
calloc
_set_new_mode

api-ms-win-crt-convert-l1-1-0

strtoll
strtoul
strtoull
strtol
_itoa_s
strtod
wcstombs_s
atoi

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dclass

shell32

ShellExecuteA

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 814KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ce30f14d5784f14941321f1c1403720

Code Sign

a7:5f:24:b1:7f:ae:1a:87:ec:14:59:be:25:7a:3b:6cCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

d0:b3:09:bc:44:3b:e4:1e:63:dc:f9:96:b0:95:e8:bc:7e:d2:a7:e5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

ole32

msvcp140

ntdll

dbghelp

urlmon

normaliz

wldap32

crypt32

ws2_32

shlwapi

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

shell32

wtsapi32

Sections

.text Size: - Virtual size: 814KB

.rdata Size: - Virtual size: 236KB

.data Size: - Virtual size: 48KB

.pdata Size: - Virtual size: 28KB

.vmp0 Size: - Virtual size: 8.0MB

.vmp1 Size: 9.9MB - Virtual size: 9.9MB

.rsrc Size: 512B - Virtual size: 480B

a7:5f:24:b1:7f:ae:1a:87:ec:14:59:be:25:7a:3b:6c
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

d0:b3:09:bc:44:3b:e4:1e:63:dc:f9:96:b0:95:e8:bc:7e:d2:a7:e5
Signer

.text
Size: - Virtual size: 814KB

.rdata
Size: - Virtual size: 236KB

.data
Size: - Virtual size: 48KB

.pdata
Size: - Virtual size: 28KB

.vmp0
Size: - Virtual size: 8.0MB

.vmp1
Size: 9.9MB - Virtual size: 9.9MB

.rsrc
Size: 512B - Virtual size: 480B