2024-04-09_c5f157ae1ed3f9059d77d826b46103e4_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-04-09_c5f157ae1ed3f9059d77d826b46103e4_mafia
Size

2.3MB
MD5

c5f157ae1ed3f9059d77d826b46103e4
SHA1

a43ea8a270938a7f2ede4f4e39592501872b5afd
SHA256

bdc98c831ebe00fdfcb3448e41700a3e415eb107a6a06170812db3a4f2e8a45c
SHA512

0e034eeaa5fce535266f8512d166201ac846f2dd3ef482048d95f7d2d50d8102c442228fa905b88e9f2e523c06735c1f824e10bc39559f0c733c9e5d3f2b3de9
SSDEEP

24576:Ejb7c5pKuDuMPkZQSbwWhPIIwJHcRpa/hclh9bcD6P2NSidhEVQQtrkZ:4c5pKrhXwJHcRpaWlh9bogid+QcrkZ

Score

1^/10

Malware Config

Signatures

Files

2024-04-09_c5f157ae1ed3f9059d77d826b46103e4_mafia
.exe windows:5 windows x86 arch:x86

50025506f162f5a882fefcc6735f2843

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17-06-2022 13:01

Not After

17-06-2025 13:01

Subject

SERIALNUMBER=02386638,CN=NETSUPPORT LTD.,O=NETSUPPORT LTD.,STREET=Netsupport House Towngate East\, Market Deeping,L=Peterborough,ST=Cambridgeshire,C=GB,1.2.840.113549.1.9.1=#0c196973406e6574737570706f7274736f6674776172652e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07-11-2023 17:13

Not After

09-12-2034 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17-06-2022 13:01

Not After

17-06-2025 13:01

Subject

SERIALNUMBER=02386638,CN=NETSUPPORT LTD.,O=NETSUPPORT LTD.,STREET=Netsupport House Towngate East\, Market Deeping,L=Peterborough,ST=Cambridgeshire,C=GB,1.2.840.113549.1.9.1=#0c196973406e6574737570706f7274736f6674776172652e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07-11-2023 17:13

Not After

09-12-2034 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:dd:c9:73:aa:1d:05:25:65:88:62:91:0b:9d:c8:6a:71:78:f6:9f:38:b9:d3:34:03:9b:53:0e:07:4e:c7:fe
Signer

Actual PE Digest

7d:dd:c9:73:aa:1d:05:25:65:88:62:91:0b:9d:c8:6a:71:78:f6:9f:38:b9:d3:34:03:9b:53:0e:07:4e:c7:fe

Digest Algorithm

sha256

PE Digest Matches

true

d5:e5:60:19:2d:e7:dd:88:36:e5:ad:1d:56:32:f4:1d:a9:d8:89:90
Signer

Actual PE Digest

d5:e5:60:19:2d:e7:dd:88:36:e5:ad:1d:56:32:f4:1d:a9:d8:89:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\nsmsrc\nsm\1410\1410\studentui\Release_unicode\StudentUI.pdb

Imports

shfolder

SHGetFolderPathW

gdiplus

GdipSetPenLineCap197819
GdipSetClipRect
GdipFillRectangle
GdipDrawEllipse
GdipDrawArc
GdipClosePathFigure
GdipSetClipRectI
GdipTransformPath
GdipGetStringFormatAlign
GdipGetPathWorldBoundsI
GdipDrawImageRectRect
GdipDrawImageRect
GdipGetWorldTransform
GdipRotateMatrix
GdipCreateMatrix
GdipFillRectanglesI
GdipCreatePathGradientFromPath
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipGetGenericFontFamilySansSerif
GdipClonePath
GdipCloneBitmapAreaI
GdipDrawCachedBitmap
GdipResetWorldTransform
GdipSetWorldTransform
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipAddPathCurveI
GdipAddPathCurve
GdipSetStringFormatTabStops
ord1
GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeletePath
GdipAddPathLineI
GdipAddPathLine
GdipResetPath
GdipTranslateMatrix
GdipCreateMatrix2
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipSetPenDashStyle
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipCreatePath
GdipDeleteMatrix
GdipCloneImage
GdipAddPathArcI
GdipGetLogFontW
GdipDrawEllipseI
GdipSetSolidFillColor
GdipSetPenColor
GdipAddPathStringI
GdipDrawLine
GdipSetStringFormatTrimming
GdipDrawImageI
GdipAddPathPieI
GdipCloneBrush
GdipGetFontHeightGivenDPI
GdipCreateFont
GdipResetClip
GdipSetClipPath
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipMeasureString
GdipDrawString
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipReleaseDC
GdipGetDC
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushFromRectI
GdipCreateSolidFill
GdipSetImageAttributesColorMatrix
GdiplusShutdown
GdiplusStartup
GdipCreateHICONFromBitmap
GdipCreateBitmapFromScan0
GdipImageRotateFlip
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipCreateBitmapFromHBITMAP

comctl32

ord17
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_DragMove
ImageList_EndDrag
ImageList_Remove
ImageList_GetImageInfo
ImageList_Merge
ImageList_GetIcon
ImageList_GetIconSize
ImageList_Draw
ImageList_GetImageCount
ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_LoadImageW
ImageList_AddMasked
ImageList_Create
ImageList_DrawEx
ImageList_Add
ImageList_Destroy

kernel32

RtlUnwind
HeapReAlloc
EncodePointer
DecodePointer
InterlockedExchange
GetCommandLineW
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
GetTickCount
SetThreadPriority
GetThreadPriority
GetCurrentThread
Sleep
LoadLibraryW
TlsFree
GetProcAddress
SetLastError
GetCurrentProcessId
GetVersion
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
InitializeCriticalSection
DeleteCriticalSection
GlobalAddAtomW
GlobalDeleteAtom
InterlockedIncrement
InterlockedDecrement
GetLastError
CompareStringW
LockResource
LoadResource
FindResourceW
GetCurrentThreadId
CloseHandle
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
GetVersionExW
OpenProcess
GetModuleFileNameW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetCurrentProcess
UnmapViewOfFile
WaitForMultipleObjects
OpenEventW
MapViewOfFile
OpenFileMappingW
CreateThread
LocalFree
CreateFileMappingW
LocalAlloc
GetLocalTime
DeleteFileW
GetTempFileNameW
ReadFile
GetFileSize
CreateFileW
WriteFile
GetTimeFormatW
GetDateFormatW
MultiByteToWideChar
GetModuleHandleW
GetTempPathW
OutputDebugStringW
GetSystemTimeAsFileTime
GetProcessTimes
ExitProcess
FindResourceExW
WideCharToMultiByte
GlobalReAlloc
HeapAlloc
GetProcessHeap
HeapFree
PulseEvent
GetProfileStringW
FormatMessageW
WinExec
EnumResourceLanguagesW
EnumResourceNamesW
Beep
VirtualQueryEx
RaiseException
TerminateProcess
ResumeThread
GetThreadContext
SuspendThread
GetExitCodeThread
OpenThread
CreateDirectoryW
GetFileAttributesW
GetSystemDefaultLangID
EnumResourceTypesW
IsBadReadPtr
GetSystemInfo
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateProcessW
LoadLibraryExW
GetShortPathNameW
GlobalGetAtomNameW
DeviceIoControl
SetFileAttributesW
GetComputerNameW
FindClose
FindFirstFileW
CompareFileTime
GetDriveTypeW
SetProcessShutdownParameters
SetUnhandledExceptionFilter
ExpandEnvironmentStringsA
LoadLibraryA
lstrlenW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
GetStringTypeW
LCMapStringW
InitializeCriticalSectionAndSpinCount
HeapSize
GetTimeZoneInformation
FatalAppExitA
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointer
SetStdHandle
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
FlushFileBuffers
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
FreeLibrary
lstrlenA

user32

LoadImageW
DestroyCursor
IntersectRect
wvsprintfW
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetClientRect
RemovePropW
GetPropW
DrawTextW
OffsetRect
SetCapture
GetCapture
ReleaseCapture
FillRect
EndPaint
BeginPaint
GetUpdateRect
CallNextHookEx
GetLastActivePopup
PostQuitMessage
DispatchMessageW
PeekMessageW
CreateDialogParamW
GetDlgItemTextW
SetWindowsHookExW
UnhookWindowsHookEx
GetMenu
WinHelpW
MessageBoxIndirectW
SetCursor
DrawIcon
CreateIconIndirect
DrawIconEx
GetIconInfo
MonitorFromRect
GetMonitorInfoW
GetWindowThreadProcessId
CloseDesktop
EnumDesktopWindows
OpenDesktopW
GetShellWindow
PostThreadMessageW
RedrawWindow
DrawFocusRect
UnionRect
GetWindowDC
MessageBoxW
GetGuiResources
TranslateMessage
GetMessageW
SetWindowTextW
IsRectEmpty
InflateRect
GetWindowTextLengthW
IsDlgButtonChecked
IsIconic
EndDialog
MapDialogRect
TrackMouseEvent
SetClassLongW
IsDialogMessageW
DialogBoxParamW
DialogBoxIndirectParamW
SetForegroundWindow
CreateDialogIndirectParamW
SetFocus
GetScrollPos
EnumChildWindows
UpdateLayeredWindow
ChildWindowFromPoint
AdjustWindowRectEx
GetDoubleClickTime
GetCursorInfo
DeleteMenu
GetMenuItemID
GetMenuItemCount
GetMenuStringW
MessageBeep
InsertMenuItemW
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetKeyState
SetMenuInfo
GetMenuInfo
SetMenu
TrackPopupMenuEx
SetWindowPlacement
IsMenu
EnableMenuItem
CheckMenuItem
EnumDisplayMonitors
SetParent
GetNextDlgTabItem
GetAsyncKeyState
CheckDlgButton
SetActiveWindow
SendInput
RegisterDeviceNotificationW
UnregisterDeviceNotification
MonitorFromPoint
GetActiveWindow
CreatePopupMenu
AppendMenuW
SetMenuItemInfoW
LoadMenuW
GetSubMenu
DestroyMenu
CopyIcon
DestroyIcon
IsWindowVisible
WindowFromPoint
CopyRect
EqualRect
SetRect
DestroyWindow
SetRectEmpty
GetSysColor
LoadStringW
EnableWindow
SetDlgItemTextW
ValidateRect
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
MapWindowPoints
GetDlgCtrlID
IsChild
IsWindowEnabled
DeferWindowPos
GetWindowLongW
SetWindowLongW
GetDlgItem
wsprintfW
MoveWindow
FindWindowW
RegisterWindowMessageW
EnumWindows
IsWindow
GetWindowTextW
GetSystemMetrics
GetClassNameW
DefWindowProcW
SetPropW
GetParent
ShowWindow
PostMessageW
SendDlgItemMessageW
SendMessageW
GetCursorPos
GetForegroundWindow
PtInRect
GetWindow
GetDesktopWindow
GetClassInfoW
LoadCursorW
RegisterClassW
CreateWindowExW
GetMenuItemInfoW
SystemParametersInfoW
UpdateWindow
SetWindowPos
GetWindowRect
CallWindowProcW
KillTimer
SetTimer
IsZoomed

gdi32

MoveToEx
CreatePen
GetTextExtentPointW
CreateDCW
SetPixel
PatBlt
CreateSolidBrush
GetDeviceCaps
SetBkColor
SetBrushOrgEx
CreateBitmap
LineTo
GetSystemPaletteEntries
BitBlt
DeleteDC
GetTextExtentPoint32W
CreatePatternBrush
DeleteObject
CreateFontIndirectW
GetTextMetricsW
SelectObject
RectVisible
SetLayout
CreateCompatibleDC
CreateCompatibleBitmap
TextOutW
SetTextColor
CreatePalette
PtInRegion
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateDIBSection
ExtTextOutW
GetBitmapBits
AbortDoc
EndDoc
EndPage
StartDocW
StartPage
SetMapMode
CreateDIBitmap
SelectPalette
RealizePalette
GetDIBits
ExcludeClipRect
GetClipBox
SetStretchBltMode
StretchBlt
GetRegionData
GetRgnBox
OffsetRgn
SelectClipRgn
CreateRectRgn
CombineRgn
GetStockObject
SetBkMode
GetObjectW

winspool.drv

ord203
OpenPrinterW
ClosePrinter
DocumentPropertiesW

comdlg32

PageSetupDlgW
PrintDlgExW
GetOpenFileNameW
GetSaveFileNameW

advapi32

SetSecurityDescriptorSacl
RegOpenKeyExA
RegQueryValueExA
GetUserNameW
FreeSid
RegQueryValueExW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
ImpersonateLoggedOnUser
OpenProcessToken
RevertToSelf
EqualSid
AllocateAndInitializeSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountSidW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode
RegEnumKeyExW
CloseServiceHandle

shell32

FindExecutableW
DuplicateIcon
SHGetFileInfoW
SHParseDisplayName
SHBindToParent
ExtractIconExW
ShellExecuteW
SHAppBarMessage

ole32

OleInitialize
OleUninitialize
CoInitializeEx
CoInitializeSecurity
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString
VariantCopy
SysAllocStringLen
VariantInit
SysStringByteLen
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayCreate

dwmapi

DwmSetWindowAttribute

shlwapi

PathFileExistsW

winmm

PlaySoundW
timeGetTime

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

_GetRawWMIStringW@16
_GetWMIStringW@16
_IsAcerA@8

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 898KB - Virtual size: 898KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50025506f162f5a882fefcc6735f2843

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:adCertificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:adCertificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

7d:dd:c9:73:aa:1d:05:25:65:88:62:91:0b:9d:c8:6a:71:78:f6:9f:38:b9:d3:34:03:9b:53:0e:07:4e:c7:feSigner

d5:e5:60:19:2d:e7:dd:88:36:e5:ad:1d:56:32:f4:1d:a9:d8:89:90Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shfolder

gdiplus

comctl32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

dwmapi

shlwapi

winmm

version

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 192KB - Virtual size: 191KB

.data Size: 13KB - Virtual size: 31KB

.rsrc Size: 898KB - Virtual size: 898KB

.reloc Size: 68KB - Virtual size: 68KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

7d:dd:c9:73:aa:1d:05:25:65:88:62:91:0b:9d:c8:6a:71:78:f6:9f:38:b9:d3:34:03:9b:53:0e:07:4e:c7:fe
Signer

d5:e5:60:19:2d:e7:dd:88:36:e5:ad:1d:56:32:f4:1d:a9:d8:89:90
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 192KB - Virtual size: 191KB

.data
Size: 13KB - Virtual size: 31KB

.rsrc
Size: 898KB - Virtual size: 898KB

.reloc
Size: 68KB - Virtual size: 68KB