7e1e018872cad67fc1eebf860085299cba2ad7a057acf7d8b43d9861e9e9dbf6

Sharing

Copy URL

Twitter E-mail

General

Target

7e1e018872cad67fc1eebf860085299cba2ad7a057acf7d8b43d9861e9e9dbf6
Size

34.5MB
MD5

915e191117e693d5e12bee929d86adbb
SHA1

9bed4bb5e4003128a3d62df554c00e12d2c13778
SHA256

7e1e018872cad67fc1eebf860085299cba2ad7a057acf7d8b43d9861e9e9dbf6
SHA512

5c8c982f99ec683785a51f362627a9c46a7e77790fabde8dffd27ac472bb2ca82f12656dd0910822f5ea1cc2853a9b96df3ef9b53740a7b1be2ffa20cec57938
SSDEEP

393216:8SOsok4e+23+nqw+4z2OfoGaFFt1i0QRzSpOJsv6tWKFdu9CRMGclY9PRSggLVH9:HskMk5lQBdMGAj5CQchRi

Score

1^/10

Malware Config

Signatures

Files

7e1e018872cad67fc1eebf860085299cba2ad7a057acf7d8b43d9861e9e9dbf6
.exe windows:6 windows x64 arch:x64

03756241b0fd8d73583f43b191db1b28

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13-01-2022 00:00

Not After

12-01-2025 23:59

Subject

CN=ADLICE,O=ADLICE,ST=Loire-Atlantique,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

da:9b:45:3b:71:83:40:2a:34:6f:8d:a4:da:73:2a:c9:7b:cb:e0:4c
Signer

Actual PE Digest

da:9b:45:3b:71:83:40:2a:34:6f:8d:a4:da:73:2a:c9:7b:cb:e0:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Adlice\RogueKillerQt\x64\RelWithDebInfo\RogueKiller.pdb

Imports

ws2_32

getnameinfo
inet_pton
WSAIoctl
freeaddrinfo
getaddrinfo

winmm

PlaySoundW
timeKillEvent
timeSetEvent

netapi32

NetShareEnum
NetUserGetInfo
NetApiBufferFree

kernel32

DeleteFiber
CreateFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FormatMessageA
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
CreateFileMappingA
SwitchToThread
WTSGetActiveConsoleSessionId
CheckRemoteDebuggerPresent
GlobalUnlock
GlobalLock
GlobalSize
lstrcmpW
CreateFileA
GetFileSizeEx
GetUserDefaultLangID
CompareStringEx
GetLocalTime
SetThreadPriority
GetThreadPriority
GetTickCount64
OutputDebugStringW
IsProcessorFeaturePresent
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetStartupInfoW
GetLogicalDrives
SetEndOfFile
SetFileTime
GetFileInformationByHandleEx
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
UnregisterWaitEx
lstrcmpA
GetTimeZoneInformation
InitializeCriticalSection
InterlockedPushEntrySList
RtlUnwindEx
SwitchToFiber
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
DecodePointer
EncodePointer
GetStringTypeW
GetStdHandle
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GlobalFree
GlobalAlloc
LoadLibraryExW
QueueUserWorkItem
SetFilePointer
GetConsoleCP
GetACP
HeapReAlloc
IsValidLocale
EnumSystemLocalesW
HeapSize
IsBadWritePtr
IsBadReadPtr
lstrlenW
lstrcmpiW
VirtualFree
VirtualAlloc
GetVolumeNameForVolumeMountPointW
SetFilePointerEx
GetVolumePathNameW
GetFileType
GetFileInformationByHandle
GetDiskFreeSpaceW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
IsValidCodePage
GetOEMCP
FindFirstFileExA
FindNextFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadResource
LockResource
SizeofResource
FindResourceW
HeapDestroy
GetPrivateProfileStringW
GetFileSize
HeapCreate
VirtualQueryEx
AreFileApisANSI
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
IsDebuggerPresent
lstrcpyW
LocalAlloc
DeviceIoControl
GetVolumePathNamesForVolumeNameW
QueryDosDeviceW
DefineDosDeviceW
K32GetModuleInformation
Module32NextW
Module32FirstW
CreateRemoteThread
WriteProcessMemory
OpenThread
CreateThread
RaiseException
GetModuleFileNameA
GetVersionExA
ResumeThread
GetCurrentThread
OutputDebugStringA
GetEnvironmentVariableW
RtlCaptureContext
GetTickCount
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTempPathW
GetTempFileNameW
CreateMutexW
ReleaseMutex
GetThreadLocale
GetUserGeoID
GetGeoInfoW
GetLocaleInfoW
GetModuleHandleW
GetModuleFileNameW
GetProcessHeap
HeapFree
HeapAlloc
GetVersionExW
VerSetConditionMask
CancelIo
GetOverlappedResult
WaitNamedPipeW
CreateNamedPipeW
PeekNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
SetHandleInformation
WriteFile
ReadFile
FlushFileBuffers
MoveFileExW
MoveFileW
CopyFileW
SetFileAttributesW
RemoveDirectoryW
GetFileTime
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
SetStdHandle
DeleteFileW
CreateFileW
CreateDirectoryW
GetShortPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
WaitForMultipleObjects
CreateEventW
ResetEvent
SetEvent
Thread32Next
Thread32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32GetModuleBaseNameW
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectW
GetModuleHandleA
ReadProcessMemory
OpenProcess
GetProcessId
CreateProcessW
TerminateThread
GetExitCodeProcess
TerminateProcess
GetProcessTimes
WaitForSingleObject
SetLastError
DuplicateHandle
GetComputerNameW
FormatMessageW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimes
Sleep
SetErrorMode
GetCurrentDirectoryW
GetCurrentProcessId
GetCurrentProcess
LocalFree
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
CloseHandle
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatW
GetDateFormatW
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
CompareFileTime
GetConsoleWindow
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
ExitProcess
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetFullPathNameA
RegisterWaitForSingleObject

user32

RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
GetKeyboardLayout
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
UnregisterPowerSettingNotification
UnregisterDeviceNotification
CharNextExA
GetDC
ReleaseDC
DrawIconEx
GetIconInfo
GetSystemMenu
EnableMenuItem
GetSystemMetrics
GetSysColor
SystemParametersInfoW
MessageBoxW
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetCursorInfo
RegisterClassW
EnumDisplayDevicesW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
RealGetWindowClassW
ChangeWindowMessageFilterEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
ChildWindowFromPointEx
ExitWindowsEx
PostMessageW
ShowWindow
RegisterDeviceNotificationW
EnumWindows
GetWindowThreadProcessId
GetProcessWindowStation
GetUserObjectInformationW
SendMessageA
FindWindowA
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetClassNameW
EnumChildWindows
CharNextW
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
SetParent
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
DestroyWindow
IsChild
CreateWindowExW
DefWindowProcW
AttachThreadInput
SendMessageW
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
GetDesktopWindow
UpdateLayeredWindowIndirect

gdi32

CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GdiFlush
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetRegionData
GetObjectW
GetBitmapBits
SetPixelFormat
SwapBuffers
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
SelectClipRgn
OffsetRgn
CreateRectRgn
CombineRgn
BitBlt
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetCharABCWidthsFloatW
CreateCompatibleDC
GetDIBits

shell32

Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHCreateItemFromIDList
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHGetFolderPathW
ord51
ShellExecuteExW
SHGetMalloc
CommandLineToArgvW
SHGetKnownFolderPath
SHCreateItemFromParsingName
ShellExecuteW

ole32

CoInitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
ReleaseStgMedium
OleIsCurrentClipboard
DoDragDrop
CoTaskMemRealloc
CoTaskMemAlloc
StringFromCLSID
CoGetMalloc
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
OleUninitialize

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
SafeArrayPutElement
SafeArrayCreateVector
VarUI4FromStr

advapi32

CreateProcessAsUserW
GetSecurityInfo
DuplicateTokenEx
OpenProcessToken
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
MapGenericMask
AccessCheck
RegFlushKey
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges
LookupPrivilegeValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
EnumDependentServicesW
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
RegSetKeySecurity
RegGetKeySecurity
GetAce
ConvertStringSidToSidW
ConvertSidToStringSidW
LookupAccountNameW
LookupAccountSidW
IsValidSid
GetLengthSid
CopySid
SetEntriesInAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetTokenInformation
GetUserNameW
DuplicateToken
QueryServiceConfig2W
QueryServiceStatus
QueryServiceStatusEx
SetServiceObjectSecurity
StartServiceW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW

mpr

WNetGetConnectionW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
LoadUserProfileW
UnloadUserProfile
GetProfilesDirectoryW
GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

PathRemoveBackslashW
StrCmpIW
StrDupW
StrFormatByteSizeW
PathUnExpandEnvStringsW
PathUnquoteSpacesW
PathSearchAndQualifyW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveBlanksW
PathRemoveArgsW
PathQuoteSpacesW
PathIsNetworkPathW
PathIsRelativeW
PathIsPrefixW
PathIsDirectoryW
PathGetDriveNumberW
PathGetArgsW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCommonPrefixW
PathAppendW
PathAddBackslashW
AssocQueryStringW

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

wininet

InternetGetConnectedState

ntdll

NtCreateKey
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPcToFileHeader
NtQuerySystemInformation
NtQueryKey
NtSetValueKey
NtDeleteValueKey
NtDeleteKey
NtOpenKey
NtUnloadDriver
RtlInitUnicodeString
NtLoadDriver

wsock32

shutdown
getsockopt
ntohs
WSAStartup
WSACleanup
inet_ntoa
WSAAsyncSelect
gethostname
sendto
recvfrom
htonl
select
__WSAFDIsSet
htons
getpeername
socket
setsockopt
listen
connect
closesocket
bind
accept
WSASetLastError
send
recv
WSAGetLastError
getsockname

crypt32

CertGetNameStringW
CertNameToStrW
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertGetCertificateContextProperty

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext

bcrypt

BCryptGenRandom
BCryptDeriveKeyPBKDF2
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider

dwmapi

DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmGetWindowAttribute
DwmEnableBlurBehindWindow

uxtheme

GetThemeBool
GetCurrentThemeName
OpenThemeData
GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
IsAppThemed
SetWindowTheme
IsThemeActive

imm32

ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey

Sections

.text
Size: 17.9MB - Virtual size: 17.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 299KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03756241b0fd8d73583f43b191db1b28

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7bCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

da:9b:45:3b:71:83:40:2a:34:6f:8d:a4:da:73:2a:c9:7b:cb:e0:4cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winmm

netapi32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

mpr

userenv

version

shlwapi

wtsapi32

wininet

ntdll

wsock32

crypt32

wintrust

bcrypt

dwmapi

uxtheme

imm32

Sections

.text Size: 17.9MB - Virtual size: 17.9MB

.rdata Size: 9.0MB - Virtual size: 9.0MB

.data Size: 299KB - Virtual size: 572KB

.pdata Size: 1.1MB - Virtual size: 1.1MB

.qtmetad Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 13B

.qtmimed Size: 315KB - Virtual size: 315KB

.gfids Size: 512B - Virtual size: 508B

_RDATA Size: 1024B - Virtual size: 544B

.rsrc Size: 5.9MB - Virtual size: 5.9MB

.reloc Size: 111KB - Virtual size: 111KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

da:9b:45:3b:71:83:40:2a:34:6f:8d:a4:da:73:2a:c9:7b:cb:e0:4c
Signer

.text
Size: 17.9MB - Virtual size: 17.9MB

.rdata
Size: 9.0MB - Virtual size: 9.0MB

.data
Size: 299KB - Virtual size: 572KB

.pdata
Size: 1.1MB - Virtual size: 1.1MB

.qtmetad
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 13B

.qtmimed
Size: 315KB - Virtual size: 315KB

.gfids
Size: 512B - Virtual size: 508B

_RDATA
Size: 1024B - Virtual size: 544B

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

.reloc
Size: 111KB - Virtual size: 111KB