ColdWarePerm[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

ColdWarePerm.rar
Size

2.1MB
MD5

b53b638b68bb8b2835b3216e916ecfb5
SHA1

8e4dfca533c6b9b7298cd2fb739b76c650f8fe0b
SHA256

133afecb7008685b35c5037c7213ce2b9c88937ac2a038af46bdaf3952669858
SHA512

350f3402c73a2ca22c301ba29bf96fc72777637f6d2cb7369ab699f2aa89c119591ca8bee82e557067f46c3adc28fabc7f2aaa0bab449adaea15d6c4ae72cd95
SSDEEP

49152:RooKtYJrX5mALRtqsT0cVeuAo0GfY2P+tYhXEOrgODoGg0R:KoKAQm/T1AQIYtEhODTge

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/crackedbyflxxdz.exe

Files

ColdWarePerm.rar
.rar
crackedbyflxxdz.exe
.exe windows:6 windows x64 arch:x64

9de95942b708326cba328a88751502e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Serfux\Downloads\ColdWare Perm (PLS I NEED UEFI) (1)\ColdWare Perm (PLS I NEED UEFI)\examples\example_win32_directx9\ignore\ColdWare Perm.pdb

Imports

d3d9

Direct3DCreate9

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
AreFileApisANSI
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetFileInformationByHandleEx
SetFileInformationByHandle
ReleaseSRWLockExclusive
SleepConditionVariableSRW
WakeAllConditionVariable
HeapDestroy
LocalFree
SetFileAttributesW
GetConsoleWindow
GetLastError
GetFileAttributesW
CreateDirectoryW
GetTickCount64
CreateFileW
FindClose
GetTempPathW
SetFilePointer
WriteFile
FindNextFileW
FindFirstFileW
GetLogicalDrives
ReadFile
SetUnhandledExceptionFilter
GetModuleHandleW
GetSystemInfo
CreateFileA
Sleep
OpenProcess
TerminateProcess
VirtualAlloc
VirtualFree
VirtualProtect
CheckRemoteDebuggerPresent
IsDebuggerPresent
GetTickCount
GetThreadContext
LoadLibraryW
GetFileAttributesExW
FindFirstFileExW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
MapViewOfFile
GetCurrentDirectoryW
GetLocaleInfoEx
WaitForMultipleObjects
CloseHandle
Process32FirstW
GetCurrentThread
OutputDebugStringW
Process32NextW
CreateToolhelp32Snapshot
GetCurrentProcess
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetLocaleInfoA
GetModuleHandleA
GlobalUnlock
WideCharToMultiByte
HeapSize
InitializeCriticalSectionEx
DeleteCriticalSection
CreateThread
CreateFileMappingW
GetModuleFileNameA
GetModuleFileNameW
GlobalLock
GlobalFree
QueryFullProcessImageNameW
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
CreateFileMappingA
UnmapViewOfFile
RtlCaptureContext
GlobalAlloc
MultiByteToWideChar
GetFileSizeEx
AcquireSRWLockExclusive
GetFileType
PeekNamedPipe

user32

GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
GetMessageExtraInfo
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
SetCursor
SetCapture
LoadCursorW
IsWindowUnicode
GetWindowLongW
DefWindowProcW
GetWindowRect
DestroyWindow
CreateWindowExW
SetClipboardData
GetForegroundWindow
GetKeyState
wsprintfW
UpdateWindow
PostQuitMessage
LoadIconW
TranslateMessage
SetLayeredWindowAttributes
MoveWindow
PeekMessageW
SetWindowLongA
DispatchMessageW
ShowWindow
RegisterClassExW
UnregisterClassW
GetSystemMetrics
MessageBoxA

advapi32

CryptAcquireContextA
GetLengthSid
GetTokenInformation
InitializeAcl
CryptEncrypt
CryptImportKey
IsValidSid
SetSecurityInfo
CopySid
ConvertSidToStringSidA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
SetEntriesInAclW
RegCreateKeyExW
SetNamedSecurityInfoW
RegSetValueExW
OpenProcessToken
FreeSid
AddAccessAllowedAce

shell32

SHGetFolderPathW
SHGetMalloc
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoSetProxyBlanket

oleaut32

SysFreeString
SysAllocString
VariantClear

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??7ios_base@std@@QEBA_NXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
_Thrd_join
_Query_perf_counter
_Thrd_id
?_Syserror_map@std@@YAPEBDH@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Random_device@std@@YAIXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow

dwmapi

DwmExtendFrameIntoClientArea

obsidium64

ord23

shlwapi

StrStrW
PathFindFileNameW
SHDeleteValueW
SHDeleteKeyW
PathFileExistsW

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

normaliz

IdnToAscii

wldap32

ord30
ord143
ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord301
ord200

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA

ws2_32

WSACleanup
closesocket
recv
send
WSAStartup
accept
htonl
WSASetLastError
socket
WSAGetLastError
listen
bind
connect
ioctlsocket
getpeername
getsockname
getsockopt
htons
WSAIoctl
ntohl
gethostname
ntohs
sendto
recvfrom
freeaddrinfo
getaddrinfo
setsockopt
select
__WSAFDIsSet

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
strchr
_CxxThrowException
memcmp
memchr
memset
memmove
memcpy
__intrinsic_setjmp
strrchr
wcsstr
__C_specific_handler
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
__current_exception_context
longjmp

api-ms-win-crt-stdio-l1-1-0

fread
_set_fmode
_lseeki64
__stdio_common_vsscanf
__p__commode
fwrite
feof
fputs
_read
_write
fsetpos
_close
_open
fclose
_popen
_pclose
fgets
ftell
__stdio_common_vfprintf
_get_stream_buffer_pointers
_fseeki64
fflush
ungetc
__acrt_iob_func
setvbuf
fgetpos
_wfopen
__stdio_common_vswprintf
fgetc
__stdio_common_vsprintf
fopen
fputc
fseek

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-string-l1-1-0

strncpy
iswctype
strcmp
_strdup
isupper
_wcsicmp
strncmp
tolower
strpbrk
strspn
strcspn

api-ms-win-crt-heap-l1-1-0

malloc
realloc
calloc
free
_set_new_mode
_callnewh

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_errno
terminate
_beginthreadex
abort
strerror
__sys_nerr
_resetstkoflw
exit
_invalid_parameter_noinfo_noreturn
_wassert
_register_thread_local_exe_atexit_callback
_c_exit
_getpid
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
system

api-ms-win-crt-convert-l1-1-0

strtod
strtoul
atoi
strtoll
strtoull
strtol

api-ms-win-crt-math-l1-1-0

ceilf
cosf
fmodf
pow
powf
sqrtf
sinf
sqrt
_dclass
__setusermatherr
acosf

api-ms-win-crt-time-l1-1-0

_localtime64
strftime
_time64
_gmtime64

api-ms-win-crt-filesystem-l1-1-0

_stat64
_lock_file
_unlock_file
_fstat64
_access
_unlink

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
_configthreadlocale

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
obsidium64.dll
.dll windows:6 windows x64 arch:x64

da74a7101e6d219a0c25a2f046be4fca

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:34:a5:b6:36:56:3d:f6:b7:a1:f0:7f:b5:f2:39:79
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

08/12/2022, 00:00

Not After

09/01/2026, 23:59

Subject

CN=Martin Tofall,O=Martin Tofall,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:2a:22:94:d3:d8:c2:c6:cd:ed:1b:cc:df:10:81:70:72:30:2a:2f:85:8c:fa:ed:49:51:89:0e:33:95:a1:d7
Signer

Actual PE Digest

a8:2a:22:94:d3:d8:c2:c6:cd:ed:1b:cc:df:10:81:70:72:30:2a:2f:85:8c:fa:ed:49:51:89:0e:33:95:a1:d7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnumSystemLocalesW
GetModuleHandleA

shell32

SHChangeNotifyRegister

advapi32

RegOpenKeyExW

user32

DefWindowProcA

Exports

Exports

obsBlacklistLicenses
obsConvertLicenseToBinary
obsConvertLicenseToString
obsDecTrialCounter
obsDeleteLicenseData
obsDeleteTrialData
obsDisableLicense
obsEncDecData
obsGetActiveLicensingSystem
obsGetCustomValue
obsGetExpirationDate
obsGetInitialTrialCounter
obsGetInitialTrialDays
obsGetInitialTrialRuns
obsGetInstanceCount
obsGetLicenseCreation
obsGetLicenseData
obsGetLicenseExpiration
obsGetLicenseHash
obsGetLicenseInfo
obsGetLicenseInfoEx
obsGetLicenseInfoExW
obsGetLicenseInfoW
obsGetLicenseStatus
obsGetLicenseSystemId
obsGetProtectionDate
obsGetSystemId
obsGetTrialCounter
obsGetTrialDays
obsGetTrialEndDate
obsGetTrialIdentifier
obsGetTrialRuns
obsIsLicensed
obsIsProtected
obsIsVm
obsNetLicConnect
obsNetLicDisconnect
obsNetLicGetAppCertId
obsNetLicGetAppCertName
obsNetLicGetAppCertUserData
obsNetLicRegisterCallback
obsReloadLicense
obsReprotectString
obsSecureString
obsSecureStringW
obsSetExternalKey
obsSetLicense
obsSetLicenseShort
obsSetLicenseShortW
obsSetLicenseW
obsStoreLicense
obsStoreLicenseShort
obsStoreLicenseShortW
obsStoreLicenseW
obsUsbDecrypt
obsUsbEncrypt
obsUsbEnumDevices
obsUsbExecute
obsUsbGetDeviceId
obsUsbGetLicenseDeviceId
obsUsbReadData
obsUsbRegisterCallback
obsUsbWriteData
obsVerifyLicense
obsVerifyLicenseShort
obsVerifyLicenseShortW
obsVerifySignatureData
obsVerifySignatureFile
obsVerifySignatureFileW

Sections

.text
Size: - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pexe
Size: - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

.pexe
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9de95942b708326cba328a88751502e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

imm32

dwmapi

obsidium64

shlwapi

d3dx9_43

normaliz

wldap32

crypt32

ws2_32

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 364KB - Virtual size: 363KB

.data Size: 1.9MB - Virtual size: 1.9MB

.pdata Size: 55KB - Virtual size: 55KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 5KB - Virtual size: 4KB

da74a7101e6d219a0c25a2f046be4fca

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

5a:34:a5:b6:36:56:3d:f6:b7:a1:f0:7f:b5:f2:39:79Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a8:2a:22:94:d3:d8:c2:c6:cd:ed:1b:cc:df:10:81:70:72:30:2a:2f:85:8c:fa:ed:49:51:89:0e:33:95:a1:d7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

advapi32

user32

Exports

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 364KB - Virtual size: 363KB

.data
Size: 1.9MB - Virtual size: 1.9MB

.pdata
Size: 55KB - Virtual size: 55KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 5KB - Virtual size: 4KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

5a:34:a5:b6:36:56:3d:f6:b7:a1:f0:7f:b5:f2:39:79
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a8:2a:22:94:d3:d8:c2:c6:cd:ed:1b:cc:df:10:81:70:72:30:2a:2f:85:8c:fa:ed:49:51:89:0e:33:95:a1:d7
Signer

.text
Size: - Virtual size: 162KB

.text
Size: - Virtual size: 64KB

.pexe
Size: - Virtual size: 138KB

.reloc
Size: - Virtual size: 12KB

.pexe
Size: - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.pdata
Size: 98KB - Virtual size: 97KB