058aabce9e6d17a7b7020815f19f99fd0166789675d00c7c96fb5509e1a69311

Sharing

Copy URL Twitter E-mail

General

Target

058aabce9e6d17a7b7020815f19f99fd0166789675d00c7c96fb5509e1a69311
Size

9.6MB
MD5

1ef157daf8108cd1e7dbe7bb8ae2e500
SHA1

4e3535845b816e041e0b54ec4e23de59583cec51
SHA256

058aabce9e6d17a7b7020815f19f99fd0166789675d00c7c96fb5509e1a69311
SHA512

0153bd7b470810879160f801b0da3cb80eba22b3d8fa9edc013e080cbdf3be35f2590aa5926da477084413c67384c07282168d08f04a58165d03435a3bfe9dad
SSDEEP

196608:ZurEAMcmPIaPhnCxylwa+0YAmH+BI5/kIhEHR+IfMlUBcf0+DgagAos0ax:Zur9MIqqtH++9ex7fMlUY0+7t5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PID Key Checker/PID Key Checker.exe

Files

058aabce9e6d17a7b7020815f19f99fd0166789675d00c7c96fb5509e1a69311
.zip
PID Key Checker/AutomaticUpdater.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:fe
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:d3:28:8a:b6:91:7b:55:4e:af:36:2a:36:0e:8a:fb
Certificate

Issuer

CN=COMODO Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15/08/2011, 00:00

Not After

14/08/2016, 23:59

Subject

CN=wyDay,O=wyDay,POSTALCODE=03878,STREET=34 Pinewood Drive,L=Somersworth,ST=New Hampshire,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

63:e3:9e:e2:94:b9:a7:a1:63:3b:81:e9:e8:4d:be:69:29:12:8a:40
Signer

Actual PE Digest

63:e3:9e:e2:94:b9:a7:a1:63:3b:81:e9:e8:4d:be:69:29:12:8a:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PID Key Checker/PID Key Checker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PID Key Checker/appver.dat
PID Key Checker/block.dat
PID Key Checker/client.wyc
.zip
iuclient.iuc
s.png
.png
t.png
.png
PID Key Checker/data/10 Pre/10036/pkeyconfig_win10_10036-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10036/pkeyconfig_win10_10036.xrm-ms
PID Key Checker/data/10 Pre/10041/pkeyconfig_win10_10041-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10041/pkeyconfig_win10_10041.xrm-ms
PID Key Checker/data/10 Pre/10049/pkeyconfig_win10_10049-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10049/pkeyconfig_win10_10049.xrm-ms
PID Key Checker/data/10 Pre/10051/pkeyconfig_win10_10051-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10051/pkeyconfig_win10_10051.xrm-ms
PID Key Checker/data/10 Pre/10061/pkeyconfig_win10_10061-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10061/pkeyconfig_win10_10061.xrm-ms
PID Key Checker/data/10 Pre/10074/pkeyconfig_win10_10074-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10074/pkeyconfig_win10_10074.xrm-ms
PID Key Checker/data/10 Pre/10122/pkeyconfig_win10_10122-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10122/pkeyconfig_win10_10122.xrm-ms
PID Key Checker/data/10 Pre/10130/pkeyconfig_win10_10130-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10130/pkeyconfig_win10_10130.xrm-ms
PID Key Checker/data/10 Pre/10135/pkeyconfig-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10135/pkeyconfig.xrm-ms
PID Key Checker/data/10 Pre/10135/pkeyconfig_win10_10135-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10135/pkeyconfig_win10_10135.xrm-ms
PID Key Checker/data/10 Pre/10147/pkeyconfig_win10_10147-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10147/pkeyconfig_win10_10147.xrm-ms
PID Key Checker/data/10 Pre/10151/pkeyconfig-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10151/pkeyconfig.xrm-ms
PID Key Checker/data/10 Pre/10151/pkeyconfig_win10_10151-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10151/pkeyconfig_win10_10151.xrm-ms
PID Key Checker/data/10 Pre/10158/pkeyconfig_win10_10158-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10158/pkeyconfig_win10_10158.xrm-ms.xrm-ms
PID Key Checker/data/10 Pre/10159/pkeyconfig_win10_10159-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10159/pkeyconfig_win10_10159.xrm-ms
PID Key Checker/data/10 Pre/10162/pkeyconfig_win10_10162-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10162/pkeyconfig_win10_10162.xrm-ms
PID Key Checker/data/10 Pre/10166/pkeyconfig_win10_10166 by Hoaibao.xrm-ms
PID Key Checker/data/10 Pre/10166/pkeyconfig_win10_10166-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10166/pkeyconfig_win10_10166.xrm-ms
PID Key Checker/data/10 Pre/10176/pkeyconfig_win10_10176-csvlk.xrm-ms
PID Key Checker/data/10 Pre/10176/pkeyconfig_win10_10176.xrm-ms
PID Key Checker/data/10 Pre/10Pre.txt
PID Key Checker/data/10 Pre/14352/pkeyconfig-csvlk.xrm-ms
PID Key Checker/data/10 Pre/14352/pkeyconfig-downlevel.xrm-ms
PID Key Checker/data/10 Pre/14352/pkeyconfig.xrm-ms
PID Key Checker/data/10 Pre/14361/pkeyconfig-csvlk.xrm-ms
PID Key Checker/data/10 Pre/14361/pkeyconfig-downlevel.xrm-ms
PID Key Checker/data/10 Pre/14361/pkeyconfig.xrm-ms
PID Key Checker/data/10 Pre/14383/pkeyconfig-csvlk.xrm-ms
PID Key Checker/data/10 Pre/14383/pkeyconfig.xrm-ms
PID Key Checker/data/10 Pre/14383/product.ini
PID Key Checker/data/10 Pre/14385/pkeyconfig-csvlk.xrm-ms
PID Key Checker/data/10 Pre/14385/pkeyconfig.xrm-ms
PID Key Checker/data/10 Pre/9841/pkeyconfig_win10_9841-csvlk.xrm-ms
PID Key Checker/data/10 Pre/9841/pkeyconfig_win10_9841.xrm-ms
PID Key Checker/data/10 Pre/9860/pkeyconfig_win10_9860-csvlk.xrm-ms
PID Key Checker/data/10 Pre/9860/pkeyconfig_win10_9860.xrm-ms
PID Key Checker/data/10 Pre/9879/pkeyconfig_win10_9879-csvlk.xrm-ms
PID Key Checker/data/10 Pre/9879/pkeyconfig_win10_9879.xrm-ms
PID Key Checker/data/10 Pre/9926/pkeyconfig_win10_9926-csvlk.xrm-ms
PID Key Checker/data/10 Pre/9926/pkeyconfig_win10_9926.xrm-ms
PID Key Checker/data/10 Pre/pkconfig_winNext-csvlk.xrm-ms
PID Key Checker/data/10 Pre/pkconfig_winNext.xrm-ms
PID Key Checker/data/10 RTM/10240/pkeyconfig_win10_10240-csvlk.xrm-ms
PID Key Checker/data/10 RTM/10240/pkeyconfig_win10_10240.xrm-ms
PID Key Checker/data/10 RTM/10586/pkeyconfig-downlevel.xrm-ms
PID Key Checker/data/10 RTM/10586/pkeyconfig_win10_10586-csvlk.xrm-ms
PID Key Checker/data/10 RTM/10586/pkeyconfig_win10_10586.xrm-ms
PID Key Checker/data/10 RTM/15063/win10 15063 CSLVK.xrm-ms
PID Key Checker/data/10 RTM/15063/win10 15063.xrm-ms
PID Key Checker/data/10 RTM/17134/pkeyconfig-downlevel.xrm-ms
PID Key Checker/data/10 RTM/17134/pkeyconfig_win10_17134-csvlk.xrm-ms
PID Key Checker/data/10 RTM/17134/pkeyconfig_win10_17134.xrm-ms
PID Key Checker/data/7.0/pkconfig_win7.xrm-ms
PID Key Checker/data/7.0/pkconfig_win7x.xrm-ms
PID Key Checker/data/8 CP/pkeyconfig_win8CP-csvlk.xrm-ms
PID Key Checker/data/8 CP/pkeyconfig_win8CP.xrm-ms
PID Key Checker/data/8 DP/pkeyconfig_win8DP-csvlk.xrm-ms
PID Key Checker/data/8 DP/pkeyconfig_win8DP.xrm-ms
PID Key Checker/data/8.0/pkeyconfig-csvlk.xrm-ms
PID Key Checker/data/8.0/pkeyconfig.xrm-ms
PID Key Checker/data/8.1 Pre/pkeyconfig_win8.1_9431-csvlk.xrm-ms
PID Key Checker/data/8.1 Pre/pkeyconfig_win8.1_9431.xrm-ms
PID Key Checker/data/8.1/pkconfig_win8.1-csvlk.xrm-ms
PID Key Checker/data/8.1/pkconfig_win8.1.xrm-ms
PID Key Checker/data/8.1/pkeyconfig-csvlk.xrm-ms
PID Key Checker/data/8.1/pkeyconfig.xrm-ms
PID Key Checker/data/DCS/CrmPKConfig_dynamics_crm_server_2011.xml
PID Key Checker/data/DCS/CrmRtm6PKConfig_dynamics_crm_server_2013.xml
PID Key Checker/data/DCS/CrmRtm7PKConfig_dynamics_crm_server_2015.xml
PID Key Checker/data/DCS/path.txt
PID Key Checker/data/Emb 8/pkconfig_winemb8.xrm-ms
PID Key Checker/data/Emb 8/pkeyconfig_Windows_Embedded_8_Standard.xrm-ms
PID Key Checker/data/Emb 8/pkeyconfig_Windows_Embedded_8_Standard_Toolkit.xrm-ms
PID Key Checker/data/Emb_Stan7/pkeyconfig_emb-sta.xrm-ms
PID Key Checker/data/Exchange Server/ProductKeyConfig_exchange server 2010.xml
PID Key Checker/data/Exchange Server/ProductKeyConfig_exchange server 2013.xml
PID Key Checker/data/Exchange Server/Productkeyconfig_exchanger server 2016.xml
PID Key Checker/data/Exchange Server/productkeyconfig2013.xml
PID Key Checker/data/Forefront 2010/PKConfigTMG.xml
PID Key Checker/data/Forefront 2010/PKeyConfigExchange.xml
PID Key Checker/data/Forefront 2010/PKeyConfigSharepoint.xml
PID Key Checker/data/PosReady7/pkconfig_winPosReady7.xrm-ms
PID Key Checker/data/S2013Ex/productkeyconfig.xml
PID Key Checker/data/SQL/pkeyconfig-sql2012.xrm-ms
PID Key Checker/data/SQL/pkeyconfig-sql2014.xrm-ms
PID Key Checker/data/SQL/pkeyconfig-sql2016.xml
PID Key Checker/data/SQL/pkeyconfig-sql2017.xml
PID Key Checker/data/Settings.ini
PID Key Checker/data/Sharepoint-Project-Office Web Svr/pkeyconfig_project-sharepoint-office web apps svr 2010.xrm-ms
PID Key Checker/data/Sharepoint-Project-Office Web Svr/pkeyconfig_project-sharepoint-office web apps svr 2013.xrm-ms
PID Key Checker/data/Sharepoint-Project-Office Web Svr/sharepoint2016.xrm-ms
PID Key Checker/data/System Center/PKConfig_system_center_2012.xml
PID Key Checker/data/System Center/PkConfig_system_center_DPM_2010.xml
PID Key Checker/data/System Center/VMMPKConfig_Essentials_2010.xml
PID Key Checker/data/ThinPC/pkconfig_winThinPC.xrm-ms
PID Key Checker/data/VS/vs2010.xrm-ms
PID Key Checker/data/VS/vs2012.xrm-ms
PID Key Checker/data/VS/vs2013.xrm-ms
PID Key Checker/data/VS/vs2015.xrm-ms
PID Key Checker/data/VS/vs2015rc.xrm-ms
PID Key Checker/data/VS/vs2017.xrm-ms
PID Key Checker/data/Vista/pkconfig_vista _6.0.6002.18005.xrm-ms
PID Key Checker/data/Vista/pkconfig_vista.xrm-ms
PID Key Checker/data/Vista/pkeyconfig_6.0.6000.16386.xrm-ms
PID Key Checker/data/Vista/pkeyconfig_6.0.6001.18000.xrm-ms
PID Key Checker/data/WinServer/2022/pkeyconfig-downlevel.xrm-ms
PID Key Checker/data/WinServer/2022/pkeyconfig.xrm-ms
PID Key Checker/data/Windows 11/pkeyconfig-csvlk.xrm-ms
PID Key Checker/data/Windows 11/pkeyconfig-downlevel.xrm-ms
PID Key Checker/data/Windows 11/pkeyconfig.xrm-ms
PID Key Checker/data/base.dat
.rar
PID Key Checker/data/base.xml
PID Key Checker/data/o14-15-16-19-21/officeonline2016.xrm-ms
PID Key Checker/data/o14-15-16-19-21/pkconfig_Office15Client.xrm-ms
PID Key Checker/data/o14-15-16-19-21/pkconfig_Office15KMSHost.xrm-ms
PID Key Checker/data/o14-15-16-19-21/pkconfig_office14.xrm-ms
PID Key Checker/data/o14-15-16-19-21/pkconfig_office15.xrm-ms
PID Key Checker/data/o14-15-16-19-21/pkeyconfig-Office16KMSHost.xrm-ms
PID Key Checker/data/o14-15-16-19-21/pkeyconfig-office-kmshost.xrm-ms
PID Key Checker/data/o14-15-16-19-21/pkeyconfig-office16Client.xrm-ms
PID Key Checker/data/o14-15-16-19-21/pkeyconfig-office19.xrm-ms
PID Key Checker/data/o14-15-16-19-21/pkeyconfig-office21.xrm-ms
PID Key Checker/data/other/smallbussines2011.xrm-ms
PID Key Checker/pidgenx.dll
.dll windows:10 windows x86 arch:x86

78d536feebf237b943e2f96ef0d4495a

Code Sign

33:00:00:01:4b:b6:11:14:64:cd:a2:d7:bf:00:00:00:00:01:4b
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/08/2015, 20:12

Not After

01/08/2016, 20:12

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:1a:9c:53:af:c3:ba:7d:59:ad:e4:32:01:66:be:6a:13:ba:bf:21:e4:56:2b:ce:41:72:69:1f:68:fa:e2:43
Signer

Actual PE Digest

69:1a:9c:53:af:c3:ba:7d:59:ad:e4:32:01:66:be:6a:13:ba:bf:21:e4:56:2b:ce:41:72:69:1f:68:fa:e2:43

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

pidgenx.pdb

Imports

msvcrt

wcsncmp
_itow_s
memmove
_wcsicmp
_onexit
_wcsnicmp
_itow
_ui64tow_s
_except_handler4_common
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
_vsnwprintf
wcschr
_wtoi
wcsstr
_CIlog10
_ftol2
memcmp
memcpy
memset

kernel32

HeapAlloc
GetProcAddress
GetProcessHeap
SetLastError
GetVersionExA
GetLastError
LocalAlloc
LocalFree
CloseHandle
CreateFileW
GetFileSize
ReadFile
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
VirtualProtect
RtlCaptureContext
VirtualFree
GetCurrentProcess
VirtualAlloc
TerminateProcess
GetCurrentThread
UnhandledExceptionFilter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleExW
HeapFree
IsProcessorFeaturePresent
InitializeCriticalSection
SystemTimeToFileTime
GetLocalTime
GetProcessAffinityMask
GetThreadPriority
WaitForMultipleObjects
GetVersionExW
GetSystemDefaultLangID
FileTimeToSystemTime
FreeLibrary
SetThreadPriority
FreeLibraryAndExitThread
VirtualQuery
GetModuleFileNameW
LoadLibraryExW
CreateThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateEventW
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
RaiseException
WaitForSingleObject
ReleaseSemaphore
SetEvent

advapi32

TraceMessage
CryptExportKey
CryptVerifySignatureA
CryptSignHashA
CryptDecrypt
CryptEncrypt
CryptGenKey
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom

rpcrt4

RpcStringFreeW
UuidFromStringW
I_RpcMapWin32Status
UuidToStringW

bcrypt

BCryptGenRandom

Exports

Exports

GetPKeyData
PidGenX
PidGenX2

Sections

.text
Size: 866KB - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:feCertificate

Key Usages

66:d3:28:8a:b6:91:7b:55:4e:af:36:2a:36:0e:8a:fbCertificate

Extended Key Usages

Key Usages

63:e3:9e:e2:94:b9:a7:a1:63:3b:81:e9:e8:4d:be:69:29:12:8a:40Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 75KB - Virtual size: 74KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 9.6MB - Virtual size: 9.6MB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 12B

78d536feebf237b943e2f96ef0d4495a

Code Sign

33:00:00:01:4b:b6:11:14:64:cd:a2:d7:bf:00:00:00:00:01:4bCertificate

Extended Key Usages

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate

Key Usages

69:1a:9c:53:af:c3:ba:7d:59:ad:e4:32:01:66:be:6a:13:ba:bf:21:e4:56:2b:ce:41:72:69:1f:68:fa:e2:43Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

rpcrt4

bcrypt

Exports

Exports

Sections

.text Size: 866KB - Virtual size: 865KB

.data Size: 4KB - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 34KB - Virtual size: 34KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

73:57:8c:71:6d:b3:95:53:13:7d:f3:09:73:18:ab:fe
Certificate

66:d3:28:8a:b6:91:7b:55:4e:af:36:2a:36:0e:8a:fb
Certificate

63:e3:9e:e2:94:b9:a7:a1:63:3b:81:e9:e8:4d:be:69:29:12:8a:40
Signer

.text
Size: 75KB - Virtual size: 74KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 9.6MB - Virtual size: 9.6MB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:4b:b6:11:14:64:cd:a2:d7:bf:00:00:00:00:01:4b
Certificate

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

69:1a:9c:53:af:c3:ba:7d:59:ad:e4:32:01:66:be:6a:13:ba:bf:21:e4:56:2b:ce:41:72:69:1f:68:fa:e2:43
Signer

.text
Size: 866KB - Virtual size: 865KB

.data
Size: 4KB - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 34KB - Virtual size: 34KB