blackmoon | 851660d02a6fd422f931a42a5e4c36cdefdb6128baa85f4d4dab1be9be7c7fc4

Sharing

Copy URL Twitter E-mail

General

Target

851660d02a6fd422f931a42a5e4c36cdefdb6128baa85f4d4dab1be9be7c7fc4
Size

807KB
MD5

51ec6f371d008218e896f5090e7f9f9b
SHA1

6c1be759f6e99be3e5c13724376b04a62788ed19
SHA256

851660d02a6fd422f931a42a5e4c36cdefdb6128baa85f4d4dab1be9be7c7fc4
SHA512

ae40f5bf2895305ce5b76c0a9adb29a0397a738e8849a9451b526c358aadac170c9ab2c316c84eb0f2670531e692c7d896fb12add190cd0e319c13d35b30e734
SSDEEP

24576:ufXOSyG1bjIEjVHx1SBD+8tWKZ8vtAYmsCKABZYq:i91jIEjVHPSt+3IOtnmZKkt

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Files

851660d02a6fd422f931a42a5e4c36cdefdb6128baa85f4d4dab1be9be7c7fc4
.dll windows:4 windows x86 arch:x86

d3765bdcaf19d3e2ce98548e7d40f730

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

59:04:09:57:f2:08:43:30:2b:a5:2a:a1:f6:ab:ce:ef
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/11/2016, 00:00

Not After

21/12/2019, 23:59

Subject

CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:aa:d4:1c:c1:a9:50:0b:5d:ed:a2:79:34:f4:62:3b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/08/2018, 00:00

Not After

11/09/2021, 23:59

Subject

CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:96:47:98:c1:89:7d:e2:46:23:f5:5d:85:95:49:57:b2:c6:67:26:be:91:99:9f:5a:4e:81:9b:c8:9f:ec:a6
Signer

Actual PE Digest

0c:96:47:98:c1:89:7d:e2:46:23:f5:5d:85:95:49:57:b2:c6:67:26:be:91:99:9f:5a:4e:81:9b:c8:9f:ec:a6

Digest Algorithm

sha256

PE Digest Matches

false

70:9c:66:63:5a:41:c2:b6:b8:fb:a3:18:08:91:e6:eb:a1:8c:66:c1
Signer

Actual PE Digest

70:9c:66:63:5a:41:c2:b6:b8:fb:a3:18:08:91:e6:eb:a1:8c:66:c1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetHandleCount
VirtualAlloc
GetModuleHandleA
GetProcAddress
VirtualFree
LoadLibraryA
GetCurrentProcessId
CreateWaitableTimerA
SetWaitableTimer
CloseHandle
Sleep
CreateIoCompletionPort
GetQueuedCompletionStatus
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
LocalFree
WideCharToMultiByte
GetCommandLineW
GetVersionExA
GetTickCount
GetCommandLineA
GetModuleFileNameA
IsDebuggerPresent
LCMapStringA
FlushFileBuffers
SetStdHandle
LCMapStringW
IsBadCodePtr
SetUnhandledExceptionFilter
SetFilePointer
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersion
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
WriteFile
RaiseException
IsBadWritePtr

user32

PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
KillTimer
SetTimer
MsgWaitForMultipleObjects
IsZoomed
IsIconic
GetClassNameA
GetWindowTextA
GetWindowTextLengthA
GetWindowThreadProcessId
GetAncestor
GetParent
IsWindowVisible
FindWindowExA
DispatchMessageW
TranslateMessage
GetMessageW
ShowWindow

shell32

CommandLineToArgvW

Exports

Exports

ACE_Cleanup
ACE_IsManagedVM
ACE_UseVM
AIOMgr_Cleanup
AIOMgr_Close
AIOMgr_Err2MsgString
AIOMgr_Err2String
AIOMgr_ForceSyncMode
AIOMgr_GetAllocSize
AIOMgr_GetFlags
AIOMgr_Init
AIOMgr_IsHandleAsync
AIOMgr_Open
AIOMgr_OpenWithRetry
AIOMgr_Queue
AIOMgr_SetAllocSize
AIOMgr_Sync
AIOMgr_Truncate
AIOMgr_Wait
AIOMgr_Win32Ioctl
AsyncProxySocket_Exit
AsyncProxySocket_Init
AsyncSocket_AttachToSSLSock
AsyncSocket_Close
AsyncSocket_Connect
AsyncSocket_ConnectNamedPipe
AsyncSocket_ConnectVMCI
AsyncSocket_Err2String
AsyncSocket_Flush
AsyncSocket_GetFd
AsyncSocket_GetGenericErrno
AsyncSocket_GetID
AsyncSocket_GetINETIPStr
AsyncSocket_GetPort
AsyncSocket_GetState
AsyncSocket_Init
AsyncSocket_Listen
AsyncSocket_ListenVMCI
AsyncSocket_MsgError
AsyncSocket_Recv
AsyncSocket_RecvBlocking
AsyncSocket_RecvPartial
AsyncSocket_RecvPassedFd
AsyncSocket_Send
AsyncSocket_SetErrorFn
AsyncSocket_SetOption
AsyncSocket_UseNodelay
AsyncSocket_WaitForConnection
Auth_AuthenticateUser
Auth_CloseToken
Auth_RetrieveAccountInformationForVM
AutoInstall_AddFileToFloppyImg
AutoInstall_AddTools_Linux
AutoInstall_GetInstallConfigInfo
AutoInstall_GetPrettyWindowsName
AutoInstall_IsSupportedGuest
AutoInstall_MakeFloppyImg
AutoInstall_MakeFloppyImg_Linux
AutoInstall_MasterISO
AutoInstall_NeedsFloppy_Linux
AutoInstall_PrepareAnswerFileEx
AutoInstall_PrepareAnswerFileEx_Linux
AutoInstall_ScanDisk
AutoInstall_ScanISO
AutoInstall_ValidateName
AutoInstall_ValidatePassword
AutoInstall_ValidateShortName
Base64_DecodeFixed
Base64_DecodedLength
Base64_EasyDecode
Base64_EasyEncode
Base64_Encode
Base64_EncodedLength
BitVector_Alloc
BitVector_Duplicate
BitVector_Free
BitVector_GetExtent
BitVector_IsZero
BitVector_NextBit
BitVector_NextExtent
BitVector_Resize
BitVector_SafeAlloc
BitVector_SafeDuplicate
BitVector_SetExtent
CPClipboard_Changed
CPClipboard_Clear
CPClipboard_ClearItem
CPClipboard_Copy
CPClipboard_Destroy
CPClipboard_GetItem
CPClipboard_Init
CPClipboard_IsEmpty
CPClipboard_ItemExists
CPClipboard_Serialize
CPClipboard_SetChanged
CPClipboard_SetItem
CPClipboard_Unserialize
CPNameUtil_CharReplace
CPNameUtil_ConvertToRoot
CertCreateCertificateContext
CertFreeCertificateContext
CityHash64
CityHash_HashPage
CityHash_HashQuads
CnxUtil_Connect
CnxUtil_MKSDisplayProtocolToString
CnxUtil_NewAuthParams
CnxUtil_UnmungePassword
CnxWin32_FindSocket
CnxWin32_PassFD
CnxWin32_PassFD2
Cnx_CanConnectLocally
Cnx_ClientUsedProxyCmd
Cnx_Connect
Cnx_CreateSocketPair
Cnx_EnforceEarlyAuthdTimeout
Cnx_FreeConnectParams
Cnx_FreeConnection
Cnx_GetClientRandomParam
Cnx_GetConnectionFD
Cnx_GetHostId
Cnx_GetIPAddress
Cnx_GetLastError
Cnx_GetMKSDisplayProtocol
Cnx_GetNextVerifyParam
Cnx_GetSessionId
Cnx_GetWaitFD
Cnx_IsSSLRequired
Cnx_NewConnectParams
Cnx_NewConnection
Cnx_SetAuthdResponseTimeOut
Cnx_SetLocalConnectionParams
Cnx_SetProxyServiceConnectParams
Cnx_SetRemoteConnectionParams2
Cnx_SetRemoteOutboundParams
Cnx_SetSSLRequired
Cnx_SetServerdConnectParams
Cnx_SetTCPTimeouts
Cnx_SetVmxConnectParams
Cnx_SetVpxaConnectParams
CoCreateInstanceAsAdmin
CodeSet_CurrentToUtf16le
CodeSet_CurrentToUtf8
CodeSet_GenericToGeneric
CodeSet_GetCurrentCodeSet
CodeSet_Init
CodeSet_Utf16leToCurrent
CodeSet_Utf16leToUtf8
CodeSet_Utf8ToCurrent
CodeSet_Utf8ToUtf16le
CodeSet_Validate
Config_Get
Config_GetBool
Config_GetInt64
Config_GetLong
Config_GetPathName
Config_GetString
Config_GetStringPlain
Config_GetStringSecure
Config_Set
Config_SetBool
Config_SetInt64
Config_SetLong
Config_SetString
Config_SetStringPlain
Config_SetStringSecure
Config_WriteNoMsg
CoreDump_LogModules
CoreDump_SetUnhandledExceptionFilter
CryptUIDlgViewCertificateW
CryptoCipher_FromString
CryptoCipher_ToString
CryptoDict_CreateAndImport
CryptoDict_Free
CryptoDict_Get
CryptoError_ToMsgString
CryptoError_ToString
CryptoFile_ImportFromFile
CryptoHashState_Create
CryptoHashState_ExportState
CryptoHashState_Finish
CryptoHashState_ImportState
CryptoHashState_Process
CryptoHash_Compute
CryptoHash_FromString
CryptoHash_GetOutputSize
CryptoKey_Create
CryptoKey_DecryptWithMAC
CryptoKey_EncryptWithMAC
CryptoKey_Export
CryptoKey_Free
CryptoKey_Generate
CryptoKey_GetCipher
CryptoKey_GetKeyData
CryptoKey_Import
CryptoKey_PKEncrypt
CryptoKeyedHash_FromString
CryptoPass2Key_Compute
CryptoPass2Key_FromString
CryptoPass2Key_MakeKey
CryptoRandom_GetBytes
Crypto_ClearEncryptedPassword
Crypto_DecryptPassword
Crypto_EncryptPassword
Crypto_Free
Crypto_FreeString
Crypto_GetPassword
Crypto_InitializeEncryptedPassword
Crypto_ManglePassphrase
Crypto_PasswordUnwrapData
Crypto_PasswordWrapData
DDBCreate
DDBDestroy
DDBEnumerate
DDBGet
DDBSet
DataTransform_CreateBlockPadding
DataTransform_CreateDecryptor
DataTransform_CreateEncryptor
DataTransform_CreateGZipCompressor
DataTransform_CreateGZipDecompressor
DataTransform_CreateGZipFileSink
DataTransform_CreateGZipFileSource
DataTransform_CreateRawFileSink
DataTransform_CreateRawFileSource
DataTransform_CreateRawStreamSource
DataTransform_Destroy
DataTransform_RawFileStream
DataTransform_Read
DataTransform_Write
DictLL_ReadLine
DictLL_WriteLine
Dict_GetBool
Dict_GetBoolPlain
Dict_GetBoolSecure
Dict_GetDouble
Dict_GetDoublePlain
Dict_GetDoubleSecure
Dict_GetInt64
Dict_GetInt64Plain
Dict_GetInt64Secure
Dict_GetLong
Dict_GetLongPlain
Dict_GetLongSecure
Dict_GetString
Dict_GetStringEnum
Dict_GetStringPlain
Dict_GetStringSecure
Dict_SetAny
Dict_SetBool
Dict_SetBoolPlain
Dict_SetBoolSecure
Dict_SetDouble
Dict_SetDoublePlain
Dict_SetDoubleSecure
Dict_SetInt64
Dict_SetInt64Plain
Dict_SetInt64Secure
Dict_SetLong
Dict_SetLongPlain
Dict_SetLongSecure
Dict_SetString
Dict_SetStringPlain
Dict_SetStringSecure
Dict_Unset
Dictionary_Clear
Dictionary_ClearPreserveKeys
Dictionary_Clone
Dictionary_Create
Dictionary_Free
Dictionary_Get
Dictionary_GetAsString
Dictionary_IsDefined
Dictionary_IsDefinedWithPrefix
Dictionary_IsEncrypted
Dictionary_Iterate
Dictionary_Load
Dictionary_LoadAndUnlock
Dictionary_LoadEx
Dictionary_LoadFile
Dictionary_LoadFromBuffer
Dictionary_LoadFromBufferEx
Dictionary_LoadFromBufferWithDefaultEncoding
Dictionary_LoadWithDefaultUtf8
Dictionary_NotSet
Dictionary_NumberOfEntries
Dictionary_Rekey
Dictionary_SetEncoding
Dictionary_SetFromString
Dictionary_StringToBool
Dictionary_Unlock
Dictionary_Unset
Dictionary_UnsetWithPrefix
Dictionary_Write
Dictionary_WriteFile
Dictionary_WriteToBuffer
DiskLibCryptoCreateParam_Create
DiskLibCryptoCreateParam_Destroy
DiskLibCryptoCreateParam_GetUserRing
DiskLibCryptoCreateParam_SetCipher
DiskLibCryptoCreateParam_SetCipherFromCipher
DiskLibCryptoCreateParam_SetUserRing
DiskLib_Attach
DiskLib_BlockTrackActivate
DiskLib_BlockTrackClone
DiskLib_BlockTrackComputeChanges
DiskLib_BlockTrackDeactivate
DiskLib_BlockTrackFileName
DiskLib_BlockTrackFlush
DiskLib_BlockTrackFreeChangeInfo
DiskLib_BlockTrackGetBlockSize
DiskLib_BlockTrackGetChanges
DiskLib_BlockTrackGetEpoch
DiskLib_BlockTrackGetFD
DiskLib_BlockTrackIncrementEpoch
DiskLib_BlockTrackIsActive
DiskLib_BlockTrackMakeFileName
DiskLib_BlockTrackMapAllChanges
DiskLib_BlockTrackMerge
DiskLib_BlockTrackMergeChanges
DiskLib_BlockTrackQuerySession
DiskLib_BlockTrackRdmClone
DiskLib_BlockTrackReset
DiskLib_BlockTrackSetChanges
DiskLib_BlockTrackSetFD
DiskLib_BlockTrackSetFileName
DiskLib_BlockTrackStartCombine
DiskLib_BlockTrackStartSession
DiskLib_BottomLinkSpaceUsed
DiskLib_ChangeFilterPolicy
DiskLib_ChangePolicy
DiskLib_ChangePolicyWithHandle
DiskLib_Check
DiskLib_CheckResultsFree
DiskLib_Clone
DiskLib_CloneChild
DiskLib_CloneChildWithDestParent
DiskLib_CloneChildWithWorldID
DiskLib_CloneCreateObjExtParams
DiskLib_CloneCreateParam
DiskLib_CloneWithWorldID
DiskLib_Close
DiskLib_Combine
DiskLib_CombineCancel
DiskLib_CombineNextChunk
DiskLib_ConsolidateVVolDisks
DiskLib_ConvertAbort
DiskLib_ConvertCommit
DiskLib_ConvertStart
DiskLib_CopyData
DiskLib_CopyObjExtParams
DiskLib_Create
DiskLib_CreateChild
DiskLib_CreateChildCreateParam
DiskLib_CreateDigestObjExtParams
DiskLib_CreateObjExtParams
DiskLib_CreateParamGetOrSet
DiskLib_CreateSibling
DiskLib_CreateType2Str
DiskLib_DBCopy
DiskLib_DBCopyIgnoreKey
DiskLib_DBEntriesRemove
DiskLib_DBEntriesSet
DiskLib_DBEnum
DiskLib_DBGet
DiskLib_DBRemove
DiskLib_DBSet
DiskLib_DBSetDelimited
DiskLib_Defragment
DiskLib_DigestCheck
DiskLib_DigestDisable
DiskLib_DigestDiskAttach
DiskLib_DigestEnable
DiskLib_DigestEnableWithParam
DiskLib_DigestFreeDiskError
DiskLib_DigestFreeInfo
DiskLib_DigestGetDefaultConfigOptions
DiskLib_DigestGetHashByOffset
DiskLib_DigestGetInfo
DiskLib_DigestNeedRecompute
DiskLib_DigestRecompute
DiskLib_DigestRecomputeWithParam
DiskLib_DigestReconstructChain
DiskLib_DisableUpit
DiskLib_DiskSpaceUsed
DiskLib_EnableUpit
DiskLib_EnumExtents
DiskLib_EnumExtentsFilesOnly
DiskLib_EnumExtentsFromHandle
DiskLib_EnumIOFilters
DiskLib_Err2MsgString
DiskLib_Err2String
DiskLib_Exit
DiskLib_FileAllocTypeIsThin
DiskLib_FileAllocTypeToAllocType
DiskLib_FinalizeCopiedChild
DiskLib_FixDescriptorAfterCombine
DiskLib_FlushFilters
DiskLib_ForceLoadFilters
DiskLib_FreeInfo
DiskLib_FreeObjExtParams
DiskLib_FreePartitionList
DiskLib_FreeSpaceUsedNodeArray
DiskLib_GenerateDigestFileName
DiskLib_GetAdapterType
DiskLib_GetAllocatedChunks
DiskLib_GetAllocatedChunksAll
DiskLib_GetCompressAlgorithm
DiskLib_GetContentID
DiskLib_GetDigestAttachOptions
DiskLib_GetDigestDiskHandle
DiskLib_GetDiskCreateTypeAtOffset
DiskLib_GetDiskFHIDAtOffset
DiskLib_GetDiskPathAtOffset
DiskLib_GetEncryptionKey
DiskLib_GetFileAllocTypeAtOffset
DiskLib_GetFiltLibContext
DiskLib_GetFragmentation
DiskLib_GetGeometry
DiskLib_GetInfo
DiskLib_GetKeyID
DiskLib_GetKeySafe
DiskLib_GetNASVAAISupportStatus
DiskLib_GetObjectId
DiskLib_GetObjectIdByFilename
DiskLib_GetParentFullPath
DiskLib_GetPartitionListFromDevice
DiskLib_GetSectorChunkSize
DiskLib_GetSize
DiskLib_GetSparseDiskInfo
DiskLib_GetStorageBlockSizes
DiskLib_GetUnmapInfo
DiskLib_Grow
DiskLib_GrowWithHandle
DiskLib_HasDigestAndOpened
DiskLib_HasDigestDisk
DiskLib_HasSectorGrainSparseLink
DiskLib_HostMaxVirtualDiskCapacity
DiskLib_ImportUnmanagedObject
DiskLib_Init
DiskLib_InvalidateSectorChunks
DiskLib_IsAttachPossible
DiskLib_IsCombinePossible
DiskLib_IsDeletable
DiskLib_IsDescriptorFile
DiskLib_IsDirty
DiskLib_IsDiskEmptyChild
DiskLib_IsDiskSBD
DiskLib_IsPromoteAllowed
DiskLib_IsVMFSSparseSupported
DiskLib_MakeError
DiskLib_MakeErrorFromAIOMgr
DiskLib_MakeErrorFromChangeTracker
DiskLib_MakeErrorFromFileIO
DiskLib_MakeErrorFromFiltLib
DiskLib_MakeErrorFromNBD
DiskLib_MakeErrorFromObj
DiskLib_MakeErrorFromPlugin
DiskLib_MakeErrorFromSystem
DiskLib_MapDiskToAdapter
DiskLib_MatchFilterPolicy
DiskLib_MatchFilterPolicyWithHandle
DiskLib_MigrateLegacy
DiskLib_Move
DiskLib_NotifyClone
DiskLib_NotifyCollapse
DiskLib_NotifyFiltersMigrationFailure
DiskLib_NotifySnapshotFailure
DiskLib_NotifySnapshotPrepare
DiskLib_NotifyUnstun
DiskLib_Open
DiskLib_OpenCOWNodeAtOffset
DiskLib_OpenWithInfo
DiskLib_PathPrefixChange
DiskLib_PluginLoadFromHandle
DiskLib_PostCloneRDM
DiskLib_PrepareChild
DiskLib_RWv
DiskLib_Read
DiskLib_ReencryptCommit
DiskLib_ReencryptDescriptor
DiskLib_ReencryptStart
DiskLib_RefreshDeltaBytes
DiskLib_RefreshDescriptor
DiskLib_Rekey
DiskLib_RekeyByFQID
DiskLib_ReleaseManagedObject
DiskLib_RemoveNativeParent
DiskLib_Rename
DiskLib_Repair
DiskLib_Reparent
DiskLib_ReparentSkipSpaceEstimates
DiskLib_RevertChild
DiskLib_SetContentID
DiskLib_SetEncryptionKey
DiskLib_SetInfo
DiskLib_SetObjectId
DiskLib_SetPerformanceHint
DiskLib_SetUUID
DiskLib_Shrink

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 476KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3765bdcaf19d3e2ce98548e7d40f730

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

59:04:09:57:f2:08:43:30:2b:a5:2a:a1:f6:ab:ce:efCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5d:aa:d4:1c:c1:a9:50:0b:5d:ed:a2:79:34:f4:62:3bCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

0c:96:47:98:c1:89:7d:e2:46:23:f5:5d:85:95:49:57:b2:c6:67:26:be:91:99:9f:5a:4e:81:9b:c8:9f:ec:a6Signer

70:9c:66:63:5a:41:c2:b6:b8:fb:a3:18:08:91:e6:eb:a1:8c:66:c1Signer

Headers

File Characteristics

Imports

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 164KB

.rdata Size: 132KB - Virtual size: 129KB

.data Size: 476KB - Virtual size: 528KB

.reloc Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

59:04:09:57:f2:08:43:30:2b:a5:2a:a1:f6:ab:ce:ef
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5d:aa:d4:1c:c1:a9:50:0b:5d:ed:a2:79:34:f4:62:3b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

0c:96:47:98:c1:89:7d:e2:46:23:f5:5d:85:95:49:57:b2:c6:67:26:be:91:99:9f:5a:4e:81:9b:c8:9f:ec:a6
Signer

70:9c:66:63:5a:41:c2:b6:b8:fb:a3:18:08:91:e6:eb:a1:8c:66:c1
Signer

.text
Size: 168KB - Virtual size: 164KB

.rdata
Size: 132KB - Virtual size: 129KB

.data
Size: 476KB - Virtual size: 528KB

.reloc
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB