privateloader | 0x0007000000015d1e-104[.]dat

Sharing

Copy URL Twitter E-mail

General

Target

0x0007000000015d1e-104.dat
Size

23.2MB
MD5

8721b105e2efed4fdb463323d81f0a68
SHA1

7d277e0906ce4107542fbb24553a8db4d99fa758
SHA256

9d090f43c035ae5ef025a82d7308672a05996ee41cb44b1fd3951f2244602a68
SHA512

3e3a8a11392e41b685d826fcf3db0036533a738f1026c7774b7200e6403f3549b65c8fee61c9d6e43e5da3c3d090a26ea8faa65c577196d5fadb7bdc72ba587f
SSDEEP

393216:hVp/ry7BsnFZrzzGcsUPdsnwINNxKwhT/Sa3sy8YPOjRfo1eDrGt7kfbooeXJ6zu:YGsoCPBZ

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Files

0x0007000000015d1e-104.dat
.dll windows:6 windows x64 arch:x64

dbe7ed7ae6e20148ea86acfc00ecbbe2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:d3:31:21:0e:f4:60:b7:18:3e:a2:a9:c5:78:18:cc
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

18/11/2022, 00:00

Not After

18/11/2023, 23:59

Subject

CN=Zhou Huabing,O=Zhou Huabing,ST=Central Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:54:06:f3:b1:c3:fd:14:83:45:59:f7:fb:3b:54:71:60:80:c3:61
Signer

Actual PE Digest

c9:54:06:f3:b1:c3:fd:14:83:45:59:f7:fb:3b:54:71:60:80:c3:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

sas

SendSAS

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsA
WTSFreeMemory

secur32

LsaFreeReturnBuffer
LsaEnumerateLogonSessions
LsaGetLogonSessionData

kernel32

ReadFile
SetFilePointer
ResetEvent
ReleaseMutex
CreateMutexA
Sleep
GlobalSize
GlobalFree
MultiByteToWideChar
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
LoadLibraryExA
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
WakeConditionVariable
SleepConditionVariableCS
InitializeConditionVariable
CreateSemaphoreW
SetThreadPriority
WakeAllConditionVariable
TryEnterCriticalSection
InitOnceBeginInitialize
InitOnceComplete
GetStdHandle
GetConsoleMode
WriteConsoleW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
InitializeSRWLock
GetSystemDirectoryW
GetModuleFileNameW
GetSystemTimeAsFileTime
GetProcessAffinityMask
SetThreadErrorMode
GetModuleHandleExW
SwitchToThread
MoveFileExA
MoveFileExW
CreateEventW
WaitForMultipleObjectsEx
WideCharToMultiByte
GetCurrentThread
RtlCaptureContext
GetLogicalDrives
SetFileTime
RtlLookupFunctionEntry
SetConsoleMode
GetSystemInfo
GetDiskFreeSpaceExW
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
ReadProcessMemory
VirtualQueryEx
GetTickCount64
GlobalMemoryStatusEx
SetErrorMode
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetFileType
GetFileInformationByHandleEx
SetHandleInformation
InitializeCriticalSection
GetFileSize
DuplicateHandle
GetLogicalProcessorInformation
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx
SetFileCompletionNotificationModes
ConnectNamedPipe
CancelIoEx
GetOverlappedResult
WriteFile
FreeEnvironmentStringsW
CompareStringOrdinal
SetThreadStackGuarantee
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
WriteFileEx
SleepEx
HeapReAlloc
GetFileInformationByHandle
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
GetFinalPathNameByHandleW
CopyFileExW
CancelIo
ExitProcess
GetFullPathNameW
ReadFileEx
WaitForMultipleObjects
GetWindowsDirectoryW
CreateProcessW
ReadConsoleW
TlsGetValue
TlsSetValue
GetTempPathW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
LocalAlloc
LocalFree
CreateNamedPipeW
SleepConditionVariableSRW
GlobalAlloc
GlobalUnlock
GlobalLock
GetModuleHandleW
LoadLibraryA
lstrlenW
RtlVirtualUnwind
FileTimeToSystemTime
GetCurrentDirectoryW
ReleaseSemaphore
GetNativeSystemInfo
FreeLibrary
LoadLibraryExW
GetComputerNameExW
SetLastError
GetUserDefaultLocaleName
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ProcessIdToSessionId
CreateThread
SetConsoleCtrlHandler
CreateSemaphoreA
GetExitCodeProcess
ResumeThread
QueueUserAPC
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
WTSGetActiveConsoleSessionId
GetProcAddress
SetNamedPipeHandleState
CreateFileW
CreateEventA
SetThreadExecutionState
GetCurrentProcess
OpenProcess
GetCurrentProcessId
OutputDebugStringW
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleOutputCP
PeekNamedPipe
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedFlushSList
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FormatMessageW
TryAcquireSRWLockExclusive
SetEvent
LoadLibraryW
TerminateProcess
GetLastError
GetCurrentThreadId
GetModuleHandleExA
WaitForSingleObject
CloseHandle
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
HeapSize
HeapQueryInformation
SetStdHandle
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetFileTime

advapi32

StartServiceCtrlDispatcherW
RegDeleteTreeW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
CreateProcessWithLogonW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyExW
CreateProcessAsUserW
RegisterServiceCtrlHandlerExW
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
AdjustTokenPrivileges
DuplicateTokenEx
ImpersonateLoggedOnUser
LookupPrivilegeValueW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
LookupAccountSidW
CopySid
GetLengthSid
IsValidSid
SetServiceStatus
SystemFunction036
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
CreateProcessWithTokenW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
CoSetProxyBlanket
CoInitializeSecurity
PropVariantClear
StringFromGUID2
ReleaseStgMedium
OleIsCurrentClipboard
OleGetClipboard
OleSetClipboard
OleUninitialize

user32

SetWindowLongPtrW
EmptyClipboard
RegisterClipboardFormatW
SetClipboardData
MsgWaitForMultipleObjectsEx
GetRawInputData
GetKeyboardState
MapVirtualKeyExW
GetSystemMetrics
VkKeyScanExW
RegisterClassExA
CreateWindowExA
GetClipboardOwner
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatA
CountClipboardFormats
EnumClipboardFormats
GetClipboardFormatNameA
IsClipboardFormatAvailable
LoadCursorA
FindWindowExA
GetDesktopWindow
ExitWindowsEx
AttachThreadInput
SetWindowPos
AdjustWindowRectEx
GetMenu
GetWindowLongW
GetMessageA
LockWorkStation
GetCursorPos
GetCursorInfo
DefWindowProcA
SetWindowsHookExA
DispatchMessageA
UnhookWindowsHookEx
GetMessageW
DestroyAcceleratorTable
PostQuitMessage
AppendMenuW
InsertMenuW
VkKeyScanW
ClientToScreen
DispatchMessageW
RedrawWindow
ValidateRect
PostThreadMessageW
PeekMessageW
MapVirtualKeyW
GetUpdateRect
PostMessageW
GetIconInfo
CreatePopupMenu
CreateMenu
SetMenuItemInfoW
DrawIconEx
CheckMenuItem
CreateWindowExW
RegisterClassW
TrackPopupMenu
DefWindowProcW
CreateIcon
DestroyIcon
RegisterWindowMessageA
PostMessageA
SendMessageA
GetUserObjectInformationA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop
EnumDisplaySettingsExW
EnumDisplayDevicesW
GetKeyState
CallNextHookEx
FindWindowA
PostThreadMessageA
DestroyWindow
GetDC
ReleaseDC
BlockInput
GetForegroundWindow
GetWindowThreadProcessId
InvalidateRgn
RegisterRawInputDevices
CloseClipboard
GetDoubleClickTime
ChangeDisplaySettingsExW
MessageBoxW
ToUnicodeEx
GetKeyboardLayout
EnumDisplaySettingsW
SetForegroundWindow
SendMessageW
FindWindowW
GetClipboardData
OpenClipboard
RegisterClassExW
SendInput
TranslateMessage
CreateAcceleratorTableW
ShowWindow

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

ntdll

NtQuerySystemInformation
NtQueryInformationProcess
RtlGetVersion
NtCancelIoFileEx
NtReadFile
NtDeviceIoControlFile
NtWriteFile
RtlNtStatusToDosError
NtCreateFile

crypt32

CertNameToStrA
CertCloseStore
CertEnumCertificatesInStore
CryptHashCertificate
CertOpenSystemStoreA

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory1

gdi32

GetObjectA
GetBitmapBits
CreateCompatibleDC
SelectObject
DeleteDC
GetDIBits
CreateDIBSection
DeleteObject
CreateCompatibleBitmap
BitBlt
CreateDCW

iphlpapi

GetIfTable2
FreeMibTable
SendARP
GetAdaptersAddresses
GetIfEntry2

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetUserGetInfo
NetUserEnum

oleaut32

GetErrorInfo
SysAllocString
VariantClear
SysStringLen
SysFreeString

pdh

PdhRemoveCounter
PdhCloseQuery
PdhOpenQueryA
PdhAddEnglishCounterW
PdhGetFormattedCounterValue
PdhCollectQueryData

powrprof

CallNtPowerInformation

psapi

GetModuleFileNameExW
GetPerformanceInfo

shell32

Shell_NotifyIconW
ShellExecuteExW
SHAddToRecentDocs
ShellExecuteW
CommandLineToArgvW
SHGetKnownFolderPath
Shell_NotifyIconGetRect

ws2_32

WSAIoctl
getaddrinfo
closesocket
connect
WSAGetLastError
bind
listen
getsockname
getpeername
getsockopt
ioctlsocket
shutdown
recv
recvfrom
send
sendto
freeaddrinfo
setsockopt
WSASocketW
accept
WSASend
socket
WSAStartup
WSACleanup

comctl32

SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Exports

Exports

drop_dart_object
free_WireSyncReturn
free_c_args
free_zero_copy_buffer_f32
free_zero_copy_buffer_f64
free_zero_copy_buffer_i16
free_zero_copy_buffer_i32
free_zero_copy_buffer_i64
free_zero_copy_buffer_i8
free_zero_copy_buffer_u16
free_zero_copy_buffer_u32
free_zero_copy_buffer_u64
free_zero_copy_buffer_u8
get_dart_object
get_rgba
init_frb_dart_api_dl
new_StringList_0
new_dart_opaque
new_uint_8_list_0
privacy_mode_hook_keyboard
privacy_mode_hook_mouse
rustdesk_core_main_args
session_get_rgba
session_get_rgba_size
session_next_rgba
session_register_texture
store_dart_post_cobject
translate
wire_cm_can_elevate
wire_cm_check_click_time
wire_cm_check_clients_length
wire_cm_close_connection
wire_cm_close_voice_call
wire_cm_elevate_portable
wire_cm_get_click_time
wire_cm_get_clients_length
wire_cm_get_clients_state
wire_cm_handle_incoming_voice_call
wire_cm_init
wire_cm_login_res
wire_cm_remove_disconnected_connection
wire_cm_send_chat
wire_cm_switch_back
wire_cm_switch_permission
wire_get_double_click_time
wire_get_local_flutter_config
wire_get_local_kb_layout_type
wire_host_stop_system_key_propagate
wire_install_install_me
wire_install_install_path
wire_install_run_without_install
wire_install_show_run_without_install
wire_main_account_auth
wire_main_account_auth_cancel
wire_main_account_auth_result
wire_main_change_id
wire_main_change_language
wire_main_change_theme
wire_main_check_connect_status
wire_main_check_mouse_time
wire_main_check_super_user_permission
wire_main_create_shortcut
wire_main_current_is_wayland
wire_main_default_video_save_directory
wire_main_device_id
wire_main_device_name
wire_main_discover
wire_main_forget_password
wire_main_get_api_server
wire_main_get_app_name
wire_main_get_app_name_sync
wire_main_get_async_status
wire_main_get_build_date
wire_main_get_connect_status
wire_main_get_current_display
wire_main_get_data_dir_ios
wire_main_get_default_sound_input
wire_main_get_env
wire_main_get_error
wire_main_get_fav
wire_main_get_fingerprint
wire_main_get_home_dir
wire_main_get_hostname
wire_main_get_lan_peers
wire_main_get_langs
wire_main_get_last_remote_id
wire_main_get_license
wire_main_get_local_option
wire_main_get_mouse_time
wire_main_get_my_id
wire_main_get_new_version
wire_main_get_option
wire_main_get_options
wire_main_get_peer
wire_main_get_peer_option
wire_main_get_peer_option_sync
wire_main_get_permanent_password
wire_main_get_socks
wire_main_get_software_update_url
wire_main_get_sound_inputs
wire_main_get_temporary_password
wire_main_get_user_default_option
wire_main_get_uuid
wire_main_get_version
wire_main_goto_install
wire_main_handle_relay_id
wire_main_has_hwcodec
wire_main_hide_docker
wire_main_init
wire_main_is_can_input_monitoring
wire_main_is_can_screen_recording
wire_main_is_installed
wire_main_is_installed_daemon
wire_main_is_installed_lower_version
wire_main_is_login_wayland
wire_main_is_process_trusted
wire_main_is_rdp_service_open
wire_main_is_root
wire_main_is_share_rdp
wire_main_is_using_public_server
wire_main_load_fav_peers
wire_main_load_lan_peers
wire_main_load_recent_peers
wire_main_load_recent_peers_sync
wire_main_on_main_window_close
wire_main_peer_has_password
wire_main_post_request
wire_main_remove_discovered
wire_main_remove_peer
wire_main_set_home_dir
wire_main_set_local_option
wire_main_set_option
wire_main_set_options
wire_main_set_peer_alias
wire_main_set_peer_option
wire_main_set_peer_option_sync
wire_main_set_permanent_password
wire_main_set_share_rdp
wire_main_set_socks
wire_main_set_user_default_option
wire_main_start_dbus_server
wire_main_start_grab_keyboard
wire_main_start_ipc_url_server
wire_main_start_pa
wire_main_start_service
wire_main_stop_service
wire_main_store_fav
wire_main_supported_hwdecodings
wire_main_test_if_valid_server
wire_main_update_me
wire_main_update_temporary_password
wire_main_use_texture_render
wire_main_wol
wire_option_synced
wire_plugin_enable
wire_plugin_event
wire_plugin_feature_is_enabled
wire_plugin_get_session_option
wire_plugin_get_shared_option
wire_plugin_install
wire_plugin_is_enabled
wire_plugin_list_reload
wire_plugin_register_event_stream
wire_plugin_reload
wire_plugin_set_session_option
wire_plugin_set_shared_option
wire_plugin_sync_ui
wire_query_onlines
wire_send_url_scheme
wire_session_add_job
wire_session_add_port_forward
wire_session_add_sync
wire_session_alternative_codecs
wire_session_cancel_job
wire_session_change_prefer_codec
wire_session_change_resolution
wire_session_close
wire_session_close_voice_call
wire_session_create_dir
wire_session_ctrl_alt_del
wire_session_elevate_direct
wire_session_elevate_with_logon
wire_session_enter_or_leave
wire_session_get_audit_server_sync
wire_session_get_custom_image_quality
wire_session_get_flutter_config
wire_session_get_image_quality
wire_session_get_keyboard_mode
wire_session_get_option
wire_session_get_peer_option
wire_session_get_platform
wire_session_get_remember
wire_session_get_scroll_style
wire_session_get_toggle_option
wire_session_get_toggle_option_sync
wire_session_get_view_style
wire_session_handle_flutter_key_event
wire_session_input_key
wire_session_input_os_password
wire_session_input_string
wire_session_is_keyboard_mode_supported
wire_session_load_last_transfer_jobs
wire_session_lock_screen
wire_session_login
wire_session_new_rdp
wire_session_peer_option
wire_session_read_dir_recursive
wire_session_read_local_dir_sync
wire_session_read_remote_dir
wire_session_reconnect
wire_session_record_screen
wire_session_refresh
wire_session_remove_all_empty_dirs
wire_session_remove_file
wire_session_remove_port_forward
wire_session_request_voice_call
wire_session_restart_remote_device
wire_session_resume_job
wire_session_send_chat
wire_session_send_files
wire_session_send_mouse
wire_session_send_note
wire_session_set_confirm_override_file
wire_session_set_custom_fps
wire_session_set_custom_image_quality
wire_session_set_flutter_config
wire_session_set_image_quality
wire_session_set_keyboard_mode
wire_session_set_scroll_style
wire_session_set_size
wire_session_set_view_style
wire_session_start
wire_session_switch_display
wire_session_switch_sides
wire_session_toggle_option
wire_set_cur_session_id
wire_set_local_flutter_config
wire_set_local_kb_layout_type
wire_start_global_event_stream
wire_stop_global_event_stream
wire_version_to_number

Sections

.text
Size: 15.5MB - Virtual size: 15.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbe7ed7ae6e20148ea86acfc00ecbbe2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

af:d3:31:21:0e:f4:60:b7:18:3e:a2:a9:c5:78:18:ccCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c9:54:06:f3:b1:c3:fd:14:83:45:59:f7:fb:3b:54:71:60:80:c3:61Signer

Headers

DLL Characteristics

File Characteristics

Imports

sas

wtsapi32

secur32

kernel32

advapi32

ole32

user32

bcrypt

ntdll

crypt32

d3d11

dxgi

gdi32

iphlpapi

netapi32

oleaut32

pdh

powrprof

psapi

shell32

ws2_32

comctl32

userenv

Exports

Exports

Sections

.text Size: 15.5MB - Virtual size: 15.5MB

.rodata Size: 2KB - Virtual size: 2KB

.rdata Size: 7.2MB - Virtual size: 7.2MB

.data Size: 49KB - Virtual size: 467KB

.pdata Size: 312KB - Virtual size: 312KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 157KB - Virtual size: 157KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

af:d3:31:21:0e:f4:60:b7:18:3e:a2:a9:c5:78:18:cc
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c9:54:06:f3:b1:c3:fd:14:83:45:59:f7:fb:3b:54:71:60:80:c3:61
Signer

.text
Size: 15.5MB - Virtual size: 15.5MB

.rodata
Size: 2KB - Virtual size: 2KB

.rdata
Size: 7.2MB - Virtual size: 7.2MB

.data
Size: 49KB - Virtual size: 467KB

.pdata
Size: 312KB - Virtual size: 312KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 157KB - Virtual size: 157KB