11052024_0208_TAX ORGANIZER 2023_stripped[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

11052024_0208_TAX ORGANIZER 2023_stripped.zip
Size

11.3MB
MD5

b07047a62a593388fb9ac1737aa1dd1b
SHA1

88208fa286f5d1a9160643f06c7fe2e7dd38f1d6
SHA256

9edb362c45d38d223d521d49aed8014917d81a7771026616243c1fa4ab409d1d
SHA512

6d989bfec1caf90946ea1f9161cf4e1ea52f2986d7ff2a02d61ecc8598e12f166cad4c9ef3ab4137396d53eb36e5649ce29a86a05b623314cf7300b264193245
SSDEEP

196608:zMdOlFzVl2oyrg/+uF62ouh6zvfOvb3r26HGCd+4du07EvzVO/eTHBsAdYk3:V5hFI2o+jb3r2vCd+4du07KVgeTHGAd5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TAX ORGANIZER 2023/g2m.dll

Files

11052024_0208_TAX ORGANIZER 2023_stripped.zip
.zip

Password: infected
TAX ORGANIZER 2023/Sandra 2023 Tax Organizer.exe
.exe windows:6 windows x86 arch:x86

Password: infected

5419c6d0b7a37c6f48c0d961a0d909db

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/10/2018, 00:00

Not After

03/11/2021, 12:00

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:10:c1:28:da:90:ce:50:43:d1:8e:83:8b:91:69:13:ad:36:49:d0:e1:e4:4b:74:ec:98:20:87:00:85:01:37
Signer

Actual PE Digest

90:10:c1:28:da:90:ce:50:43:d1:8e:83:8b:91:69:13:ad:36:49:d0:e1:e4:4b:74:ec:98:20:87:00:85:01:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\Communication_Cloud\G2MWTEndpoint\Production\build-g2mwt-endpoint\output\G2M_Exe.pdb

Imports

kernel32

GetStartupInfoW
GetModuleFileNameA
GetCommandLineW
GetModuleHandleA
GetProcAddress
ExitProcess
GetModuleHandleW

user32

MessageBoxA

g2m

g2mcomm_winmain

Sections

.text
Size: 1024B - Virtual size: 973B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TAX ORGANIZER 2023/g2m.dll
.dll regsvr32 windows:5 windows x86 arch:x86

Password: infected

68d2b994f2e04c39bc7b7badfe0d5509

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\p4builds\Products\GoToMeeting\release-724\output\G2M_Dll.pdb

Imports

rpcrt4

NdrCStdStubBuffer_Release
UuidToStringW
UuidCreate
RpcStringFreeW
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
CStdStubBuffer_IsIIDSupported

netapi32

NetApiBufferFree
Netbios
NetUserGetInfo
DsGetDcNameW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetModuleInformation
GetModuleFileNameExW

wsock32

send
recv
WSAGetLastError
shutdown
recvfrom
ntohl
inet_addr
sendto
setsockopt
select
ntohs
htonl
getsockopt
getsockname
getpeername
connect
WSACleanup
__WSAFDIsSet
gethostname
gethostbyname
accept
bind
closesocket
inet_ntoa
htons
ioctlsocket
listen
socket
WSAStartup
WSASetLastError

shlwapi

PathRemoveExtensionW
PathStripPathW
StrChrW
StrFormatByteSizeW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

powrprof

CallNtPowerInformation

secur32

InitSecurityInterfaceA
GetUserNameExW

wininet

HttpQueryInfoW
InternetErrorDlg
HttpEndRequestW
HttpAddRequestHeadersW
InternetSetStatusCallbackW
InternetSetOptionW
InternetConnectW
InternetReadFileExA
HttpSendRequestExW
InternetQueryOptionW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetCloseHandle
InternetOpenW
InternetCreateUrlW
HttpOpenRequestW

kernel32

FileTimeToSystemTime
GlobalMemoryStatusEx
LocalAlloc
GetSystemInfo
lstrcmpiW
lstrlenA
GetLocaleInfoW
OpenProcess
GetCurrentThread
GetShortPathNameW
GetModuleHandleExW
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
FindClose
SetFileTime
GetTempFileNameW
GetDiskFreeSpaceExW
GetFileAttributesW
DeleteFileW
FindFirstFileW
CopyFileW
MoveFileW
GetLocalTime
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
ReleaseMutex
CreateMutexW
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
InitializeCriticalSection
TerminateProcess
GetExitCodeProcess
CreateProcessW
CompareFileTime
FindNextFileW
WaitForMultipleObjects
GetProcessTimes
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetTimeFormatW
GetDateFormatW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ResetEvent
CreateEventW
OpenEventW
QueryDosDeviceW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
LoadResource
SizeofResource
FindResourceW
HeapReAlloc
HeapSize
GetProcessHeap
OpenMutexW
MulDiv
GetTempPathA
CreateDirectoryA
GetWindowsDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
SystemTimeToFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
lstrcmpW
CreateWaitableTimerW
SetWaitableTimer
SetProcessShutdownParameters
GetCommandLineW
GetVersionExA
GetFileTime
LockResource
GlobalFree
Thread32First
Thread32Next
ExitProcess
InterlockedExchange
InterlockedExchangeAdd
GetProcessId
DuplicateHandle
CreateThread
OpenFileMappingW
lstrlenW
LoadLibraryExA
TlsFree
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetSystemWindowsDirectoryW
LoadLibraryW
SetEvent
CreateEventA
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetFileSize
WaitForSingleObject
GetCurrentThreadId
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryW
LoadLibraryExW
GetVersionExW
IsBadReadPtr
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
SetUnhandledExceptionFilter
GetCurrentProcess
FreeLibrary
OutputDebugStringW
FormatMessageW
LocalFree
SetThreadLocale
GetThreadLocale
GetModuleHandleW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
InterlockedDecrement
InterlockedIncrement
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DisableThreadLibraryCalls
DecodePointer
AreFileApisANSI
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
SetLastError
GetSystemTime
CompareStringW
FreeLibraryAndExitThread
WaitForSingleObjectEx
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateSemaphoreW
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
RegisterWaitForSingleObject
ReadConsoleInputA
SetConsoleMode
LocalFileTimeToFileTime
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
RtlUnwind
GetACP
ExitThread
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetCommandLineA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
FormatMessageA
GetStringTypeW
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA
ReadConsoleW
ReleaseSemaphore
GetModuleHandleA
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
UnregisterWait
VirtualProtect
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GetSystemDefaultLCID
EnumResourceLanguagesW
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
VerifyVersionInfoW
VerSetConditionMask
InterlockedCompareExchange
OpenEventA
GetFileSizeEx
GetExitCodeThread
MoveFileA
FindNextFileA
FindFirstFileA
GetFileAttributesExA
SetThreadAffinityMask
GetProcessAffinityMask
CreateWaitableTimerA
SetPriorityClass
FreeConsole
AllocConsole
OutputDebugStringA
CreateMutexA
GetLocaleInfoA
GetNativeSystemInfo
CreateSemaphoreA
GetOverlappedResult
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
FoldStringW
GetVolumeInformationW
WaitNamedPipeW
CreateNamedPipeW
SetThreadExecutionState
ExpandEnvironmentStringsW
FreeResource
GetThreadTimes
OpenThread
GetUserDefaultUILanguage
GetStdHandle

gdi32

SetPixel
SetROP2
GetClipRgn
IntersectClipRect
CreateBitmap
GetObjectA
ExtTextOutW
GetRgnBox
GetRegionData
EqualRgn
CreateRectRgnIndirect
DPtoLP
OffsetRgn
GetSystemPaletteEntries
CreatePalette
Polyline
GetPaletteEntries
SetDIBColorTable
GetDIBColorTable
CreateDIBSection
SaveDC
RestoreDC
GetDCOrgEx
CreateDCW
FillRgn
PtInRegion
CreatePen
Polygon
SetPolyFillMode
PaintRgn
FrameRgn
SetDCPenColor
SetDCBrushColor
Rectangle
CreateEllipticRgn
GetTextMetricsW
SetBkColor
CreatePolygonRgn
CreateRoundRectRgn
SetStretchBltMode
StretchBlt
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
SetPixelV
SetMapMode
SelectClipRgn
LineTo
GetPixel
GetClipBox
SetRectRgn
ExcludeClipRect
CreateRectRgn
CombineRgn
GetTextExtentPoint32W
SetDIBits
GetDIBits
CreateDIBitmap
GetBitmapBits
TextOutW
SetTextColor
GetTextColor
GetBkMode
CreateFontW
CreateFontIndirectW
SetBrushOrgEx
SetBkMode
CreatePatternBrush
GetObjectW
SelectObject
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW
CommDlgExtendedError

ole32

OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoGetCurrentProcess
StringFromGUID2
CoRegisterClassObject
CoInitialize
CoRegisterPSClsid
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
StringFromCLSID
PropVariantClear
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoRevokeClassObject
CoGetCallContext
CoSetProxyBlanket
CoDisconnectObject
CoInitializeSecurity
CoGetObject
CoCreateGuid
StringFromIID
IIDFromString
CoFreeUnusedLibraries
CoCreateInstance
CoInitializeEx
CoUninitialize
OleUninitialize
OleInitialize
OleRun

oleaut32

SafeArrayUnaccessData
OleLoadPicturePath
VarBstrCat
SafeArrayAccessData
SafeArrayCreate
OleLoadPicture
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
VariantClear
VariantInit
SysStringByteLen
SysAllocStringLen
VarUI4FromStr
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantChangeType
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SysAllocStringByteLen
SafeArrayGetUBound
OleCreatePropertyFrame
VariantCopy
VarBstrCmp
SystemTimeToVariantTime
SafeArrayGetLBound
LPSAFEARRAY_UserUnmarshal

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

comctl32

ord412
InitCommonControlsEx
ord410
ord413

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winmm

mixerClose
mixerGetNumDevs
timeSetEvent
timeKillEvent
timeGetTime
mmioAscend
mmioDescend
mmioRead
mmioClose
mmioOpenA
mmioOpenW
waveOutPause
waveInGetPosition
waveInReset
waveInStop
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInGetErrorTextW
waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutGetErrorTextW
waveOutSetVolume
waveOutGetVolume
timeBeginPeriod
mixerSetControlDetails
timeEndPeriod
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetLineInfoW
waveInGetNumDevs
mixerGetDevCapsW
mixerOpen
waveOutMessage
waveInMessage
waveOutGetDevCapsW
waveInGetDevCapsW
waveOutGetNumDevs
waveInOpen
waveOutOpen
waveInClose
waveOutClose
mixerGetID
waveInGetID
waveOutGetID

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

d3d9

Direct3DCreate9

msacm32

acmStreamPrepareHeader
acmStreamClose
acmStreamUnprepareHeader
acmStreamOpen
acmStreamConvert

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

iphlpapi

GetAdaptersInfo

crypt32

CertCreateCertificateContext
CertAddEncodedCertificateToStore
CertGetNameStringA
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertCloseStore
CertOpenStore
CertGetNameStringW

ws2_32

WSAAddressToStringA
getaddrinfo
freeaddrinfo
getnameinfo
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSASetEvent
WSASend
WSAIoctl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
g2mcomm_winmain
g2minstaller_winmain
g2minsthigh_winmain
g2mlauncher_winmain
g2mstart_winmain
g2mui_winmain
g2muninstall_winmain
g2mupdate_winmain
g2mupload_winmain
g2mvideoconference_winmain

Sections

.text
Size: 22.0MB - Virtual size: 22.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 903KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 430KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IPPDATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 970KB - Virtual size: 970KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5419c6d0b7a37c6f48c0d961a0d909db

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

90:10:c1:28:da:90:ce:50:43:d1:8e:83:8b:91:69:13:ad:36:49:d0:e1:e4:4b:74:ec:98:20:87:00:85:01:37Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

g2m

Sections

.text Size: 1024B - Virtual size: 973B

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 4B

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 20KB - Virtual size: 19KB

Password: infected

68d2b994f2e04c39bc7b7badfe0d5509

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

netapi32

psapi

wsock32

shlwapi

version

powrprof

secur32

wininet

kernel32

gdi32

comdlg32

ole32

oleaut32

wtsapi32

comctl32

userenv

winmm

avicap32

d3d9

msacm32

setupapi

iphlpapi

crypt32

ws2_32

Exports

Exports

Sections

.text Size: 22.0MB - Virtual size: 22.0MB

.orpc Size: 3KB - Virtual size: 4KB

IPPCODE Size: 903KB - Virtual size: 904KB

.rdata Size: 3.6MB - Virtual size: 3.6MB

.data Size: 430KB - Virtual size: 1.6MB

IPPDATA Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

07:77:dd:21:cf:5d:c9:dc:78:5a:cb:ae:2a:02:bb:26
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

90:10:c1:28:da:90:ce:50:43:d1:8e:83:8b:91:69:13:ad:36:49:d0:e1:e4:4b:74:ec:98:20:87:00:85:01:37
Signer

.text
Size: 1024B - Virtual size: 973B

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 4B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 22.0MB - Virtual size: 22.0MB

.orpc
Size: 3KB - Virtual size: 4KB

IPPCODE
Size: 903KB - Virtual size: 904KB

.rdata
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 430KB - Virtual size: 1.6MB

IPPDATA
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

_RDATA
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 970KB - Virtual size: 970KB