проверка[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

проверка.zip
Size

27.3MB
MD5

2adc3e7db2e1911ce5fc67cd60405a7f
SHA1

63f06b7e423e586127437a9224147224b0ea0eef
SHA256

ea93621de9c641eb179dc4fa575896861dd17e283271fb7481965b883ef88bf7
SHA512

e582d7d47a0df0dfa92e2ffebf7aff89c853b5200423b74421edf71eb97e9ac0d5639a32afc92a236ed558cea1b5590396f2da70c53199cddb5b5c092b0bc939
SSDEEP

786432:2CUPjnF4XlMry/hoIPVuaczPLxovfyQfYI1HQNybM5885WPA4aTl77zJwXiMAtDd:MP741hhtuaaLxoQSHQNyiMg

Score

10^/10

Malware Config

Signatures

Nirsoft 2 IoCs

resource	yara_rule
static1/unpack001/проверка/LastActivityView.exe	Nirsoft
static1/unpack001/проверка/USBDeview.exe	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/проверка/CHECKER.exe

Files

проверка.zip
.zip
проверка/Analyzer.exe
.exe windows:4 windows x86 arch:x86

Code Sign

a3:fb:da:e5:43:2e:e4:4d:42:f2:6c:b2:68:e0:93:19
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/11/2020, 00:00

Not After

18/11/2023, 23:59

Subject

CN=Goversoft LLC,O=Goversoft LLC,POSTALCODE=19958,STREET=16192 Coastal Hwy,L=Lewes,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a3:fb:da:e5:43:2e:e4:4d:42:f2:6c:b2:68:e0:93:19
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/11/2020, 00:00

Not After

18/11/2023, 23:59

Subject

CN=Goversoft LLC,O=Goversoft LLC,POSTALCODE=19958,STREET=16192 Coastal Hwy,L=Lewes,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:19:d7:74:64:01:11:5e:de:91:87:12:ed:d3:18:7f:fa:33:2f:be:bd:2f:ea:bd:87:54:4f:35:f6:f9:7b:5d
Signer

Actual PE Digest

fe:19:d7:74:64:01:11:5e:de:91:87:12:ed:d3:18:7f:fa:33:2f:be:bd:2f:ea:bd:87:54:4f:35:f6:f9:7b:5d

Digest Algorithm

sha256

PE Digest Matches

true

da:cb:dd:fd:85:21:95:53:6d:9e:b5:0d:2a:19:50:80:d9:0f:d1:c4
Signer

Actual PE Digest

da:cb:dd:fd:85:21:95:53:6d:9e:b5:0d:2a:19:50:80:d9:0f:d1:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 970KB - Virtual size: 970KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
проверка/CHECKER.exe
.exe windows:6 windows x86 arch:x86

d23703a6f12b30c40e0b3bc256b113cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb

Imports

kernel32

CreateFileW
CloseHandle
WriteFile
DeleteFileW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateEventExW
WaitForSingleObject
SetEvent
RemoveDirectoryW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
MoveFileW
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
CreateEventW
FindClose
FindFirstFileW
GetFullPathNameW
InitializeCriticalSection
lstrcpynW
CreateThread
GetProcAddress
LoadLibraryExW
GetCurrentProcess
Sleep
WideCharToMultiByte
GetDiskFreeSpaceExW
DecodePointer
GetExitCodeThread
GetCurrentProcessId
FreeLibrary
GetSystemDirectoryW
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
lstrcmpiW
GetModuleHandleW
LoadLibraryW
GetDriveTypeW
CompareStringW
FindNextFileW
GetLogicalDriveStringsW
GetFileSize
GetFileAttributesW
GetShortPathNameW
SetFileAttributesW
GetFileTime
CopyFileW
ReadFile
SetFilePointer
SystemTimeToFileTime
MultiByteToWideChar
GetSystemInfo
WaitForMultipleObjects
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
SetUnhandledExceptionFilter
FileTimeToSystemTime
GetEnvironmentVariableW
GetSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
CreateProcessW
GetExitCodeProcess
GetWindowsDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
GetEnvironmentStringsW
LocalFree
InitializeCriticalSectionEx
LoadLibraryA
GetModuleFileNameA
GetCurrentThread
GetConsoleOutputCP
FlushFileBuffers
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process
SetConsoleTextAttribute
GetStdHandle
GetConsoleScreenBufferInfo
OutputDebugStringW
GetTickCount
GetCommandLineW
SetCurrentDirectoryW
SetEndOfFile
EnumResourceLanguagesW
GetSystemDefaultLangID
GetUserDefaultLangID
GetLocalTime
ResetEvent
GlobalFree
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
CreateNamedPipeW
ConnectNamedPipe
TerminateThread
LocalAlloc
CompareFileTime
CopyFileExW
OpenEventW
PeekNamedPipe
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetSystemTimeAsFileTime
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ReadConsoleW
WriteConsoleW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 540KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
проверка/Everything.db
проверка/Everything.exe
.exe windows:4 windows x64 arch:x64

e396317e0c41e0f27509668e8b94edb7

Code Sign

0e:ae:3b:a4:9c:f8:c1:7c:12:57:cd:df:59:7d:a8:47
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/11/2020, 00:00

Not After

17/03/2022, 23:59

Subject

CN=voidtools,O=voidtools,L=Wilmington,ST=South Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:b7:15:3c:36:66:a2:b9:9b:90:fc:48:85:59:88:ad:7b:ac:83:10:74:4f:a7:91:44:6b:95:34:71:b9:c6:bb
Signer

Actual PE Digest

c2:b7:15:3c:36:66:a2:b9:9b:90:fc:48:85:59:88:ad:7b:ac:83:10:74:4f:a7:91:44:6b:95:34:71:b9:c6:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_GetIconSize
ImageList_DrawEx
_TrackMouseEvent
InitCommonControlsEx

ws2_32

gethostbyname
WSAGetLastError
WSACleanup
closesocket
send
recv
connect
WSAAsyncSelect
setsockopt
socket
WSAStartup
shutdown
listen
bind
ntohs
getsockname
accept
inet_addr
htons
getpeername

shlwapi

PathRemoveFileSpecW
SHRegGetUSValueW
PathIsRootW
PathCombineW

kernel32

FileTimeToSystemTime
GetSystemTime
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetSystemDefaultLangID
LoadLibraryA
CopyFileW
TerminateProcess
OpenProcess
CreateMutexW
SetLastError
GetStartupInfoW
HeapAlloc
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
QueryDosDeviceW
SetErrorMode
DeleteFileW
RemoveDirectoryW
MoveFileW
MoveFileExW
CreateDirectoryW
GetFileAttributesW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetComputerNameW
GetVolumeInformationW
GetDiskFreeSpaceW
GetFullPathNameW
GetFileSize
FindFirstFileW
FindNextFileW
GetDriveTypeW
GetThreadPriority
CreateEventW
GetProcAddress
FreeLibrary
SetFilePointer
GetWindowsDirectoryW
GetCurrentDirectoryW
GetFileAttributesExW
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
__C_specific_handler
WaitForMultipleObjects
GetSystemDirectoryW
LoadLibraryW
ExpandEnvironmentStringsW
GetSystemInfo
GetVersionExA
LocalFree
LocalAlloc
ConnectNamedPipe
CreateNamedPipeW
GetTimeZoneInformation
MulDiv
GetTimeFormatW
GetNumberFormatW
GetDateFormatW
MultiByteToWideChar
HeapCreate
HeapSetInformation
GetModuleFileNameA
FlsAlloc
TlsSetValue
FlsFree
TlsFree
FlsSetValue
FlsGetValue
GetModuleHandleA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
GetTempPathW
CreateFileW
FreeConsole
AllocConsole
SetStdHandle
SetConsoleScreenBufferSize
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
WriteFile
FlushFileBuffers
GetStdHandle
GetFileType
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleW
GetLocaleInfoW
GetCalendarInfoW
DeviceIoControl
GetOverlappedResult
ResetEvent
Sleep
FindNextChangeNotification
FindFirstChangeNotificationW
GetFileInformationByHandle
GetLocalTime
FindCloseChangeNotification
FindClose
GetSystemTimeAsFileTime
GetCurrentThread
SetThreadPriority
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
GetTickCount
LeaveCriticalSection
SetEvent
GetCommandLineW
GetCurrentThreadId
GetModuleHandleW
ReadFile
GetLastError
CloseHandle
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetCurrentProcessId
HeapReAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
GetModuleFileNameW

user32

IsClipboardFormatAvailable
IsWindowVisible
SetCursor
SetCapture
ChangeClipboardChain
DrawEdge
DrawFrameControl
EqualRect
GetSubMenu
GetMenu
SetClipboardViewer
EnumWindows
ActivateKeyboardLayout
LoadIconW
IsDlgButtonChecked
SetScrollInfo
UpdateWindow
ScrollWindowEx
SetDlgItemInt
GetMenuState
RemoveMenu
GetMenuItemID
GetMenuDefaultItem
EnableMenuItem
AdjustWindowRect
GetSysColorBrush
OffsetRect
InvalidateRgn
MessageBeep
SetCursorPos
GetDlgItemInt
GetDlgCtrlID
SendDlgItemMessageW
GetDesktopWindow
ValidateRect
CharLowerW
CharUpperW
CreateIconIndirect
PostQuitMessage
GetLastActivePopup
OpenIcon
GetForegroundWindow
AttachThreadInput
SetActiveWindow
DrawTextW
BringWindowToTop
EnumChildWindows
CheckDlgButton
GetMenuItemInfoW
GetKeyboardLayoutList
LoadCursorW
CreateDialogIndirectParamW
InvalidateRect
ClientToScreen
GetAsyncKeyState
GetKeyState
IsIconic
GetWindowPlacement
IsZoomed
GetWindowTextLengthW
GetWindowTextW
GetParent
CopyRect
EmptyClipboard
SetClipboardData
GetWindowLongPtrW
SetWindowLongPtrW
SetFocus
PtInRect
FindWindowW
InsertMenuW
SetDlgItemTextW
SetForegroundWindow
BeginPaint
EndPaint
OpenClipboard
GetClipboardData
CloseClipboard
FillRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
GetClientRect
GetCapture
ReleaseCapture
ShowWindow
GetScrollInfo
IsWindowEnabled
GetFocus
GetNextDlgTabItem
EnableWindow
SetWindowPos
SetWindowTextW
SetWindowLongW
MessageBoxW
DialogBoxIndirectParamW
GetMenuItemCount
CreatePopupMenu
AppendMenuW
DeleteMenu
SetMenuItemInfoW
GetWindowLongW
AdjustWindowRectEx
CallWindowProcW
GetDlgItem
GetWindowRect
MapWindowPoints
IntersectRect
GetMonitorInfoW
SystemParametersInfoW
GetDC
ReleaseDC
SetWindowsHookExW
PeekMessageW
WaitMessage
SetMenu
RegisterClipboardFormatW
RedrawWindow
GetMessagePos
RegisterWindowMessageA
ReplyMessage
GetCursorPos
CreateMenu
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
KillTimer
GetDoubleClickTime
RegisterHotKey
ScreenToClient
UnregisterHotKey
PostThreadMessageW
GetSysColor
EndDialog
PostMessageW
DestroyIcon
SetTimer
DestroyWindow
DefWindowProcW
SendMessageTimeoutW
GetWindowThreadProcessId
IsWindow
GetKeyNameTextW
MapVirtualKeyExW
UnhookWindowsHookEx
CallNextHookEx
GetClassNameW
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
LoadImageW
GetKeyboardLayout

gdi32

GetTextAlign
SetStretchBltMode
GetDeviceCaps
GetDIBits
SelectClipRgn
CreateCompatibleDC
SetTextAlign
CreateCompatibleBitmap
OffsetClipRgn
OffsetRgn
CombineRgn
GetDCOrgEx
GetRandomRgn
EnumFontFamiliesExW
BitBlt
StretchDIBits
GetRegionData
ExtCreateRegion
GetObjectW
CreateFontIndirectW
GetStockObject
GetNearestColor
CreateSolidBrush
CreateRectRgn
CreateDIBSection
TextOutW
GetCurrentObject
ExcludeClipRect
RectVisible
GetTextExtentExPointW
GetTextExtentPoint32W
DeleteDC
SetBkMode
CreateBitmapIndirect
CreatePatternBrush
SetBrushOrgEx
SetBkColor
SetTextColor
PatBlt
SelectObject
GetTextMetricsW
StretchBlt
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseColorW
CommDlgExtendedError

advapi32

RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
DeleteService
CloseServiceHandle
RegOpenKeyA
RegQueryValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
QueryServiceConfigW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyW
RegCloseKey
RegDeleteKeyW
GetUserNameW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CreateServiceW
StartServiceW
OpenSCManagerW
OpenServiceW
ControlService
SetServiceStatus

shell32

DragQueryPoint
DragFinish
DragAcceptFiles
Shell_NotifyIconW
SHBrowseForFolderW
SHGetFileInfoW
DragQueryFileW
SHGetSpecialFolderLocation
ord16
SHFileOperationW
ShellExecuteExW
SHGetDesktopFolder
SHGetPathFromIDListW
SHChangeNotify

ole32

CoTaskMemFree
OleUninitialize
OleInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
RevokeDragDrop
DoDragDrop
RegisterDragDrop
ReleaseStgMedium

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
проверка/Everything.ini
проверка/LastActivityView.exe
.exe windows:4 windows x86 arch:x86

28d54068583ea348b007c0eb72f71f9c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba
Signer

Actual PE Digest

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
calloc
__set_app_type
_controlfp
_except_handler3
_wcmdln
realloc
_msize
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
qsort
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetLongPathNameW
QueryDosDeviceW
GetVolumeInformationW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FreeLibrary
ReadProcessMemory
DeleteFileW
SetErrorMode
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetCurrentProcess
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
DrawTextExW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
CreatePopupMenu
CallWindowProcW

gdi32

CreateFontIndirectW
SetTextColor
DeleteObject
DeleteDC
GetObjectW
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
SetPixel
SelectObject
CreateCompatibleDC

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegEnumValueW
RegConnectRegistryW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHBindToParent
SHGetDesktopFolder
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SysFreeString
SysAllocString

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
проверка/USBDeview.cfg
проверка/USBDeview.exe
.exe windows:4 windows x64 arch:x64

5f509b26c8a665d8625dcb017d97c304

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:a4:91:a6:4f:02:f1:db:64:75:75:59:f9:d4:50:d2:9f:13:c7:d0:db:4b:a7:4f:64:57:a6:96:4a:86:74:29
Signer

Actual PE Digest

38:a4:91:a6:4f:02:f1:db:64:75:75:59:f9:d4:50:d2:9f:13:c7:d0:db:4b:a7:4f:64:57:a6:96:4a:86:74:29

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\USBDeview\x64\Release\USBDeview.pdb

Imports

msvcrt

__C_specific_handler
_onexit
__dllonexit
_mbsrchr
atol
_mbsicmp
qsort
_strlwr
_mbschr
_XcptFilter
_c_exit
_exit
_cexit
exit
_acmdln
memmove
_strnicmp
free
modf
_strcmpi
memcmp
_memicmp
strchr
strrchr
strcmp
malloc
strtoul
srand
rand
_strupr
abs
_itoa
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
strlen
memcpy
_purecall
_stricmp
_snprintf
atoi
strcpy
memset
strcat
strncat
__set_app_type
_fmode
_commode
__setusermatherr
sprintf
_initterm
__getmainargs

comctl32

ord6
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked

ws2_32

WSAGetLastError
htons
bind
socket
WSASetLastError
closesocket
WSAStartup
WSACleanup
htonl
inet_addr
connect
WSAAsyncGetHostByName
WSAAsyncSelect
send

kernel32

SetEnvironmentVariableA
GetStartupInfoA
GetCurrentThreadId
OpenProcess
DeviceIoControl
Process32Next
CreateToolhelp32Snapshot
Process32First
ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
Sleep
SetErrorMode
ExpandEnvironmentStringsA
CreateProcessA
GetStdHandle
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
LoadLibraryExA
FreeLibrary
GetProcAddress
GetPrivateProfileStringA
WinExec
GetModuleFileNameA
GetComputerNameA
GetLastError
CompareFileTime
SystemTimeToFileTime
FileTimeToSystemTime
LoadLibraryA
GetDiskFreeSpaceExA
GetLogicalDrives
GetWindowsDirectoryA
GetDriveTypeA
CreateFileA
GetTickCount
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
DeleteFileA
CreateThread
GetFileSize
GlobalAlloc
GlobalLock
MultiByteToWideChar
WideCharToMultiByte
GetTimeFormatA
GlobalUnlock
GetFileAttributesA
GetVersionExA
FormatMessageA
FileTimeToLocalFileTime
GetTempPathA
SystemTimeToTzSpecificLocalTime
GetDateFormatA
LocalFree
GetSystemDirectoryA
GetTempFileNameA
GetModuleHandleA

user32

SetForegroundWindow
AttachThreadInput
EnumWindows
GetWindowThreadProcessId
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageA
DrawTextExA
IsDialogMessageA
KillTimer
TranslateMessage
GetKeyState
GetMessageA
DispatchMessageA
GetSysColorBrush
ShowWindow
LoadCursorA
ChildWindowFromPoint
ReleaseDC
GetDC
SetCursor
SetDlgItemInt
BeginPaint
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
DeferWindowPos
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
EndPaint
InvalidateRect
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
LoadImageA
GetWindowLongA
SetWindowLongA
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetWindowTextA
CheckMenuItem
EmptyClipboard
EnableMenuItem
GetMenuItemCount
GetParent
GetMenuStringA
SetClipboardData
GetSubMenu
EnableWindow
GetClassNameA
MapWindowPoints
CloseClipboard
GetCursorPos
CheckMenuRadioItem
GetSysColor
MoveWindow
OpenClipboard
GetMenu
LoadMenuA
LoadStringA
ModifyMenuA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
LoadIconA
SetTimer

gdi32

SelectObject
SetBkColor
GetStockObject
GetDeviceCaps
CreateFontIndirectA
SetBkMode
DeleteObject
SetTextColor
GetTextExtentPoint32A

comdlg32

ChooseFontA
FindTextA
GetSaveFileNameA

advapi32

CloseServiceHandle
RegConnectRegistryA
RegLoadKeyA
RegUnLoadKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegQueryInfoKeyA
RegDeleteKeyA
CryptGetHashParam
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash
OpenServiceA
ChangeServiceConfigA
StartServiceA
RegCreateKeyA
RegCloseKey
QueryServiceStatus
ControlService
OpenSCManagerA

shell32

Shell_NotifyIconA
ShellExecuteExA
ShellExecuteA

ole32

CoCreateInstance

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
проверка/Открой меня.bat
проверка/проверка.txt

Sharing

General

Malware Config

Signatures

Files

Code Sign

a3:fb:da:e5:43:2e:e4:4d:42:f2:6c:b2:68:e0:93:19Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

a3:fb:da:e5:43:2e:e4:4d:42:f2:6c:b2:68:e0:93:19Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

fe:19:d7:74:64:01:11:5e:de:91:87:12:ed:d3:18:7f:fa:33:2f:be:bd:2f:ea:bd:87:54:4f:35:f6:f9:7b:5dSigner

da:cb:dd:fd:85:21:95:53:6d:9e:b5:0d:2a:19:50:80:d9:0f:d1:c4Signer

Headers

File Characteristics

Sections

CODE Size: 970KB - Virtual size: 970KB

DATA Size: 10KB - Virtual size: 10KB

BSS Size: - Virtual size: 6KB

.idata Size: 12KB - Virtual size: 11KB

.tls Size: - Virtual size: 36B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 62KB - Virtual size: 61KB

.rsrc Size: 397KB - Virtual size: 397KB

d23703a6f12b30c40e0b3bc256b113cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 540KB - Virtual size: 540KB

.data Size: 14KB - Virtual size: 35KB

.rsrc Size: 156KB - Virtual size: 155KB

.reloc Size: 154KB - Virtual size: 153KB

e396317e0c41e0f27509668e8b94edb7

Code Sign

0e:ae:3b:a4:9c:f8:c1:7c:12:57:cd:df:59:7d:a8:47Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

c2:b7:15:3c:36:66:a2:b9:9b:90:fc:48:85:59:88:ad:7b:ac:83:10:74:4f:a7:91:44:6b:95:34:71:b9:c6:bbSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

a3:fb:da:e5:43:2e:e4:4d:42:f2:6c:b2:68:e0:93:19
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

a3:fb:da:e5:43:2e:e4:4d:42:f2:6c:b2:68:e0:93:19
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

fe:19:d7:74:64:01:11:5e:de:91:87:12:ed:d3:18:7f:fa:33:2f:be:bd:2f:ea:bd:87:54:4f:35:f6:f9:7b:5d
Signer

da:cb:dd:fd:85:21:95:53:6d:9e:b5:0d:2a:19:50:80:d9:0f:d1:c4
Signer

CODE
Size: 970KB - Virtual size: 970KB

DATA
Size: 10KB - Virtual size: 10KB

BSS
Size: - Virtual size: 6KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: - Virtual size: 36B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 62KB - Virtual size: 61KB

.rsrc
Size: 397KB - Virtual size: 397KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 540KB - Virtual size: 540KB

.data
Size: 14KB - Virtual size: 35KB

.rsrc
Size: 156KB - Virtual size: 155KB

.reloc
Size: 154KB - Virtual size: 153KB

0e:ae:3b:a4:9c:f8:c1:7c:12:57:cd:df:59:7d:a8:47
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

c2:b7:15:3c:36:66:a2:b9:9b:90:fc:48:85:59:88:ad:7b:ac:83:10:74:4f:a7:91:44:6b:95:34:71:b9:c6:bb
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 302KB - Virtual size: 301KB

.data
Size: 71KB - Virtual size: 77KB

.pdata
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 12KB - Virtual size: 12KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba
Signer

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 62KB

.rsrc
Size: 22KB - Virtual size: 21KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate