21dd36b346225338166253c3e0ca4778ef6483ee9450c5545f08fa32c6551e80

Sharing

Copy URL

Twitter E-mail

General

Target

21dd36b346225338166253c3e0ca4778ef6483ee9450c5545f08fa32c6551e80
Size

66.7MB
MD5

fbfe9248c391c982487d8bde36c209e1
SHA1

46a638b03230b1ec7a1c38f500f65b1162ec436b
SHA256

21dd36b346225338166253c3e0ca4778ef6483ee9450c5545f08fa32c6551e80
SHA512

f68b466184b260829f36eed9d2ae2232b045a2e99c0d759d8aad5136e69f0db04e62f38bed663e53fabf884d75e51f676d49917dda617a9a115da3251b68b341
SSDEEP

1572864:qaYRq3Y6SFZKAGZTewa26ACHqeuK3Ma6lMQfg0N3Bf:XYGGuFwUBf

Score

1^/10

Malware Config

Signatures

Files

21dd36b346225338166253c3e0ca4778ef6483ee9450c5545f08fa32c6551e80
.exe windows:5 windows x64 arch:x64

35449235accc7aa192318dc9e9097a83

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:85:46:19:4d:5b:75:9e:c1:23:20:62
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

25-10-2021 11:47

Not After

25-01-2025 11:47

Subject

SERIALNUMBER=10903332,CN=GENER8 ADS LIMITED,O=GENER8 ADS LIMITED,STREET=85 Frampton Street,L=London,ST=Greater London,C=GB,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

43:35:21:2a:fe:b9:f7:cb:f4:21:ea:bf:44:f8:c5:0b:f2:eb:44:a5:b1:61:9f:4e:03:6f:1d:21:a6:7f:a9:ef
Signer

Actual PE Digest

43:35:21:2a:fe:b9:f7:cb:f4:21:ea:bf:44:f8:c5:0b:f2:eb:44:a5:b1:61:9f:4e:03:6f:1d:21:a6:7f:a9:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

setup.exe.pdb

Imports

netapi32

NetApiBufferFree
NetGetJoinInformation

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

gdi32

BitBlt
CancelDC
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteObject
EndDoc
EndPage
ExtEscape
GetCurrentObject
GetDeviceCaps
GetObjectW
GetStockObject
GetTextMetricsW
GetWorldTransform
ModifyWorldTransform
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SetAbortProc
SetArcDirection
SetBkColor
SetBkMode
SetBrushOrgEx
SetDCBrushColor
SetDCPenColor
SetDIBitsToDevice
SetGraphicsMode
SetROP2
SetStretchBltMode
SetTextColor
SetWorldTransform
StartDocW
StartPage
StretchBlt

oleaut32

LoadRegTypeLi
LoadTypeLi
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayPutElement
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VarBstrCmp
VarUI4FromStr
VariantClear
VariantCopy
VariantInit

shell32

CommandLineToArgvW
DragQueryFileW
ord190
ord155
ord680
SHChangeNotify
SHCreateItemFromParsingName
SHGetDesktopFolder
SHGetFolderPathW
SHGetKnownFolderPath
SHGetSpecialFolderPathW
SHOpenWithDialog
SHQueryUserNotificationState
ShellExecuteExW
ShellExecuteW

user32

AllowSetForegroundWindow
BeginPaint
CallNextHookEx
CallWindowProcW
CharNextW
CharUpperW
ClientToScreen
ClipCursor
CloseClipboard
CreateCaret
CreateWindowExW
DefRawInputProc
DefWindowProcW
DestroyCaret
DestroyWindow
DispatchMessageW
DisplayConfigGetDeviceInfo
DrawEdge
DrawFocusRect
DrawFrameControl
EmptyClipboard
EnableWindow
EndPaint
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsW
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowW
FrameRect
GetActiveWindow
GetAncestor
GetAsyncKeyState
GetCapture
GetClassInfoExW
GetClassNameW
GetClientRect
GetClipboardData
GetClipboardSequenceNumber
GetCursorPos
GetDC
GetDesktopWindow
GetDisplayConfigBufferSizes
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetGuiResources
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastInputInfo
GetLayeredWindowAttributes
GetMessageW
GetMonitorInfoW
GetParent
GetPropW
GetQueueStatus
GetRawInputData
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetThreadDesktop
GetUserObjectSecurity
GetWindow
GetWindowLongPtrW
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InflateRect
IntersectRect
InvertRect
IsClipboardFormatAvailable
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadIconW
MapWindowPoints
MessageBoxW
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjectsEx
NotifyWinEvent
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PrintWindow
QueryDisplayConfig
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterPowerSettingNotification
RegisterRawInputDevices
RegisterTouchWindow
ReleaseDC
RemovePropW
ScreenToClient
SendMessageW
SetCaretPos
SetClipboardData
SetForegroundWindow
SetKeyboardState
SetParent
SetPropW
SetTimer
SetWinEventHook
SetWindowLongPtrW
SetWindowLongW
SetWindowPos
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
ToUnicodeEx
TrackMouseEvent
TranslateMessage
UnhookWinEvent
UnhookWindowsHookEx
UnregisterClassW
UnregisterDeviceNotification
UnregisterPowerSettingNotification
WindowFromPoint

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime
waveOutClose
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutUnprepareHeader
waveOutWrite

ws2_32

WSACloseEvent
WSACreateEvent
WSADuplicateSocketW
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextW
WSARecvFrom
WSAResetEvent
WSASend
WSASendTo
WSASetServiceW
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
sendto
setsockopt
shutdown
socket

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
CancelIo
CheckRemoteDebuggerPresent
ClearCommError
CloseHandle
CompareStringW
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateJobObjectW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExW
FindNextFileA
FindNextFileW
FindResourceW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushInstructionCache
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommModemStatus
GetCommState
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleDisplayMode
GetConsoleMode
GetConsoleOutputCP
GetCurrencyFormatEx
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatEx
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetGeoInfoW
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetNumberFormatEx
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetPrivateProfileStringW
GetProcAddress
GetProcessHandleCount
GetProcessHeap
GetProcessId
GetProcessIoCounters
GetProcessTimes
GetProductInfo
GetQueuedCompletionStatus
GetShortPathNameW
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadId
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetTickCount
GetTimeFormatEx
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetUserGeoID
GetUserPreferredUILanguages
GetVersionExW
GetVolumeInformationW
GetVolumePathNameW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalSize
GlobalUnlock
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
HeapValidate
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessInJob
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32EnumProcessModules
K32GetModuleInformation
K32GetPerformanceInfo
K32GetProcessMemoryInfo
K32QueryWorkingSetEx
LCIDToLocaleName
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocaleNameToLCID
LockFile
LockFileEx
LockResource
MapViewOfFile
MapViewOfFileEx
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenMutexW
OpenProcess
OpenThread
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
PowerClearRequest
PowerCreateRequest
PowerSetRequest
Process32FirstW
Process32NextW
ProcessIdToSessionId
PurgeComm
QueryFullProcessImageNameW
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
QueryProcessCycleTime
QueryThreadCycleTime
QueueUserAPC
RaiseException
RaiseFailFastException
ReadConsoleW
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ReplaceFileW
ResetEvent
ResolveLocaleName
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlCaptureStackBackTrace
RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetInformationJobObject
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetProcessShutdownParameters
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SleepEx
SuspendThread
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransactNamedPipe
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WerRegisterRuntimeExceptionModule
WideCharToMultiByte
Wow64GetThreadContext
WriteConsoleW
WriteFile
WriteProcessMemory
lstrcmpiW
lstrlenA

iphlpapi

CancelIPChangeNotify
GetAdaptersAddresses
NotifyAddrChange

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpWriteData

dxgi

CreateDXGIFactory1

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSQueryUserToken
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

oleacc

AccessibleChildren
AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject
WindowFromAccessibleObject

uiautomationcore

UiaGetReservedMixedAttributeValue
UiaGetReservedNotSupportedValue
UiaHostProviderFromHwnd
UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent
UiaRaiseStructureChangedEvent
UiaReturnRawElementProvider

hid

HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetScaledUsageValue
HidP_GetUsageValue
HidP_GetUsagesEx
HidP_GetValueCaps

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

propsys

InitPropVariantFromCLSID
VariantCompare

shlwapi

ord437
PathFindExtensionW
PathFindFileNameW
PathMatchSpecW
PathRemoveExtensionW
ord12
UrlCanonicalizeW

crypt32

CertAddEncodedCertificateToStore
CertAddStoreToCollection
CertCloseStore
CertCompareCertificateName
CertControlStore
CertCreateCTLContext
CertCreateCertificateChainEngine
CertDuplicateCertificateContext
CertFindCertificateInStore
CertFindExtension
CertFreeCTLContext
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIssuerCertificateFromStore
CertOpenStore
CertSetCertificateContextProperty
CertVerifyCertificateChainPolicy
CryptDecodeObjectEx
CryptInstallOIDFunctionAddress
CryptProtectData
CryptUnprotectData
CryptVerifyCertificateSignatureEx

dwrite

DWriteCreateFactory

dwmapi

DwmGetCompositionTimingInfo
DwmGetWindowAttribute

uxtheme

CloseThemeData
DrawThemeBackground
ord47
GetThemeBackgroundContentRect
GetThemePartSize
OpenThemeData

urlmon

CoInternetCreateSecurityManager
CreateURLMonikerEx

ncrypt

NCryptCreatePersistedKey
NCryptExportKey
NCryptFinalizeKey
NCryptFreeObject
NCryptGetProperty
NCryptImportKey
NCryptIsAlgSupported
NCryptOpenStorageProvider
NCryptSignHash

winspool.drv

ClosePrinter
DeviceCapabilitiesW
DocumentPropertiesW
EnumPrintersW
ord203
GetPrinterDriverW
GetPrinterW
OpenPrinterW

secur32

AcquireCredentialsHandleW
DeleteSecurityContext
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
QueryContextAttributesW
QuerySecurityPackageInfoW

comdlg32

PrintDlgExW

imm32

ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmGetConversionStatus
ImmGetIMEFileNameW
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmSetOpenStatus

dhcpcsvc

DhcpCApiInitialize
DhcpRequestParams

Exports

Exports

CrashForExceptionInNonABICompliantCodeRange
GetHandleVerifier

Sections

.text
Size: 56.4MB - Virtual size: 56.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 530KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 184B

.rodata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 80B

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LZMADEC
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 234B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35449235accc7aa192318dc9e9097a83

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

7f:85:46:19:4d:5b:75:9e:c1:23:20:62Certificate

Extended Key Usages

Key Usages

43:35:21:2a:fe:b9:f7:cb:f4:21:ea:bf:44:f8:c5:0b:f2:eb:44:a5:b1:61:9f:4e:03:6f:1d:21:a6:7f:a9:efSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

dbghelp

gdi32

oleaut32

shell32

user32

winmm

ws2_32

kernel32

iphlpapi

winhttp

dxgi

wtsapi32

oleacc

uiautomationcore

hid

version

userenv

propsys

shlwapi

crypt32

dwrite

dwmapi

uxtheme

urlmon

ncrypt

winspool.drv

secur32

comdlg32

imm32

dhcpcsvc

Exports

Exports

Sections

.text Size: 56.4MB - Virtual size: 56.4MB

.rdata Size: 7.8MB - Virtual size: 7.8MB

.data Size: 530KB - Virtual size: 1.3MB

.pdata Size: 1.7MB - Virtual size: 1.7MB

.00cfg Size: 512B - Virtual size: 40B

.gxfg Size: 15KB - Virtual size: 14KB

.retplne Size: 512B - Virtual size: 184B

.rodata Size: 4KB - Virtual size: 4KB

.tls Size: 1024B - Virtual size: 697B

.voltbl Size: 512B - Virtual size: 80B

CPADinfo Size: 512B - Virtual size: 56B

LZMADEC Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 244B

malloc_h Size: 512B - Virtual size: 234B

.rsrc Size: 68KB - Virtual size: 68KB

.reloc Size: 290KB - Virtual size: 290KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

7f:85:46:19:4d:5b:75:9e:c1:23:20:62
Certificate

43:35:21:2a:fe:b9:f7:cb:f4:21:ea:bf:44:f8:c5:0b:f2:eb:44:a5:b1:61:9f:4e:03:6f:1d:21:a6:7f:a9:ef
Signer

.text
Size: 56.4MB - Virtual size: 56.4MB

.rdata
Size: 7.8MB - Virtual size: 7.8MB

.data
Size: 530KB - Virtual size: 1.3MB

.pdata
Size: 1.7MB - Virtual size: 1.7MB

.00cfg
Size: 512B - Virtual size: 40B

.gxfg
Size: 15KB - Virtual size: 14KB

.retplne
Size: 512B - Virtual size: 184B

.rodata
Size: 4KB - Virtual size: 4KB

.tls
Size: 1024B - Virtual size: 697B

.voltbl
Size: 512B - Virtual size: 80B

CPADinfo
Size: 512B - Virtual size: 56B

LZMADEC
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 244B

malloc_h
Size: 512B - Virtual size: 234B

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 290KB - Virtual size: 290KB