CORE_RL_glib_[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CORE_RL_glib_.dll
Size

2.5MB
MD5

bdfcb1079c1bee51fe41bc1d267fba44
SHA1

5f6437bf9fd4c3c42c210d3fb1a03b9e2f2556c2
SHA256

a69e1d095db9dd0ecbc792abff52af9cb10b677b0f1e22204b0c24006cb35d7f
SHA512

43d231ffd2dbc8343d5f4e7b53e6c2d7362f8afbca9dcbe09d0fb90b8874fbe76b8bcd4773909c2a009e822e029298822afd207b33565eca89d267fdb977fef5
SSDEEP

49152:nsFD0LUgAcNjDvrpU3dRLItXwROo5k7UYgt2E1b4XWD6SmVYiMwx465t+2Ltv8Ll:Czgfp8LxQ6k7TgYE1b4XWD6SmowSC42c

Score

1^/10

Malware Config

Signatures

Files

CORE_RL_glib_.dll
.dll windows:5 windows x64 arch:x64

dbbe074d08e973399d45306814a9d2fc

Code Sign

0d:65:50:75:ec:c1:01:71:b5:42:cd:05:db:d2:c7:be
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/04/2021, 00:00

Not After

01/05/2024, 23:59

Subject

CN=LLC 1C-Soft,OU=LLC 1C-Soft,O=LLC 1C-Soft,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:c9:dc:a9:2a:90:50:65:4d:3c:39:f6:1c:0a:f0:12:b1:1e:40:6a:4f:cc:4c:d9:90:36:b4:e8:64:79:d9:f0
Signer

Actual PE Digest

bf:c9:dc:a9:2a:90:50:65:4d:3c:39:f6:1c:0a:f0:12:b1:1e:40:6a:4f:cc:4c:d9:90:36:b4:e8:64:79:d9:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLongPathNameW
GetFileAttributesExW
ReadDirectoryChangesW
LoadLibraryW
IsDebuggerPresent
GetConsoleOutputCP
IsValidCodePage
GetACP
GetCPInfo
IsDBCSLeadByteEx
MultiByteToWideChar
WideCharToMultiByte
GetTimeZoneInformation
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetThreadLocale
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
ResetEvent
PeekNamedPipe
PeekConsoleInputA
ReadConsoleInputA
GetExitCodeProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LocalFree
GetCommandLineW
GetCurrentProcess
GetExitCodeThread
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateEventW
WriteFile
DuplicateHandle
GetConsoleWindow
GetFileInformationByHandle
GetFileSizeEx
DeviceIoControl
MoveFileExW
TerminateProcess
GetShortPathNameW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
GetProcessAffinityMask
GetNativeSystemInfo
VirtualQuery
DebugBreak
GetModuleFileNameW
GetModuleHandleExW
GetWindowsDirectoryW
GetComputerNameW
GetVersion
GetCurrentProcessId
FormatMessageW
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetDriveTypeW
ReadFile
GetTickCount
CreateEventA
WaitForMultipleObjects
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitThread
CreateThread
CreateFileW
CloseHandle
SetFileTime
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemWow64DirectoryW
GetLogicalDrives
GetSystemDirectoryW
TryEnterCriticalSection
GetModuleHandleW
GetVolumePathNameW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
ExpandEnvironmentStringsW
CancelIo
GetOverlappedResult
GetSystemInfo
GetLastError

user32

PostMessageA
MessageBoxW
PeekMessageA
MsgWaitForMultipleObjectsEx
IsWindow

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetFileSecurityW
LookupAccountSidW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegNotifyChangeKeyValue
GetUserNameW
RegCloseKey
RegSetValueExW

shell32

SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
CommandLineToArgvW

ole32

CoTaskMemFree

core_rl_zlib_

deflate
deflateEnd
deflateReset
deflateSetHeader
deflateInit_
deflateInit2_
inflate
inflateEnd
inflateReset
inflateGetHeader
inflateInit_
inflateInit2_

dnsapi

DnsFree
DnsQuery_A

iphlpapi

GetAdaptersAddresses

shlwapi

ord487

ws2_32

listen
recv
gethostbyname
setsockopt
shutdown
gethostbyaddr
WSACloseEvent
WSACreateEvent
getsockopt
WSAEventSelect
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSAWaitForMultipleEvents
WSASetEvent
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
WSAStartup
WSAGetLastError
WSASetLastError
getservbyname
WSAEnumNetworkEvents
getservbyport
ntohs
inet_ntoa
inet_addr
htons
send
htonl
socket

vcruntime140

__C_specific_handler
wcschr
wcsrchr
memset
memcmp
strstr
strchr
memchr
strrchr
memcpy
memmove
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

strpbrk
tolower
strncpy_s
strnlen
strcat_s
toupper
strcpy_s
_wcsicmp
_strdup
strncpy
strspn
isupper
_wcsdup
strxfrm
_strnicmp
strcoll
_stricmp
strncmp
strcmp
strcspn
isdigit
_wcsnicmp
islower
iswctype

api-ms-win-crt-runtime-l1-1-0

strerror
abort
_endthreadex
_beginthreadex
_crt_atexit
_cexit
_initterm
_initterm_e
exit
_seh_filter_dll
_getpid
_exit
_initialize_onexit_table
_execute_onexit_table
_register_onexit_function
_initialize_narrow_environment
strerror_s
_errno
_configure_narrow_argv

api-ms-win-crt-convert-l1-1-0

wcstol
wcrtomb
strtoul
strtol
atoi
wctomb
strtod
mbstowcs
atol

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
realloc

api-ms-win-crt-stdio-l1-1-0

fwrite
__stdio_common_vswprintf
__stdio_common_vswscanf
__stdio_common_vswprintf_s
__stdio_common_vsprintf
_fileno
_write
_read
_chsize
_close
_lseek
fclose
_commit
_wfreopen
_wfopen
_wopen
_wcreat
feof
_pipe
_open_osfhandle
ferror
fread
_kbhit
_get_osfhandle
__stdio_common_vsprintf_s
fputs
fflush
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-time-l1-1-0

_gmtime64
_localtime64
_mktime64
strftime
_wutime64

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
setlocale
localeconv

api-ms-win-crt-math-l1-1-0

_dclass
_dsign
frexp

api-ms-win-crt-environment-l1-1-0

_wputenv
getenv

api-ms-win-crt-filesystem-l1-1-0

_getdrive
_findclose
_fstat64
_wfullpath
_wfindfirst64i32
_wunlink
_wfindnext64i32
_wchmod
_waccess
_wrmdir
_wmkdir
_wchdir
_wremove

api-ms-win-crt-utility-l1-1-0

bsearch
qsort
rand_s

api-ms-win-crt-process-l1-1-0

_wspawnv
_wspawnve
_wspawnvp
_wspawnvpe

Exports

Exports

__glib_assert_msg
_glib_get_locale_dir
g_abort
g_access
g_action_activate
g_action_change_state
g_action_get_enabled
g_action_get_name
g_action_get_parameter_type
g_action_get_state
g_action_get_state_hint
g_action_get_state_type
g_action_get_type
g_action_group_action_added
g_action_group_action_enabled_changed
g_action_group_action_removed
g_action_group_action_state_changed
g_action_group_activate_action
g_action_group_change_action_state
g_action_group_get_action_enabled
g_action_group_get_action_parameter_type
g_action_group_get_action_state
g_action_group_get_action_state_hint
g_action_group_get_action_state_type
g_action_group_get_type
g_action_group_has_action
g_action_group_list_actions
g_action_group_query_action
g_action_map_add_action
g_action_map_add_action_entries
g_action_map_get_type
g_action_map_lookup_action
g_action_map_remove_action
g_action_name_is_valid
g_action_parse_detailed_name
g_action_print_detailed_name
g_app_info_add_supports_type
g_app_info_can_delete
g_app_info_can_remove_supports_type
g_app_info_create_flags_get_type
g_app_info_create_from_commandline
g_app_info_delete
g_app_info_dup
g_app_info_equal
g_app_info_get_all
g_app_info_get_all_for_type
g_app_info_get_commandline
g_app_info_get_default_for_type
g_app_info_get_default_for_uri_scheme
g_app_info_get_description
g_app_info_get_display_name
g_app_info_get_executable
g_app_info_get_fallback_for_type
g_app_info_get_icon
g_app_info_get_id
g_app_info_get_name
g_app_info_get_recommended_for_type
g_app_info_get_supported_types
g_app_info_get_type
g_app_info_launch
g_app_info_launch_default_for_uri
g_app_info_launch_default_for_uri_async
g_app_info_launch_default_for_uri_finish
g_app_info_launch_uris
g_app_info_launch_uris_async
g_app_info_launch_uris_finish
g_app_info_monitor_get
g_app_info_monitor_get_type
g_app_info_remove_supports_type
g_app_info_reset_type_associations
g_app_info_set_as_default_for_extension
g_app_info_set_as_default_for_type
g_app_info_set_as_last_used_for_type
g_app_info_should_show
g_app_info_supports_files
g_app_info_supports_uris
g_app_launch_context_get_display
g_app_launch_context_get_environment
g_app_launch_context_get_startup_notify_id
g_app_launch_context_get_type
g_app_launch_context_launch_failed
g_app_launch_context_new
g_app_launch_context_setenv
g_app_launch_context_unsetenv
g_application_flags_get_type
g_array_append_vals
g_array_binary_search
g_array_copy
g_array_free
g_array_get_element_size
g_array_get_type
g_array_insert_vals
g_array_new
g_array_prepend_vals
g_array_ref
g_array_remove_index
g_array_remove_index_fast
g_array_remove_range
g_array_set_clear_func
g_array_set_size
g_array_sized_new
g_array_sort
g_array_sort_with_data
g_array_steal
g_array_unref
g_ascii_digit_value
g_ascii_dtostr
g_ascii_formatd
g_ascii_strcasecmp
g_ascii_strdown
g_ascii_string_to_signed
g_ascii_string_to_unsigned
g_ascii_strncasecmp
g_ascii_strtod
g_ascii_strtoll
g_ascii_strtoull
g_ascii_strup
g_ascii_table
g_ascii_tolower
g_ascii_toupper
g_ascii_xdigit_value
g_ask_password_flags_get_type
g_assert_warning
g_assertion_message
g_assertion_message_cmpnum
g_assertion_message_cmpstr
g_assertion_message_cmpstrv
g_assertion_message_error
g_assertion_message_expr
g_async_initable_get_type
g_async_initable_init_async
g_async_initable_init_finish
g_async_initable_new_async
g_async_initable_new_finish
g_async_initable_new_valist_async
g_async_initable_newv_async
g_async_queue_length
g_async_queue_length_unlocked
g_async_queue_lock
g_async_queue_new
g_async_queue_new_full
g_async_queue_pop
g_async_queue_pop_unlocked
g_async_queue_push
g_async_queue_push_front
g_async_queue_push_front_unlocked
g_async_queue_push_sorted
g_async_queue_push_sorted_unlocked
g_async_queue_push_unlocked
g_async_queue_ref
g_async_queue_ref_unlocked
g_async_queue_remove
g_async_queue_remove_unlocked
g_async_queue_sort
g_async_queue_sort_unlocked
g_async_queue_timed_pop
g_async_queue_timed_pop_unlocked
g_async_queue_timeout_pop
g_async_queue_timeout_pop_unlocked
g_async_queue_try_pop
g_async_queue_try_pop_unlocked
g_async_queue_unlock
g_async_queue_unref
g_async_queue_unref_and_unlock
g_async_result_get_source_object
g_async_result_get_type
g_async_result_get_user_data
g_async_result_is_tagged
g_async_result_legacy_propagate_error
g_atexit
g_atomic_int_add
g_atomic_int_and
g_atomic_int_compare_and_exchange
g_atomic_int_dec_and_test
g_atomic_int_exchange_and_add
g_atomic_int_get
g_atomic_int_inc
g_atomic_int_or
g_atomic_int_set
g_atomic_int_xor
g_atomic_pointer_add
g_atomic_pointer_and
g_atomic_pointer_compare_and_exchange
g_atomic_pointer_get
g_atomic_pointer_or
g_atomic_pointer_set
g_atomic_pointer_xor
g_atomic_rc_box_acquire
g_atomic_rc_box_alloc
g_atomic_rc_box_alloc0
g_atomic_rc_box_dup
g_atomic_rc_box_get_size
g_atomic_rc_box_release
g_atomic_rc_box_release_full
g_atomic_ref_count_compare
g_atomic_ref_count_dec
g_atomic_ref_count_inc
g_atomic_ref_count_init
g_base64_decode
g_base64_decode_inplace
g_base64_decode_step
g_base64_encode
g_base64_encode_close
g_base64_encode_step
g_basename
g_binding_dup_source
g_binding_dup_target
g_binding_flags_get_type
g_binding_get_flags
g_binding_get_source
g_binding_get_source_property
g_binding_get_target
g_binding_get_target_property
g_binding_get_type
g_binding_unbind
g_bit_lock
g_bit_nth_lsf
g_bit_nth_msf
g_bit_storage
g_bit_trylock
g_bit_unlock
g_bookmark_file_add_application
g_bookmark_file_add_group
g_bookmark_file_error_quark
g_bookmark_file_free
g_bookmark_file_get_added
g_bookmark_file_get_added_date_time
g_bookmark_file_get_app_info
g_bookmark_file_get_application_info
g_bookmark_file_get_applications
g_bookmark_file_get_description
g_bookmark_file_get_groups
g_bookmark_file_get_icon
g_bookmark_file_get_is_private
g_bookmark_file_get_mime_type
g_bookmark_file_get_modified
g_bookmark_file_get_modified_date_time
g_bookmark_file_get_size
g_bookmark_file_get_title
g_bookmark_file_get_uris
g_bookmark_file_get_visited
g_bookmark_file_get_visited_date_time
g_bookmark_file_has_application
g_bookmark_file_has_group
g_bookmark_file_has_item
g_bookmark_file_load_from_data
g_bookmark_file_load_from_data_dirs
g_bookmark_file_load_from_file
g_bookmark_file_move_item
g_bookmark_file_new
g_bookmark_file_remove_application
g_bookmark_file_remove_group
g_bookmark_file_remove_item
g_bookmark_file_set_added
g_bookmark_file_set_added_date_time
g_bookmark_file_set_app_info
g_bookmark_file_set_application_info
g_bookmark_file_set_description
g_bookmark_file_set_groups
g_bookmark_file_set_icon
g_bookmark_file_set_is_private
g_bookmark_file_set_mime_type
g_bookmark_file_set_modified
g_bookmark_file_set_modified_date_time
g_bookmark_file_set_title
g_bookmark_file_set_visited
g_bookmark_file_set_visited_date_time
g_bookmark_file_to_data
g_bookmark_file_to_file
g_boxed_copy
g_boxed_free
g_boxed_type_register_static
g_buffered_input_stream_fill
g_buffered_input_stream_fill_async
g_buffered_input_stream_fill_finish
g_buffered_input_stream_get_available
g_buffered_input_stream_get_buffer_size
g_buffered_input_stream_get_type
g_buffered_input_stream_new
g_buffered_input_stream_new_sized
g_buffered_input_stream_peek
g_buffered_input_stream_peek_buffer
g_buffered_input_stream_read_byte
g_buffered_input_stream_set_buffer_size
g_buffered_output_stream_get_auto_grow
g_buffered_output_stream_get_buffer_size
g_buffered_output_stream_get_type
g_buffered_output_stream_new
g_buffered_output_stream_new_sized
g_buffered_output_stream_set_auto_grow
g_buffered_output_stream_set_buffer_size
g_build_filename
g_build_filename_valist
g_build_filenamev
g_build_path
g_build_pathv
g_bus_name_owner_flags_get_type
g_bus_name_watcher_flags_get_type
g_bus_type_get_type
g_byte_array_append
g_byte_array_free
g_byte_array_free_to_bytes
g_byte_array_get_type
g_byte_array_new
g_byte_array_new_take
g_byte_array_prepend
g_byte_array_ref
g_byte_array_remove_index
g_byte_array_remove_index_fast
g_byte_array_remove_range
g_byte_array_set_size
g_byte_array_sized_new
g_byte_array_sort
g_byte_array_sort_with_data
g_byte_array_steal
g_byte_array_unref
g_bytes_compare
g_bytes_equal
g_bytes_get_data
g_bytes_get_size
g_bytes_get_type
g_bytes_hash
g_bytes_icon_get_bytes
g_bytes_icon_get_type
g_bytes_icon_new
g_bytes_new
g_bytes_new_from_bytes
g_bytes_new_static
g_bytes_new_take
g_bytes_new_with_free_func
g_bytes_ref
g_bytes_unref
g_bytes_unref_to_array
g_bytes_unref_to_data
g_cancellable_cancel
g_cancellable_connect
g_cancellable_disconnect
g_cancellable_get_current
g_cancellable_get_fd
g_cancellable_get_type
g_cancellable_is_cancelled
g_cancellable_make_pollfd
g_cancellable_new
g_cancellable_pop_current
g_cancellable_push_current
g_cancellable_release_fd
g_cancellable_reset
g_cancellable_set_error_if_cancelled
g_cancellable_source_new
g_canonicalize_filename
g_cclosure_marshal_BOOLEAN__BOXED_BOXED
g_cclosure_marshal_BOOLEAN__BOXED_BOXEDv
g_cclosure_marshal_BOOLEAN__FLAGS
g_cclosure_marshal_BOOLEAN__FLAGSv
g_cclosure_marshal_STRING__OBJECT_POINTER
g_cclosure_marshal_STRING__OBJECT_POINTERv
g_cclosure_marshal_VOID__BOOLEAN
g_cclosure_marshal_VOID__BOOLEANv
g_cclosure_marshal_VOID__BOXED
g_cclosure_marshal_VOID__BOXEDv
g_cclosure_marshal_VOID__CHAR
g_cclosure_marshal_VOID__CHARv
g_cclosure_marshal_VOID__DOUBLE
g_cclosure_marshal_VOID__DOUBLEv
g_cclosure_marshal_VOID__ENUM
g_cclosure_marshal_VOID__ENUMv
g_cclosure_marshal_VOID__FLAGS
g_cclosure_marshal_VOID__FLAGSv
g_cclosure_marshal_VOID__FLOAT
g_cclosure_marshal_VOID__FLOATv
g_cclosure_marshal_VOID__INT
g_cclosure_marshal_VOID__INTv
g_cclosure_marshal_VOID__LONG
g_cclosure_marshal_VOID__LONGv
g_cclosure_marshal_VOID__OBJECT
g_cclosure_marshal_VOID__OBJECTv
g_cclosure_marshal_VOID__PARAM
g_cclosure_marshal_VOID__PARAMv
g_cclosure_marshal_VOID__POINTER
g_cclosure_marshal_VOID__POINTERv
g_cclosure_marshal_VOID__STRING
g_cclosure_marshal_VOID__STRINGv
g_cclosure_marshal_VOID__UCHAR
g_cclosure_marshal_VOID__UCHARv
g_cclosure_marshal_VOID__UINT
g_cclosure_marshal_VOID__UINT_POINTER
g_cclosure_marshal_VOID__UINT_POINTERv
g_cclosure_marshal_VOID__UINTv
g_cclosure_marshal_VOID__ULONG
g_cclosure_marshal_VOID__ULONGv
g_cclosure_marshal_VOID__VARIANT
g_cclosure_marshal_VOID__VARIANTv
g_cclosure_marshal_VOID__VOID
g_cclosure_marshal_VOID__VOIDv
g_cclosure_marshal_generic
g_cclosure_marshal_generic_va
g_cclosure_new
g_cclosure_new_object
g_cclosure_new_object_swap
g_cclosure_new_swap
g_charset_converter_get_num_fallbacks
g_charset_converter_get_type
g_charset_converter_get_use_fallback
g_charset_converter_new
g_charset_converter_set_use_fallback
g_chdir
g_checksum_copy
g_checksum_free
g_checksum_get_digest
g_checksum_get_string
g_checksum_get_type
g_checksum_new
g_checksum_reset
g_checksum_type_get_length
g_checksum_update
g_child_watch_add
g_child_watch_add_full
g_child_watch_funcs
g_child_watch_source_new
g_chmod
g_clear_error
g_clear_handle_id
g_clear_list
g_clear_object
g_clear_pointer
g_clear_signal_handler
g_clear_slist
g_close
g_closure_add_finalize_notifier
g_closure_add_invalidate_notifier
g_closure_add_marshal_guards
g_closure_get_type
g_closure_invalidate
g_closure_invoke
g_closure_new_object
g_closure_new_simple
g_closure_ref
g_closure_remove_finalize_notifier
g_closure_remove_invalidate_notifier
g_closure_set_marshal
g_closure_set_meta_marshal
g_closure_sink
g_closure_unref
g_compute_checksum_for_bytes
g_compute_checksum_for_data
g_compute_checksum_for_string
g_compute_hmac_for_bytes
g_compute_hmac_for_data
g_compute_hmac_for_string
g_cond_broadcast
g_cond_clear
g_cond_init
g_cond_signal
g_cond_wait
g_cond_wait_until
g_content_type_can_be_executable
g_content_type_equals
g_content_type_from_mime_type
g_content_type_get_description
g_content_type_get_generic_icon_name
g_content_type_get_icon
g_content_type_get_mime_dirs
g_content_type_get_mime_type
g_content_type_get_symbolic_icon
g_content_type_guess
g_content_type_guess_for_tree
g_content_type_is_a
g_content_type_is_mime_type
g_content_type_is_unknown
g_content_type_set_mime_dirs
g_content_types_get_registered
g_convert
g_convert_error_quark
g_convert_with_fallback
g_convert_with_iconv
g_converter_convert
g_converter_flags_get_type
g_converter_get_type
g_converter_input_stream_get_converter
g_converter_input_stream_get_type
g_converter_input_stream_new
g_converter_output_stream_get_converter
g_converter_output_stream_get_type
g_converter_output_stream_new
g_converter_reset
g_converter_result_get_type
g_creat
g_credentials_get_native
g_credentials_get_type
g_credentials_is_same_user
g_credentials_new
g_credentials_set_native
g_credentials_to_string
g_credentials_type_get_type
g_data_input_stream_get_byte_order
g_data_input_stream_get_newline_type
g_data_input_stream_get_type
g_data_input_stream_new
g_data_input_stream_read_byte
g_data_input_stream_read_int16

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 879KB - Virtual size: 879KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbbe074d08e973399d45306814a9d2fc

Code Sign

0d:65:50:75:ec:c1:01:71:b5:42:cd:05:db:d2:c7:beCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

bf:c9:dc:a9:2a:90:50:65:4d:3c:39:f6:1c:0a:f0:12:b1:1e:40:6a:4f:cc:4c:d9:90:36:b4:e8:64:79:d9:f0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

core_rl_zlib_

dnsapi

iphlpapi

shlwapi

ws2_32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-process-l1-1-0

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 879KB - Virtual size: 879KB

.data Size: 9KB - Virtual size: 21KB

.pdata Size: 130KB - Virtual size: 130KB

.gfids Size: 512B - Virtual size: 16B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

0d:65:50:75:ec:c1:01:71:b5:42:cd:05:db:d2:c7:be
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

bf:c9:dc:a9:2a:90:50:65:4d:3c:39:f6:1c:0a:f0:12:b1:1e:40:6a:4f:cc:4c:d9:90:36:b4:e8:64:79:d9:f0
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 879KB - Virtual size: 879KB

.data
Size: 9KB - Virtual size: 21KB

.pdata
Size: 130KB - Virtual size: 130KB

.gfids
Size: 512B - Virtual size: 16B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB