2024-05-31_c037ff2ba78ec46eb330cb9ecab57367_magniber_poet-rat_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-31_c037ff2ba78ec46eb330cb9ecab57367_magniber_poet-rat_revil
Size

21.0MB
MD5

c037ff2ba78ec46eb330cb9ecab57367
SHA1

4ee711be1f48d6dae34598f99ac9bcb6c8dea5ee
SHA256

049d59465cff71417829d9629edc47c94bb3659d09de213df92e09b539d3db4c
SHA512

f5c970b7d9b149009d11a80d8b17ffede1ea68ec359c91d5e96160287960650445891ab7af7970c08f53861679f8ca95ee96ce67686bdcfbfb0ed2f77b008fbc
SSDEEP

393216:j2oK4zjxEqHgLyo65UCC5XHLBLKsmEa7jRGMf1ciYPq1R8IZkFLFJwjsxhdC/p:aoK4XBHgGoitC5XH0d7jRGM7YPqnEMss

Score

10^/10

Malware Config

Signatures

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Files

2024-05-31_c037ff2ba78ec46eb330cb9ecab57367_magniber_poet-rat_revil
.exe windows:5 windows x86 arch:x86

000ef75ac09be5087bceace8ea39ced9

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:b0:6e:db:11:6d:54:be:21:d5:16:56:d9:1c:f2:46
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

24/11/2023, 17:20

Not After

23/11/2026, 17:20

Subject

CN=Xing Wang,O=Xing Wang,L=Shanghai,C=CN,1.2.840.113549.1.9.1=#0c1277786865726540686f746d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:3b:dc:e5:ee:e6:e7:3e:9a:b3:e1:a1:49:c2:d9:e2:50:bf:54:1e:ca:59:51:50:34:5f:eb:8d:22:4a:df:91
Signer

Actual PE Digest

6e:3b:dc:e5:ee:e6:e7:3e:9a:b3:e1:a1:49:c2:d9:e2:50:bf:54:1e:ca:59:51:50:34:5f:eb:8d:22:4a:df:91

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\develop\BitComet_2.08\app\Release_unicode\GUI_BitComet_wx.pdb

Imports

kernel32

GetUserDefaultLangID
IsWow64Process
GetProcessWorkingSetSize
SetProcessWorkingSetSize
SetSystemPowerState
GetVolumeInformationW
GetSystemDefaultLangID
OpenThread
GetThreadTimes
GetProcessTimes
GetFileInformationByHandle
FreeResource
lstrcpynW
lstrcpyW
RegisterWaitForSingleObject
UnregisterWait
GetFileSizeEx
SetFilePointerEx
GetLocalTime
CreateFileMappingA
OpenEventW
CreateRemoteThread
CopyFileExW
MoveFileExW
GetSystemDirectoryW
FlushFileBuffers
CreateFileMappingW
GetSystemTime
LockFileEx
UnlockFile
CreateDirectoryA
DeleteFileA
LoadLibraryA
CreateFileA
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
CreateWaitableTimerW
VerifyVersionInfoW
VerSetConditionMask
InterlockedCompareExchange
GetQueuedCompletionStatus
RemoveDirectoryA
GetFileAttributesExA
FindFirstFileA
FindNextFileA
MoveFileA
ReplaceFileA
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleHandleExW
CreateDirectoryW
RemoveDirectoryW
SetStdHandle
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetModuleFileNameA
SetConsoleCtrlHandler
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
CreateIoCompletionPort
SleepEx
QueueUserAPC
MoveFileW
SetFileAttributesW
CreateSemaphoreA
DuplicateHandle
PostQueuedCompletionStatus
InterlockedExchangeAdd
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
GetDiskFreeSpaceW
SystemTimeToFileTime
FlushInstructionCache
SetThreadContext
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
CreateWaitableTimerA
GetModuleHandleA
GetLogicalProcessorInformation
SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
ResetEvent
AreFileApisANSI
GetUserDefaultUILanguage
SetThreadLocale
IsBadStringPtrA
IsBadReadPtr
GetDriveTypeW
GetLogicalDriveStringsW
InterlockedExchange
CreateProcessW
PeekNamedPipe
ReadFile
WriteFile
CreateThread
GetExitCodeProcess
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetComputerNameW
GetDiskFreeSpaceExW
FindResourceW
GetEnvironmentVariableW
GetNativeSystemInfo
SizeofResource
LoadResource
IsDebuggerPresent
OpenProcess
GlobalMemoryStatus
LockResource
GetACP
GetTempFileNameW
GetFileTime
GetFileSize
GetShortPathNameW
GetTempPathW
GetSystemPowerStatus
WaitForSingleObject
ReleaseMutex
TryEnterCriticalSection
EnumSystemLocalesW
HeapReAlloc
GetCurrentDirectoryW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindFirstFileExA
GetCommandLineA
HeapSize
LCMapStringA
ResumeThread
SuspendThread
GetStringTypeExA
SetConsoleMode
ReadConsoleA
DebugBreak
lstrlenA
GetThreadContext
TerminateThread
SetThreadPriority
WritePrivateProfileStringW
DeviceIoControl
CreateDirectoryExW
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
SetThreadAffinityMask
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
InitializeCriticalSectionAndSpinCount
GetWindowsDirectoryW
GetPrivateProfileStringW
lstrcmpiW
lstrcmpW
GetVersion
GetVersionExW
SetThreadExecutionState
TerminateProcess
GetCurrentProcess
GetOEMCP
IsValidCodePage
GetSystemInfo
ReleaseSemaphore
QueryPerformanceFrequency
QueryPerformanceCounter
HeapSetInformation
GlobalAlloc
GetCurrentProcessId
GlobalUnlock
GlobalLock
GetLongPathNameW
LocalAlloc
Sleep
RaiseException
GetTickCount
CreateMutexW
CompareStringW
HeapAlloc
HeapFree
GetProcessHeap
WaitForMultipleObjects
CreateEventW
FreeLibrary
LoadLibraryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
FindClose
GetProcessAffinityMask
FindNextFileW
FindFirstFileW
GetCurrentThreadId
FormatMessageA
FormatMessageW
LocalFree
WideCharToMultiByte
WaitForSingleObjectEx
SetEvent
CreateEventA
CloseHandle
GetCurrentThread
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DeleteFileW
GetLastError
CopyFileW
GetFileAttributesW
CreateFileW
GetLocaleInfoW
VirtualProtect
InterlockedDecrement
MulDiv
lstrlenW
InterlockedIncrement
MultiByteToWideChar
GetStringTypeW
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCPInfo
LCMapStringW
ExitProcess
GlobalFree
InitializeCriticalSection
GetCommandLineW
GetStdHandle
ReadConsoleOutputCharacterA
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
FreeConsole
AttachConsole
WriteConsoleA
WriteConsoleW
GlobalSize
GlobalHandle
SetErrorMode
SetCurrentDirectoryW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetFileType

user32

SetFocus
GetWindow
GetSystemMetrics
IsWindowVisible
SetForegroundWindow
PostMessageW
EnumThreadWindows
RegisterWindowMessageW
SetClipboardViewer
ChangeClipboardChain
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
ShowWindow
GetClipboardOwner
GetWindowThreadProcessId
EmptyClipboard
SetClipboardData
GetWindowPlacement
GetParent
EnumWindows
IsWindowEnabled
BringWindowToTop
SetWindowPos
IsIconic
IsChild
MessageBoxW
SetRectEmpty
DrawTextW
CopyRect
GetFocus
GetSysColor
SendMessageW
CreateCaret
DestroyCaret
SetCaretPos
GetPropW
CloseClipboard
UnregisterClassW
GetWindowLongW
OffsetRect
CreateWindowExW
DestroyWindow
GetScrollInfo
ValidateRect
DrawFocusRect
FrameRect
RedrawWindow
SetParent
DrawAnimatedRects
EnumChildWindows
FindWindowW
GetClassNameW
IsWindow
DestroyIcon
LoadImageW
IsRectEmpty
SetRect
EndPaint
BeginPaint
SystemParametersInfoW
SetWindowPlacement
RegisterHotKey
UnregisterHotKey
SetMenuItemInfoW
InsertMenuItemW
ModifyMenuW
DeleteMenu
GetMenuItemInfoW
SetActiveWindow
GetSystemMenu
DdeFreeDataHandle
DdeGetData
SendMessageTimeoutW
WindowFromPoint
GetMessagePos
DdeFreeStringHandle
DdeNameService
DdeCreateStringHandleA
DdeInitializeW
ExitWindowsEx
ReleaseCapture
SetCapture
LoadCursorW
SetCursor
PtInRect
InflateRect
GetDC
GetDoubleClickTime
ReleaseDC
GetWindowDC
GetDesktopWindow
ClientToScreen
InvalidateRect
EnableWindow
GetCursorPos
FillRect
GetWindowRect
MoveWindow
LoadIconW
DrawIcon
UpdateWindow
DrawFrameControl
DrawIconEx
GetKeyState
SetWindowRgn
GetMenu
AdjustWindowRectEx
GetClientRect
GetForegroundWindow
SetWindowLongW
AnimateWindow
EndMenu
SetPropW
ScreenToClient
GetDlgCtrlID
IntersectRect
GetComboBoxInfo
PeekMessageW
TranslateMessage
DispatchMessageW
GetMenuBarInfo
CreateIconIndirect
GetIconInfo
LoadBitmapW
GetMessageTime
DefWindowProcW
PostQuitMessage
CallWindowProcW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetActiveWindow
CharNextW
VkKeyScanW
MapVirtualKeyW
GetCapture
GetMenuItemCount
TrackPopupMenu
GetUpdateRgn
ScrollWindow
EnableScrollBar
SetWindowTextW
SetCursorPos
MapWindowPoints
ChildWindowFromPointEx
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
IsDialogMessageW
SetScrollInfo
CreateDialogParamW
GetDlgItem
RegisterClassW
GetAsyncKeyState
SetLayeredWindowAttributes
FlashWindowEx
IsZoomed
CreateDialogIndirectParamW
GetDialogBaseUnits
DrawMenuBar
EnableMenuItem
GetWindowTextW
GetWindowTextLengthW
MessageBeep
FindWindowExW
GetCaretBlinkTime
DrawStateW
GetMenuState
CreateMenu
CreatePopupMenu
DestroyMenu
GetSubMenu
InsertMenuW
AppendMenuW
RemoveMenu
SetMenuInfo
EndDialog
MsgWaitForMultipleObjects
DestroyCursor
ShowCursor
IsMenu
keybd_event
HideCaret
ShowCaret
ChildWindowFromPoint
SetMenu
DrawEdge
CheckMenuItem
GetMenuItemID
GetSysColorBrush
CheckMenuRadioItem
GetClassInfoW
GetProcessDefaultLayout
GetMessageW
PostThreadMessageW
ValidateRgn
RegisterClipboardFormatW
GetClipboardFormatNameW
CreateAcceleratorTableW
DestroyAcceleratorTable
TranslateAcceleratorW
UnionRect
ChangeDisplaySettingsExW
EnumDisplaySettingsW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
wsprintfW
NotifyWinEvent
SetTimer
KillTimer
DdeUninitialize
DdeConnect
DdeDisconnect
DdePostAdvise
DdeClientTransaction
DdeCreateDataHandle
DdeGetLastError
DdeCreateStringHandleW
DdeQueryStringW
RegisterClassExW
LoadStringA
LoadStringW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetStockObject
CombineRgn
RectInRegion
CreateICW
EqualRgn
GetRgnBox
PtInRegion
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
CreateDIBitmap
GetDIBColorTable
SetDIBColorTable
GetCharABCWidthsW
GetTextExtentExPointW
GetSystemPaletteEntries
CreateDCW
GetGraphicsMode
GetViewportExtEx
GetWindowExtEx
Arc
Ellipse
ExtFloodFill
GetClipBox
GetBkColor
GdiFlush
SetBrushOrgEx
SelectPalette
RealizePalette
ExcludeClipRect
CreateBitmapIndirect
GetOutlineTextMetricsW
DPtoLP
EnumFontFamiliesExW
Polygon
SelectClipRgn
CreateRectRgnIndirect
SetPixel
RestoreDC
SaveDC
GetClipRgn
CreateRectRgn
Polyline
GetTextExtentPoint32W
GetObjectType
GetPixel
MaskBlt
Pie
PolyPolygon
Rectangle
RoundRect
ExtSelectClipRgn
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
StretchDIBits
SetROP2
GetWorldTransform
SetWorldTransform
ModifyWorldTransform
CreatePolygonRgn
LPtoDP
PolyBezier
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
CreateHatchBrush
CreatePatternBrush
StartPage
ExtCreatePen
SetViewportOrgEx
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
SetAbortProc
StartDocW
EndDoc
EndPage
CreateBitmap
LineTo
MoveToEx
GetDIBits
CreateDIBSection
StretchBlt
SetStretchBltMode
BitBlt
DeleteDC
GetObjectW
GetCurrentObject
CreateFontIndirectW
SelectObject
DeleteObject
SetBkColor
ExtTextOutW
CreatePenIndirect
SetBkMode
SetTextColor
GetRegionData
ExtCreateRegion
OffsetRgn
CreateSolidBrush
GetDeviceCaps
CreatePen
GetTextMetricsW
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegEnumValueW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
StartServiceW
ControlService
QueryServiceConfigW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTokenInformation
GetUserNameW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW

shell32

ord16
ord6
SHGetFolderPathW
ord155
SHFileOperationW
SHChangeNotify
ord680
ShellExecuteExW
SHGetFileInfoW
Shell_NotifyIconW
SHAppBarMessage
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFolderLocation
SHGetSpecialFolderPathW
ExtractIconW
ExtractIconExW
DragQueryFileW
DragQueryPoint
DragFinish
DragAcceptFiles
SHBrowseForFolderW
CommandLineToArgvW
SHBindToParent

ole32

OleRun
CoCreateGuid
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
ReleaseStgMedium
RegisterDragDrop
CoLockObjectExternal
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
OleLockRunning
CLSIDFromString
PropVariantClear
CoUninitialize
CoCreateInstance
CoInitialize
OleSetContainedObject
RevokeDragDrop

uxtheme

GetThemeInt
GetThemePartSize
GetThemeFont
GetThemeMargins
GetThemeSysColor
IsThemePartDefined
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundContentRect
GetThemeBackgroundExtent
GetCurrentThemeName
IsThemeActive
IsAppThemed
OpenThemeData
GetThemeColor
CloseThemeData
SetWindowTheme
DrawThemeBackground
DrawThemeText
GetThemeSysFont

winmm

sndPlaySoundW
timeGetTime

comctl32

ImageList_GetIconSize
ImageList_GetImageCount
ImageList_DrawEx
ImageList_Draw
_TrackMouseEvent
ord17
ImageList_DragShowNolock
ImageList_GetImageInfo
ImageList_Create
ImageList_Destroy
ImageList_Add
ImageList_SetBkColor
ImageList_Replace
ImageList_Remove
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ord16
ImageList_DragMove
ImageList_SetDragCursorImage
ImageList_Copy

rpcrt4

UuidToStringW
RpcStringFreeA
RpcStringFreeW
UuidToStringA

urlmon

UrlMkSetSessionOption

wininet

InternetCloseHandle

iphlpapi

GetAdaptersAddresses

msimg32

AlphaBlend
GradientFill

shlwapi

StrStrW
StrRetToBufW
SHStrDupW
ord12
SHAutoComplete
AssocQueryStringW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

recvfrom
inet_addr
ntohs
WSAAddressToStringA
connect
getpeername
getsockname
shutdown
listen
accept
closesocket
htonl
inet_ntoa
select
WSARecvFrom
WSASend
WSASendTo
WSASocketW
WSAStringToAddressA
ntohl
WSASetLastError
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
WSAAddressToStringW
htons
sendto
setsockopt
WSAGetLastError
WSAStringToAddressW
socket
WSAEventSelect
WSAAsyncSelect
recv
ioctlsocket
send
bind

winspool.drv

OpenPrinterW
GetPrinterW
DocumentPropertiesW
ClosePrinter

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseFontW
PrintDlgW
PageSetupDlgW

oleaut32

SafeArrayPtrOfIndex
SafeArrayUnlock
SafeArrayLock
SafeArrayGetVartype
SafeArrayDestroy
SafeArrayCreate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantClear
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarBstrFromCy

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 12.9MB - Virtual size: 12.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 411KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

000ef75ac09be5087bceace8ea39ced9

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

48:b0:6e:db:11:6d:54:be:21:d5:16:56:d9:1c:f2:46Certificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

6e:3b:dc:e5:ee:e6:e7:3e:9a:b3:e1:a1:49:c2:d9:e2:50:bf:54:1e:ca:59:51:50:34:5f:eb:8d:22:4a:df:91Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

uxtheme

winmm

comctl32

rpcrt4

urlmon

wininet

iphlpapi

msimg32

shlwapi

version

ws2_32

winspool.drv

comdlg32

oleaut32

oleacc

Sections

.text Size: 12.9MB - Virtual size: 12.9MB

.rdata Size: 4.4MB - Virtual size: 4.4MB

.data Size: 411KB - Virtual size: 1.7MB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 1.1MB - Virtual size: 1.1MB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

48:b0:6e:db:11:6d:54:be:21:d5:16:56:d9:1c:f2:46
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

6e:3b:dc:e5:ee:e6:e7:3e:9a:b3:e1:a1:49:c2:d9:e2:50:bf:54:1e:ca:59:51:50:34:5f:eb:8d:22:4a:df:91
Signer

.text
Size: 12.9MB - Virtual size: 12.9MB

.rdata
Size: 4.4MB - Virtual size: 4.4MB

.data
Size: 411KB - Virtual size: 1.7MB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 1.1MB - Virtual size: 1.1MB