GigPerformer4[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

GigPerformer4.exe
Size

50.5MB
MD5

520e40172e64623c0f0e8824e01e9bf1
SHA1

ae92f542d77c868aeb9c0f36f46f7e04db75d7aa
SHA256

1e737596379b11961904b92ade1096e75b37949fa05692c676749c2524569c7c
SHA512

9e6d35650a1f8dd2fbce9fcc65293775408a218ba06a3e0604967cd815a5cdeebfa6652785a684dc217eaef909e1ee49680f1d635ccaa2535c758e54b10474a1
SSDEEP

1572864:Eh35to6H/R/GxjtoPtYdY1kPX92/y7+sr:Eht/pGEPSd7X92/kh

Score

1^/10

Malware Config

Signatures

Files

GigPerformer4.exe
.exe windows:6 windows x64 arch:x64

f72bb13f5d4d32d9c8d5db8bf9b3acc6

Code Sign

b6:4d:54:f0:7c:95:89:b2:59:f1:18:d9:52:07:fe:64
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/06/2020, 00:00

Not After

23/09/2023, 23:59

Subject

CN=Deskew Technologies\, LLC,O=Deskew Technologies\, LLC,POSTALCODE=10514,STREET=74 Random Farms Circle,L=Chappaqua,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:a9:c7:78:e2:a9:66:03:b7:8a:e0:3d:4a:0a:5c:d6:39:4a:a2:55:1e:44:3d:ff:a1:9e:d4:a2:42:74:9b:b3
Signer

Actual PE Digest

19:a9:c7:78:e2:a9:66:03:b7:8a:e0:3d:4a:0a:5c:d6:39:4a:a2:55:1e:44:3d:ff:a1:9e:d4:a2:42:74:9b:b3

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Deskew\Projects\TheGigRack\Builds\VisualStudio2019\x64\Release\App\GigPerformer4.pdb

Imports

kernel32

PeekNamedPipe
GetTempPathW
CreateMutexW
FindClose
CreateFileW
GetFileAttributesW
GetCurrentThreadId
ReleaseMutex
GetSystemDirectoryW
UnmapViewOfFile
GetModuleHandleA
GetLogicalDriveStringsW
GetFileInformationByHandle
FormatMessageW
GetFileAttributesExW
OutputDebugStringW
GetDiskFreeSpaceExW
DeleteFileW
GetNativeSystemInfo
LoadLibraryW
GetCurrentDirectoryW
SetCurrentDirectoryW
ReplaceFileW
ExitProcess
GetComputerNameW
CreateProcessW
FreeLibrary
CopyFileW
CreateFileMappingW
MapViewOfFile
MoveFileW
GetDriveTypeW
IsDebuggerPresent
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
GlobalSize
GlobalAlloc
GlobalLock
GetCurrentProcessId
GlobalUnlock
GetEnvironmentVariableA
CreateFileA
DeleteFileA
GetDriveTypeA
GetFileAttributesA
GetTickCount
GlobalFree
MulDiv
GetLogicalDriveStringsA
FindResourceA
CopyFileA
GetVolumeInformationA
GetComputerNameA
WaitForMultipleObjects
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetModuleHandleW
WaitForSingleObjectEx
SetFilePointer
CreatePipe
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
LeaveCriticalSection
WaitForSingleObject
PostQueuedCompletionStatus
GetLastError
SetEvent
TerminateThread
TlsAlloc
CloseHandle
QueueUserAPC
LocalFree
DeleteCriticalSection
TlsFree
FormatMessageA
WideCharToMultiByte
SetWaitableTimer
TlsSetValue
VerifyVersionInfoA
SetLastError
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
CreateEventW
MultiByteToWideChar
QueryPerformanceFrequency
CreateWaitableTimerA
VerSetConditionMask
SleepEx
TlsGetValue
QueryPerformanceCounter
CreateIoCompletionPort
SetPriorityClass
GetCurrentProcess
SetThreadPriority
Sleep
EnterCriticalSection
GetCurrentThread
LoadLibraryA
GetThreadPriority
ResetEvent
GetPriorityClass
GetProcAddress
SizeofResource
TryEnterCriticalSection
InitializeCriticalSection
LockResource
LoadResource
FindResourceW
CreateDirectoryW
SetThreadAffinityMask
ReadFile
GetVolumeInformationW
FindFirstFileW
SetHandleInformation
FindNextFileW
WriteFile
GetModuleHandleExW
DeviceIoControl

user32

CreateDialogParamA
GetWindowLongW
GetSystemMenu
GetMessageExtraInfo
GetUpdateRgn
GetMessagePos
MapVirtualKeyW
FindWindowExW
IsWindowVisible
MessageBoxW
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
ScreenToClient
EndDialog
GetSystemMetrics
SetWindowTextW
MessageBeep
WindowFromPoint
GetWindowPlacement
DestroyCursor
GetKeyboardState
SetCaretPos
GetActiveWindow
ShowWindow
GetAsyncKeyState
OpenClipboard
GetCapture
RedrawWindow
DestroyIcon
GetWindowInfo
GetMonitorInfoW
CreateIconIndirect
CloseClipboard
EmptyClipboard
IsChild
CreateCaret
TrackMouseEvent
GetForegroundWindow
GetMessageTime
SetLayeredWindowAttributes
GetDlgItem
FindWindowW
LoadCursorW
DestroyCaret
SetCapture
SetClipboardData
ToUnicode
SetCursor
SetWindowLongW
GetClientRect
UpdateLayeredWindow
DrawIconEx
ShowCaret
EnableMenuItem
SystemParametersInfoW
GetParent
ReleaseCapture
SetForegroundWindow
InvalidateRect
SetCursorPos
GetCursorPos
BeginPaint
EndPaint
SendInput
GetDC
ReleaseDC
GetMessageW
PostMessageW
SendMessageTimeoutW
GetFocus
DispatchMessageW
PeekMessageW
EnumWindows
SetFocus
TranslateMessage
GetWindowTextW
GetWindow
AttachThreadInput
SetDlgItemTextA
GetWindowRect
SetWindowPos
SendMessageW
IsWindow
MoveWindow
SetDlgItemTextW
SendDlgItemMessageA
SendDlgItemMessageW
EnableWindow
SetWindowTextA
MessageBoxA
PtInRect
GetWindowLongPtrA
SetWindowLongPtrA
LoadCursorA
DialogBoxParamA
GetClipboardData
GetDesktopWindow
CallWindowProcW
RegisterClassExW
GetWindowThreadProcessId
GetWindowLongPtrW
UnregisterClassW
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
DefWindowProcW

gdi32

GetOutlineTextMetricsW
TextOutA
SetTextAlign
SetTextColor
SetBkMode
SetBkColor
GetStockObject
CreateFontA
ChoosePixelFormat
SwapBuffers
SetPixelFormat
SaveDC
CreateDIBSection
StretchDIBits
CreateRectRgnIndirect
CreateRectRgn
GetRegionData
GetObjectW
ExcludeClipRect
RestoreDC
CreateBitmap
CombineRgn
AddFontMemResourceEx
SelectObject
GetKerningPairsW
CreateCompatibleDC
GetDeviceCaps
GetTextMetricsW
DeleteDC
SetMapperFlags
GetGlyphIndicesW
GetGlyphOutlineW
DeleteObject
RemoveFontMemResourceEx
SetMapMode
CreateFontIndirectW

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyW
RegOpenKeyW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteA
SHGetPathFromIDListW
SHBrowseForFolderW
ExtractAssociatedIconW
SHGetMalloc
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

RegisterDragDrop
DoDragDrop
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoCreateGuid
CLSIDFromString
CoTaskMemFree
CoCreateInstance
PropVariantClear
CoInitialize
OleSetContainedObject
OleCreate
RevokeDragDrop
CreateStreamOnHGlobal

oleaut32

SafeArrayDestroy
VariantInit
SysFreeString
SysAllocString
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
VariantClear

msvcp140

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Cnd_broadcast
_Cnd_wait
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Cnd_signal
??Bid@locale@std@@QEAA_KXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?do_encoding@codecvt_base@std@@MEBAHXZ
?do_max_length@codecvt_base@std@@MEBAHXZ
??1codecvt_base@std@@UEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Winerror_map@std@@YAHH@Z
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
_Strxfrm
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_trylock
_Mtx_current_owns
?_Throw_Cpp_error@std@@YAXH@Z
?_Random_device@std@@YAIXZ
_Cnd_timedwait
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Xtime_get_ticks
_Thrd_join
?classic@locale@std@@SAAEBV12@XZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD4@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Cnd_destroy_in_situ
_Cnd_init_in_situ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

ws2_32

WSACleanup
ioctlsocket
htons
WSARecvFrom
htonl
WSAAddressToStringW
ntohs
WSAGetLastError
WSASocketW
WSASendTo
WSAStringToAddressW
WSASetLastError
shutdown
ntohl
WSAStartup
getsockname
setsockopt
select
__WSAFDIsSet
getaddrinfo
WSASend
inet_addr
socket
closesocket
bind
sendto
freeaddrinfo
getsockopt
recv

iphlpapi

GetAdaptersAddresses

wininet

HttpEndRequestA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetAttemptConnect
InternetOpenA
InternetReadFile
InternetCloseHandle
InternetQueryOptionA
InternetSetOptionA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathStripToRootW

winmm

timeBeginPeriod
midiInUnprepareHeader
midiInOpen
midiOutGetDevCapsW
midiOutPrepareHeader
midiOutOpen
midiInStop
midiOutClose
midiOutLongMsg
midiOutGetNumDevs
midiOutShortMsg
midiInGetNumDevs
midiInAddBuffer
midiInClose
midiInStart
midiInGetDevCapsW
midiOutUnprepareHeader
midiInPrepareHeader
midiInReset
timeGetTime

imm32

ImmNotifyIME
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext

opengl32

glGetError
glGetString
glTexSubImage2D
glPixelStorei
wglMakeCurrent
glDisable
glDrawElements
glTexImage2D
glGetIntegerv
glDrawArrays
glGetBooleanv
glClearColor
glDeleteTextures
glTexParameteri
wglGetProcAddress
wglCreateContext
glReadPixels
glBlendFunc
glScissor
glEnable
glGenTextures
glBindTexture
wglGetCurrentContext
wglShareLists
glClear
glViewport
wglDeleteContext

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDrawImageRectI
GdipCloneImage
GdipDeleteGraphics
GdipGetImageHeight
GdipSetInterpolationMode

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_purecall
__std_terminate
__std_exception_destroy
__std_exception_copy
__std_type_info_name
__std_type_info_compare
__std_type_info_hash
__RTtypeid
__C_specific_handler
__current_exception_context
__current_exception
memset
memmove
memcpy
memcmp
memchr
__CxxFrameHandler3
_CxxThrowException
strstr
longjmp
__intrinsic_setjmp
__RTDynamicCast
strchr

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
realloc
calloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
system
exit
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
terminate
_errno
_exit
_c_exit
_fpreset
_register_thread_local_exe_atexit_callback
_endthreadex
_clearfp
_get_narrow_winmain_command_line

api-ms-win-crt-string-l1-1-0

strcpy_s
strcat_s
strncat_s
strnlen
strtok
iswupper
iswspace
towlower
tolower
towupper
iswlower
isdigit
isspace
toupper
iswalnum
isupper
islower
strcmp
strncmp
isalpha
isalnum
iswalpha
strncpy
iswdigit

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vswprintf
__p__commode
ftell
__stdio_common_vfprintf
__stdio_common_vsscanf
fflush
fseek
fclose
fopen
fread
_fseeki64
fwrite
__stdio_common_vsprintf_s
_set_fmode
_ftelli64
fputs
_fileno
freopen_s
_wfopen

api-ms-win-crt-convert-l1-1-0

atof
atoi
strtol
_strtod_l
_atoi64
mbstowcs
strtod
wcstombs

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_stat64i32

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-math-l1-1-0

cosf
ceilf
ceil
atanf
tanf
sqrtf
expf
sinf
atan2f
_hypotf
powf
_hypot
_fdclass
frexp
ldexp
_copysign
cosh
sqrt
logf
log10f
floorf
floor
pow
tanh
round
roundf
exp
atan2
log
tan
fmod
truncf
fabs
acos
asin
llround
sinh
__setusermatherr
atan
sin
log10
cos

api-ms-win-crt-time-l1-1-0

_mkgmtime64
_difftime64
wcsftime
_mktime64
_localtime64_s
_time64
_ftime64_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_create_locale

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42.5MB - Virtual size: 42.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 436KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f72bb13f5d4d32d9c8d5db8bf9b3acc6

Code Sign

b6:4d:54:f0:7c:95:89:b2:59:f1:18:d9:52:07:fe:64Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

19:a9:c7:78:e2:a9:66:03:b7:8a:e0:3d:4a:0a:5c:d6:39:4a:a2:55:1e:44:3d:ff:a1:9e:d4:a2:42:74:9b:b3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp140

ws2_32

iphlpapi

wininet

version

shlwapi

winmm

imm32

opengl32

gdiplus

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 7.0MB - Virtual size: 7.0MB

.rdata Size: 42.5MB - Virtual size: 42.5MB

.data Size: 436KB - Virtual size: 522KB

.pdata Size: 312KB - Virtual size: 312KB

.rsrc Size: 181KB - Virtual size: 181KB

.reloc Size: 99KB - Virtual size: 98KB

b6:4d:54:f0:7c:95:89:b2:59:f1:18:d9:52:07:fe:64
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

19:a9:c7:78:e2:a9:66:03:b7:8a:e0:3d:4a:0a:5c:d6:39:4a:a2:55:1e:44:3d:ff:a1:9e:d4:a2:42:74:9b:b3
Signer

.text
Size: 7.0MB - Virtual size: 7.0MB

.rdata
Size: 42.5MB - Virtual size: 42.5MB

.data
Size: 436KB - Virtual size: 522KB

.pdata
Size: 312KB - Virtual size: 312KB

.rsrc
Size: 181KB - Virtual size: 181KB

.reloc
Size: 99KB - Virtual size: 98KB