04be2f28d1b8cdcee6c5067dd6129f52533bc35b67ef6bd8bbdcbf40ce7e8f32

Sharing

Copy URL Twitter E-mail

General

Target

04be2f28d1b8cdcee6c5067dd6129f52533bc35b67ef6bd8bbdcbf40ce7e8f32
Size

596KB
MD5

086e573eb286c73ebc91031e4c56cbc4
SHA1

a8bcde9b31b26d25f722962e014b3ac030478758
SHA256

04be2f28d1b8cdcee6c5067dd6129f52533bc35b67ef6bd8bbdcbf40ce7e8f32
SHA512

7526b37976821466c2372c5076e3e774825d3b64dbd6b243daf4032503b119e2d2fff704ee6f62fd62a2956d5e2abe4e0247e986684d93762217714d993031e1
SSDEEP

12288:R9yvh8xqladb5DLoN6jM8DJpHmphr5ZaEF3p:jAh05/oN6jM8DuH1ZlF3p

Score

1^/10

Malware Config

Signatures

Files

04be2f28d1b8cdcee6c5067dd6129f52533bc35b67ef6bd8bbdcbf40ce7e8f32
.dll windows:4 windows x64 arch:x64

8a85ef3d8252f8112c5f62c1a2ed68b0

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:01:09:f1:4e:9f:f8:7c:a2:e5:3c:a8:00:00:00:01:09:f1
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

28/05/2024, 17:43

Not After

31/05/2024, 17:43

Subject

CN=GitHub\, Inc.,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:01:09:f1:4e:9f:f8:7c:a2:e5:3c:a8:00:00:00:01:09:f1
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

28/05/2024, 17:43

Not After

31/05/2024, 17:43

Subject

CN=GitHub\, Inc.,O=GitHub\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:37:02:4b:c5:2a:40:7a:35:4b:00:00:00:00:00:37
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15/02/2024, 20:35

Not After

15/02/2025, 20:35

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=Thales TSS ESN:BB73-96FD-77EF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:f8:b4:2e:0f:bc:82:33:ef:38:18:f5:2e:f6:80:05:64:e7:e2:32:aa:1b:a6:7b:57:a8:63:51:6e:0b:22:6f
Signer

Actual PE Digest

7d:f8:b4:2e:0f:bc:82:33:ef:38:18:f5:2e:f6:80:05:64:e7:e2:32:aa:1b:a6:7b:57:a8:63:51:6e:0b:22:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

PDB Paths

Imports

msys-2.0

__cxa_atexit
__getreent
__locale_ctype_ptr
_impure_ptr
abort
calloc
cygwin_internal
dll_dllcrt0
fgetc
fprintf
fputc
fread
free
fscanf
fwrite
getc
malloc
memcpy
memmove
memset
msys_detach_dll
nl_langinfo
posix_memalign
printf
putc
putchar
puts
raise
realloc
snprintf
sscanf
strchr
strcmp
strlen
strstr
strtol
ungetc
vfprintf
vsnprintf
vsprintf

kernel32

GetModuleHandleA

Exports

Exports

__gcc_deregister_frame
__gcc_register_frame
__gmp_0
__gmp_allocate_func
__gmp_asprintf
__gmp_asprintf_final
__gmp_asprintf_funs
__gmp_asprintf_memory
__gmp_asprintf_reps
__gmp_assert_fail
__gmp_assert_header
__gmp_binvert_limb_table
__gmp_bits_per_limb
__gmp_default_allocate
__gmp_default_fp_limb_precision
__gmp_default_free
__gmp_default_reallocate
__gmp_digit_value_tab
__gmp_divide_by_zero
__gmp_doprnt
__gmp_doprnt_integer
__gmp_doprnt_mpf2
__gmp_doscan
__gmp_errno
__gmp_exception
__gmp_extract_double
__gmp_fac2cnt_table
__gmp_fib_table
__gmp_fprintf
__gmp_fprintf_funs
__gmp_free_func
__gmp_fscanf
__gmp_fscanf_funs
__gmp_get_memory_functions
__gmp_init_primesieve
__gmp_invalid_operation
__gmp_jacobi_table
__gmp_junk
__gmp_limbroots_table
__gmp_mt_recalc_buffer
__gmp_nextprime
__gmp_odd2fac_table
__gmp_oddfac_table
__gmp_overflow_in_mpz
__gmp_primesieve
__gmp_printf
__gmp_randclear
__gmp_randclear_mt
__gmp_randget_mt
__gmp_randinit
__gmp_randinit_default
__gmp_randinit_lc_2exp
__gmp_randinit_lc_2exp_size
__gmp_randinit_mt
__gmp_randinit_mt_noseed
__gmp_randinit_set
__gmp_randiset_mt
__gmp_rands
__gmp_rands_initialized
__gmp_randseed
__gmp_randseed_ui
__gmp_reallocate_func
__gmp_scanf
__gmp_set_memory_functions
__gmp_snprintf
__gmp_snprintf_funs
__gmp_sprintf
__gmp_sprintf_funs
__gmp_sqrt_of_negative
__gmp_sscanf
__gmp_sscanf_funs
__gmp_tmp_reentrant_alloc
__gmp_tmp_reentrant_free
__gmp_urandomb_ui
__gmp_urandomm_ui
__gmp_vasprintf
__gmp_version
__gmp_vfprintf
__gmp_vfscanf
__gmp_vprintf
__gmp_vscanf
__gmp_vsnprintf
__gmp_vsprintf
__gmp_vsscanf
__gmpf_abs
__gmpf_add
__gmpf_add_ui
__gmpf_ceil
__gmpf_clear
__gmpf_clears
__gmpf_cmp
__gmpf_cmp_d
__gmpf_cmp_si
__gmpf_cmp_ui
__gmpf_cmp_z
__gmpf_div
__gmpf_div_2exp
__gmpf_div_ui
__gmpf_dump
__gmpf_eq
__gmpf_fits_sint_p
__gmpf_fits_slong_p
__gmpf_fits_sshort_p
__gmpf_fits_uint_p
__gmpf_fits_ulong_p
__gmpf_fits_ushort_p
__gmpf_floor
__gmpf_get_d
__gmpf_get_d_2exp
__gmpf_get_default_prec
__gmpf_get_prec
__gmpf_get_si
__gmpf_get_str
__gmpf_get_ui
__gmpf_init
__gmpf_init2
__gmpf_init_set
__gmpf_init_set_d
__gmpf_init_set_si
__gmpf_init_set_str
__gmpf_init_set_ui
__gmpf_inits
__gmpf_inp_str
__gmpf_integer_p
__gmpf_mul
__gmpf_mul_2exp
__gmpf_mul_ui
__gmpf_neg
__gmpf_out_str
__gmpf_pow_ui
__gmpf_random2
__gmpf_reldiff
__gmpf_set
__gmpf_set_d
__gmpf_set_default_prec
__gmpf_set_prec
__gmpf_set_prec_raw
__gmpf_set_q
__gmpf_set_si
__gmpf_set_str
__gmpf_set_ui
__gmpf_set_z
__gmpf_size
__gmpf_sqrt
__gmpf_sqrt_ui
__gmpf_sub
__gmpf_sub_ui
__gmpf_swap
__gmpf_trunc
__gmpf_ui_div
__gmpf_ui_sub
__gmpf_urandomb
__gmpn_add
__gmpn_add_1
__gmpn_add_err1_n
__gmpn_add_err2_n
__gmpn_add_err3_n
__gmpn_add_n
__gmpn_add_n_atom
__gmpn_add_n_bd1
__gmpn_add_n_bt1
__gmpn_add_n_core2
__gmpn_add_n_coreihwl
__gmpn_add_n_coreisbr
__gmpn_add_n_goldmont
__gmpn_add_n_init
__gmpn_add_n_pentium4
__gmpn_add_n_silvermont
__gmpn_add_n_sub_n
__gmpn_add_n_x86_64
__gmpn_add_nc_atom
__gmpn_add_nc_bd1
__gmpn_add_nc_bt1
__gmpn_add_nc_core2
__gmpn_add_nc_coreihwl
__gmpn_add_nc_coreisbr
__gmpn_add_nc_goldmont
__gmpn_add_nc_pentium4
__gmpn_add_nc_silvermont
__gmpn_add_nc_x86_64
__gmpn_addlsh1_n
__gmpn_addlsh1_n_atom
__gmpn_addlsh1_n_bd1
__gmpn_addlsh1_n_core2
__gmpn_addlsh1_n_coreisbr
__gmpn_addlsh1_n_init
__gmpn_addlsh1_n_pentium4
__gmpn_addlsh1_n_silvermont
__gmpn_addlsh1_n_x86_64
__gmpn_addlsh1_n_zen
__gmpn_addlsh1_nc_atom
__gmpn_addlsh1_nc_bd1
__gmpn_addlsh1_nc_coreisbr
__gmpn_addlsh1_nc_zen
__gmpn_addlsh2_n
__gmpn_addlsh2_n_atom
__gmpn_addlsh2_n_core2
__gmpn_addlsh2_n_coreisbr
__gmpn_addlsh2_n_init
__gmpn_addlsh2_n_pentium4
__gmpn_addlsh2_n_silvermont
__gmpn_addlsh2_n_x86_64
__gmpn_addlsh2_nc_coreisbr
__gmpn_addlsh_n
__gmpn_addmul_1
__gmpn_addmul_1_atom
__gmpn_addmul_1_bd1
__gmpn_addmul_1_bt1
__gmpn_addmul_1_core2
__gmpn_addmul_1_coreibwl
__gmpn_addmul_1_coreihwl
__gmpn_addmul_1_coreinhm
__gmpn_addmul_1_coreisbr
__gmpn_addmul_1_goldmont
__gmpn_addmul_1_init
__gmpn_addmul_1_pentium4
__gmpn_addmul_1_silvermont
__gmpn_addmul_1_x86_64
__gmpn_addmul_1_zen
__gmpn_addmul_1c_core2
__gmpn_addmul_1c_silvermont
__gmpn_addmul_2
__gmpn_addmul_2_atom
__gmpn_addmul_2_bd1
__gmpn_addmul_2_coreihwl
__gmpn_addmul_2_coreisbr
__gmpn_addmul_2_fat
__gmpn_addmul_2_init
__gmpn_addmul_2_k8
__gmpn_addmul_2_pentium4
__gmpn_and_n
__gmpn_andn_n
__gmpn_bases
__gmpn_bc_mulmod_bnm1
__gmpn_bc_set_str
__gmpn_bdiv_dbm1c
__gmpn_bdiv_dbm1c_init
__gmpn_bdiv_dbm1c_x86_64
__gmpn_bdiv_q
__gmpn_bdiv_q_1
__gmpn_bdiv_q_itch
__gmpn_bdiv_qr
__gmpn_bdiv_qr_itch
__gmpn_binvert
__gmpn_binvert_itch
__gmpn_broot
__gmpn_broot_invm1
__gmpn_brootinv
__gmpn_bsqrt
__gmpn_bsqrtinv
__gmpn_cmp
__gmpn_cnd_add_n
__gmpn_cnd_add_n_atom
__gmpn_cnd_add_n_coreisbr
__gmpn_cnd_add_n_init
__gmpn_cnd_add_n_x86_64
__gmpn_cnd_sub_n
__gmpn_cnd_sub_n_atom
__gmpn_cnd_sub_n_coreisbr
__gmpn_cnd_sub_n_init
__gmpn_cnd_sub_n_x86_64
__gmpn_cnd_swap
__gmpn_com
__gmpn_com_atom
__gmpn_com_bd1
__gmpn_com_bt2
__gmpn_com_core2
__gmpn_com_init
__gmpn_com_x86_64
__gmpn_com_zen
__gmpn_compute_powtab
__gmpn_copyd
__gmpn_copyd_atom
__gmpn_copyd_bd1
__gmpn_copyd_bt1
__gmpn_copyd_bt2
__gmpn_copyd_core2
__gmpn_copyd_init
__gmpn_copyd_nano
__gmpn_copyd_x86_64
__gmpn_copyd_zen
__gmpn_copyi
__gmpn_copyi_atom
__gmpn_copyi_bd1
__gmpn_copyi_bt1
__gmpn_copyi_bt2
__gmpn_copyi_core2
__gmpn_copyi_init
__gmpn_copyi_nano
__gmpn_copyi_x86_64
__gmpn_copyi_zen
__gmpn_cpuid
__gmpn_cpuvec
__gmpn_cpuvec_init
__gmpn_cpuvec_initialized
__gmpn_dc_set_str
__gmpn_dcpi1_bdiv_q
__gmpn_dcpi1_bdiv_qr
__gmpn_dcpi1_bdiv_qr_n
__gmpn_dcpi1_bdiv_qr_n_itch
__gmpn_dcpi1_div_q
__gmpn_dcpi1_div_qr
__gmpn_dcpi1_div_qr_n
__gmpn_dcpi1_divappr_q
__gmpn_div_q
__gmpn_div_qr_1
__gmpn_div_qr_1n_pi1
__gmpn_div_qr_2
__gmpn_div_qr_2n_pi1
__gmpn_div_qr_2u_pi1
__gmpn_divexact
__gmpn_divexact_1
__gmpn_divexact_1_atom
__gmpn_divexact_1_init
__gmpn_divexact_1_nano
__gmpn_divexact_1_x86_64
__gmpn_divexact_by3
__gmpn_divexact_by3c
__gmpn_divisible_p
__gmpn_divmod_1
__gmpn_divrem
__gmpn_divrem_1
__gmpn_divrem_1_core2
__gmpn_divrem_1_coreisbr
__gmpn_divrem_1_init
__gmpn_divrem_1_x86_64
__gmpn_divrem_2
__gmpn_dump
__gmpn_fft_best_k
__gmpn_fft_next_size
__gmpn_fib2_ui
__gmpn_fib2m
__gmpn_gcd
__gmpn_gcd_1
__gmpn_gcd_11
__gmpn_gcd_11_bd1
__gmpn_gcd_11_bt1
__gmpn_gcd_11_bt2
__gmpn_gcd_11_core2
__gmpn_gcd_11_coreisbr
__gmpn_gcd_11_init
__gmpn_gcd_11_k10
__gmpn_gcd_11_nano
__gmpn_gcd_11_x86_64
__gmpn_gcd_11_zen
__gmpn_gcd_22
__gmpn_gcd_subdiv_step
__gmpn_gcdext
__gmpn_gcdext_1
__gmpn_gcdext_hook
__gmpn_gcdext_lehmer_n
__gmpn_get_d
__gmpn_get_str
__gmpn_hamdist
__gmpn_hgcd
__gmpn_hgcd2
__gmpn_hgcd2_jacobi
__gmpn_hgcd_appr
__gmpn_hgcd_appr_itch
__gmpn_hgcd_itch
__gmpn_hgcd_jacobi
__gmpn_hgcd_matrix_adjust
__gmpn_hgcd_matrix_init
__gmpn_hgcd_matrix_mul
__gmpn_hgcd_matrix_mul_1
__gmpn_hgcd_matrix_update_q
__gmpn_hgcd_mul_matrix1_vector
__gmpn_hgcd_reduce
__gmpn_hgcd_reduce_itch
__gmpn_hgcd_step
__gmpn_invert
__gmpn_invert_limb
__gmpn_invert_limb_table
__gmpn_invertappr
__gmpn_ior_n
__gmpn_iorn_n
__gmpn_jacobi_2
__gmpn_jacobi_base
__gmpn_jacobi_n
__gmpn_lshift
__gmpn_lshift_atom
__gmpn_lshift_core2
__gmpn_lshift_coreisbr
__gmpn_lshift_init
__gmpn_lshift_k10
__gmpn_lshift_pentium4
__gmpn_lshift_silvermont
__gmpn_lshift_x86_64
__gmpn_lshift_zen
__gmpn_lshiftc
__gmpn_lshiftc_atom
__gmpn_lshiftc_core2
__gmpn_lshiftc_coreisbr
__gmpn_lshiftc_init
__gmpn_lshiftc_k10
__gmpn_lshiftc_pentium4
__gmpn_lshiftc_silvermont
__gmpn_lshiftc_x86_64
__gmpn_lshiftc_zen
__gmpn_matrix22_mul
__gmpn_matrix22_mul1_inverse_vector
__gmpn_matrix22_mul_itch
__gmpn_mod_1
__gmpn_mod_1_1p
__gmpn_mod_1_1p_cps
__gmpn_mod_1_1p_cps_init
__gmpn_mod_1_1p_cps_x86_64
__gmpn_mod_1_1p_init
__gmpn_mod_1_1p_x86_64
__gmpn_mod_1_fat
__gmpn_mod_1_init
__gmpn_mod_1s_2p
__gmpn_mod_1s_2p_cps
__gmpn_mod_1s_2p_cps_init
__gmpn_mod_1s_2p_cps_x86_64
__gmpn_mod_1s_2p_init
__gmpn_mod_1s_2p_x86_64
__gmpn_mod_1s_3p
__gmpn_mod_1s_3p_cps
__gmpn_mod_1s_4p
__gmpn_mod_1s_4p_cps
__gmpn_mod_1s_4p_cps_init
__gmpn_mod_1s_4p_cps_x86_64
__gmpn_mod_1s_4p_init
__gmpn_mod_1s_4p_x86_64
__gmpn_mod_34lsub1
__gmpn_mod_34lsub1_init
__gmpn_mod_34lsub1_pentium4
__gmpn_mod_34lsub1_x86_64
__gmpn_modexact_1_odd_x86_64
__gmpn_modexact_1c_odd
__gmpn_modexact_1c_odd_init
__gmpn_modexact_1c_odd_x86_64
__gmpn_mu_bdiv_q
__gmpn_mu_bdiv_q_itch
__gmpn_mu_bdiv_qr
__gmpn_mu_bdiv_qr_itch
__gmpn_mu_div_q
__gmpn_mu_div_q_itch
__gmpn_mu_div_qr
__gmpn_mu_div_qr_itch
__gmpn_mu_divappr_q
__gmpn_mu_divappr_q_itch
__gmpn_mul
__gmpn_mul_1
__gmpn_mul_1_atom
__gmpn_mul_1_bd1
__gmpn_mul_1_bt1
__gmpn_mul_1_coreihwl
__gmpn_mul_1_coreisbr
__gmpn_mul_1_goldmont
__gmpn_mul_1_init
__gmpn_mul_1_pentium4
__gmpn_mul_1_silvermont
__gmpn_mul_1_x86_64
__gmpn_mul_1_zen
__gmpn_mul_1c_atom
__gmpn_mul_1c_bd1
__gmpn_mul_1c_bt1
__gmpn_mul_1c_coreisbr
__gmpn_mul_1c_goldmont
__gmpn_mul_1c_pentium4
__gmpn_mul_1c_silvermont
__gmpn_mul_1c_x86_64
__gmpn_mul_1c_zen
__gmpn_mul_2
__gmpn_mul_basecase
__gmpn_mul_basecase_bd1
__gmpn_mul_basecase_bt1
__gmpn_mul_basecase_core2
__gmpn_mul_basecase_coreibwl
__gmpn_mul_basecase_coreihwl
__gmpn_mul_basecase_coreisbr
__gmpn_mul_basecase_fat
__gmpn_mul_basecase_init
__gmpn_mul_basecase_k8
__gmpn_mul_basecase_pentium4
__gmpn_mul_basecase_silvermont
__gmpn_mul_basecase_zen
__gmpn_mul_fft
__gmpn_mul_n
__gmpn_mullo_basecase
__gmpn_mullo_basecase_core2
__gmpn_mullo_basecase_coreibwl
__gmpn_mullo_basecase_coreihwl
__gmpn_mullo_basecase_coreisbr
__gmpn_mullo_basecase_fat
__gmpn_mullo_basecase_init
__gmpn_mullo_basecase_k8
__gmpn_mullo_basecase_pentium4
__gmpn_mullo_basecase_silvermont
__gmpn_mullo_basecase_zen
__gmpn_mullo_n
__gmpn_mulmid
__gmpn_mulmid_basecase
__gmpn_mulmid_n
__gmpn_mulmod_bknp1
__gmpn_mulmod_bnm1
__gmpn_mulmod_bnm1_next_size
__gmpn_nand_n

Sections

.text
Size: 459KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 592B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a85ef3d8252f8112c5f62c1a2ed68b0

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:01:09:f1:4e:9f:f8:7c:a2:e5:3c:a8:00:00:00:01:09:f1Certificate

Extended Key Usages

Key Usages

33:00:01:09:f1:4e:9f:f8:7c:a2:e5:3c:a8:00:00:00:01:09:f1Certificate

Extended Key Usages

Key Usages

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04Certificate

Key Usages

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07Certificate

Key Usages

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

33:00:00:00:37:02:4b:c5:2a:40:7a:35:4b:00:00:00:00:00:37Certificate

Extended Key Usages

Key Usages

7d:f8:b4:2e:0f:bc:82:33:ef:38:18:f5:2e:f6:80:05:64:e7:e2:32:aa:1b:a6:7b:57:a8:63:51:6e:0b:22:6fSigner

Headers

File Characteristics

PDB Paths

Imports

msys-2.0

kernel32

Exports

Exports

Sections

.text Size: 459KB - Virtual size: 459KB

.data Size: 1024B - Virtual size: 576B

.rdata Size: 72KB - Virtual size: 72KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 8KB - Virtual size: 7KB

.xdata Size: 10KB - Virtual size: 9KB

.bss Size: - Virtual size: 592B

.edata Size: 25KB - Virtual size: 25KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 732B

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:01:09:f1:4e:9f:f8:7c:a2:e5:3c:a8:00:00:00:01:09:f1
Certificate

33:00:01:09:f1:4e:9f:f8:7c:a2:e5:3c:a8:00:00:00:01:09:f1
Certificate

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:37:02:4b:c5:2a:40:7a:35:4b:00:00:00:00:00:37
Certificate

7d:f8:b4:2e:0f:bc:82:33:ef:38:18:f5:2e:f6:80:05:64:e7:e2:32:aa:1b:a6:7b:57:a8:63:51:6e:0b:22:6f
Signer

.text
Size: 459KB - Virtual size: 459KB

.data
Size: 1024B - Virtual size: 576B

.rdata
Size: 72KB - Virtual size: 72KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 8KB - Virtual size: 7KB

.xdata
Size: 10KB - Virtual size: 9KB

.bss
Size: - Virtual size: 592B

.edata
Size: 25KB - Virtual size: 25KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 732B