d643d954e63e34f0ad0425673a7cd1a23fbaffe06cc047825e2632334e9f6863

Sharing

Copy URL Twitter E-mail

General

Target

d643d954e63e34f0ad0425673a7cd1a23fbaffe06cc047825e2632334e9f6863
Size

2.6MB
MD5

fb1e38cd8c69ae6f97ebc210f46c5228
SHA1

dc3a0c2c3a237b5809b7759aa2d160582faf5818
SHA256

d643d954e63e34f0ad0425673a7cd1a23fbaffe06cc047825e2632334e9f6863
SHA512

23d72bd6ee10f37e325e439759e99e5a4d963ec4b49e32bbc0562b64cfbc311015d9b78b723df9282e435ce1557cfbacd34f008d66bfa36ddea77e6aac4a27c3
SSDEEP

49152:5ddQQX7jvRfptcJKNTx85pPwT55kdQJoEWanfqB:3xlN555WaA

Score

1^/10

Malware Config

Signatures

Files

d643d954e63e34f0ad0425673a7cd1a23fbaffe06cc047825e2632334e9f6863
.dll windows:10 windows x64 arch:x64

8eacf7a6cfc9cb8457deaf3bd5c9bdca

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:09

Not After

14/11/2024, 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:1b:03:86:e0:e4:4f:ff:8b:b1:80:b4:c5:b4:a4:c0:6e:85:dc:bb:39:4c:35:5b:8d:04:ea:4e:c1:11:5c:9d
Signer

Actual PE Digest

58:1b:03:86:e0:e4:4f:ff:8b:b1:80:b4:c5:b4:a4:c0:6e:85:dc:bb:39:4c:35:5b:8d:04:ea:4e:c1:11:5c:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\__w\1\b\Release\x64\bin\PixStorage.pdb

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCurrentThread
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
OutputDebugStringW
CreateFileW
CloseHandle
WriteConsoleW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
UnmapViewOfFile
HeapValidate
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
GetSystemInfo
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
SystemTimeToFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
GetTickCount
QueryPerformanceCounter
CreateThread
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
InitializeCriticalSectionEx
DecodePointer
CreateEventW
ResetEvent
SetEvent
WaitForMultipleObjects
SetThreadDescription
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
WakeAllConditionVariable
SleepConditionVariableSRW
GetLocaleInfoEx
LCMapStringEx
CompareStringEx

ntdll

RtlPcToFileHeader
RtlUnwindEx

advapi32

CloseTrace
ProcessTrace
QueryTraceProcessingHandle
OpenTraceW

ole32

CLSIDFromString

shlwapi

PathRemoveFileSpecW
PathCombineW

version

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

Exports

Exports

ConvertTraceToTimingCapture
CreateCaptureUpdater
CreateEtwDecoder
CreateEtwPreprocessor
CreateInstructionTracePopulator
CreatePixCapturePopulator2
CreateVideoFrameQuery
DecodeTraceConvertProgress
GetProcessesFromEtlFile
P3SAnalyzeMemoryAllocations
P3SCancelQueries
P3SCloseStorage
P3SCreateStorage
P3SExtractCapture
P3SExtractCaptureEx
P3SGetExtendedRules
P3SGetRuleDefinitions
P3SIterateMetricValues
P3SMigrateCapture
P3SOpenStorage
P3SQueryAllActiveApiObjects
P3SQueryAllStringsUTF8
P3SQueryAllSymbolStringsUTF8
P3SQueryAllThreadInstances
P3SQueryAllocationMigrations
P3SQueryAmd64ContextRegistersStored
P3SQueryAmd64ContextRegistersValues
P3SQueryApiMarkerById
P3SQueryApiMarkersInThread
P3SQueryApiObjectMemoryUsageRange
P3SQueryApiObjectMemoryUsageValues
P3SQueryApiObjectNameIds
P3SQueryApiQueueIDs
P3SQueryApiQueueInfo
P3SQueryBookmarks
P3SQueryCaptureFactById
P3SQueryCaptureFacts
P3SQueryCaptureType
P3SQueryCoarseApiMarkerStridesInThread
P3SQueryCoarseCpuMemoryStridesInAllocator
P3SQueryCoarseDsOpMarkerStridesInQueue
P3SQueryCoarseExecutionStridesInThread
P3SQueryCoarseGpuExecutionStridesInApiQueue
P3SQueryCoarseGpuWorkStridesInApiQueue
P3SQueryCoarseSqttActivity
P3SQueryCoarseStackEventStrides
P3SQueryCommandListApiMarkers
P3SQueryCommandListInApiQueue
P3SQueryContextSwitchById
P3SQueryContextSwitchCoarseStridesInCore
P3SQueryContextSwitchCoarseStridesInThread
P3SQueryContextSwitchDetails
P3SQueryContextSwitchReadyInfo
P3SQueryContextSwitchesInCore
P3SQueryContextSwitchesInThread
P3SQueryCoreForThreadAtTime
P3SQueryCoreInfo
P3SQueryCoreThreadRuns
P3SQueryCorrespondingMemoryEvents
P3SQueryCounterGroups
P3SQueryCounterIDs
P3SQueryCpuMemoryAllocatorInfo
P3SQueryCpuMemoryEventInfoByID
P3SQueryCpuMemoryEventRateRange
P3SQueryCpuMemoryEventRateValues
P3SQueryCpuMemoryLeakSizeRange
P3SQueryCpuMemoryLeakSizeValues
P3SQueryCpuMemoryUsageRange
P3SQueryCpuMemoryUsageValues
P3SQueryCpuSampleDetails
P3SQueryCpuSamplesInCore
P3SQueryCpuSamplesInThread
P3SQueryCpuUsageRange
P3SQueryCpuUsageValues
P3SQueryCustomDataTypeInfoByID
P3SQueryCustomDataTypes
P3SQueryCustomExecutionInfoByID
P3SQueryCustomExecutionsInDataType
P3SQueryCustomMarkerInfoByID
P3SQueryCustomMarkersInDataType
P3SQueryDemotedAllocations
P3SQueryDroppedDataCounts
P3SQueryDsBatchInQueue
P3SQueryDsBatchInfoByID
P3SQueryDsOpMarkerByID
P3SQueryDsOpMarkerInQueue
P3SQueryDsQueueByID
P3SQueryDsQueues
P3SQueryDsWorkInQueue
P3SQueryEngineCaptureVersion
P3SQueryExecutionById
P3SQueryExecutionForGpuExecution
P3SQueryExecutionsInThread
P3SQueryFileDescriptionStringsUTF8
P3SQueryFileDescriptions
P3SQueryFileInfoTable
P3SQueryFileOpInfoByID
P3SQueryFileOpInfoInIODevice
P3SQueryFirstOrLastVideoFrameTimestamp
P3SQueryFunctionInformation
P3SQueryGpuApiExecutionInApiQueue
P3SQueryGpuApiWorkById
P3SQueryGpuExecutionByEventIdAndQueue
P3SQueryGpuExecutionById
P3SQueryGpuExecutionsForCpuExecution
P3SQueryGpuExecutionsInApiQueue
P3SQueryGpuFrameInfo
P3SQueryGpuFrames
P3SQueryGpuFramesStored
P3SQueryGpuMarkerById
P3SQueryGpuMarkerInfoForCpuMarker
P3SQueryGpuMarkersInApiQueue
P3SQueryGpuWorkForApiMarker
P3SQueryGpuWorkInApiQueue
P3SQueryHeapFacts
P3SQueryImageXMemFlagsStored
P3SQueryInputControllerByID
P3SQueryInputControllers
P3SQueryInputMarkerInfoInController
P3SQueryInstructionAggregation
P3SQueryInstructionExecutionTimeline
P3SQueryInstructionMapDetail
P3SQueryInstructionMemoryAccessData
P3SQueryInstructionRollupSummaries
P3SQueryInstructionSequenceRangeInThread
P3SQueryMarkerById
P3SQueryMarkersInThread
P3SQueryMemoryAccesses
P3SQueryMemoryAccessesForSample
P3SQueryMemoryEventsInAllocator
P3SQueryMemoryUsageSampleInfo
P3SQueryMemoryUsageSamplesStored
P3SQueryMetricAggregationRanges
P3SQueryNextCaptureData
P3SQueryNextCaptureMessages
P3SQueryNextContextSwitchForThread
P3SQueryNumCacheLevels
P3SQueryNumCores
P3SQueryPEFile
P3SQueryPageFaults
P3SQueryPixConsolidatedEventDurationRange
P3SQueryPixConsolidatedEventDurationValues
P3SQueryPixCounterRange
P3SQueryPixCounterRateSclksRange
P3SQueryPixCounterRateSclksValues
P3SQueryPixCounterRateSecondsRange
P3SQueryPixCounterRateSecondsValues
P3SQueryPixCounterValues
P3SQueryPixCpuConsolidatedEventIds
P3SQueryPixCpuConsolidatedEventScheduledTimeRange
P3SQueryPixCpuConsolidatedEventScheduledTimeValues
P3SQueryPixCpuConsolidatedEventStallRange
P3SQueryPixCpuConsolidatedEventStallValues
P3SQueryPixEventDurationRange
P3SQueryPixEventDurationValues
P3SQueryPixEventIds
P3SQueryPixEventScheduledTimeRange
P3SQueryPixEventScheduledTimeValues
P3SQueryPixEventStalledTimeRange
P3SQueryPixEventStalledTimeValues
P3SQueryPixExecutionStridesByEventId
P3SQueryPixExecutionsByEventId
P3SQueryPixExecutionsByEventIdAndThread
P3SQueryPixGpuConsolidatedEventIds
P3SQueryPixGpuEventDurationRange
P3SQueryPixGpuEventDurationValues
P3SQueryPixMarkerIds
P3SQueryPmcProfileSamples
P3SQueryPriorContextSwitchInCore
P3SQueryProcAllocatorIds
P3SQueryProcessImages
P3SQueryProcesses
P3SQueryProfileSources
P3SQueryRawMemoryEventsInAllocator
P3SQueryResidenceOperations
P3SQueryResidenceOperationsById
P3SQueryResidenceOperationsByType
P3SQueryResidenceOperationsStored
P3SQuerySelectInstruction
P3SQuerySourceFiles
P3SQuerySourceLines
P3SQuerySqttActivity
P3SQuerySqttAggregateActivity
P3SQuerySqttLaneDescriptors
P3SQuerySqttShaderRefByShaderWorkId
P3SQuerySqttShaderWorkById
P3SQueryStackEventsByThreadId
P3SQueryStorageVersion
P3SQueryThreadInfo
P3SQueryThreadStackRange
P3SQueryThreads
P3SQueryTitleMemoryUsageRange
P3SQueryTitleMemoryUsageValues
P3SQueryTotalInstructionCount
P3SQueryUniqueInstructions
P3SQueryVideoFrameForTimestamp
P3SQueryVideoFrameTimestamps
P3SQueryVideoFramesStored
P3SQueryVirtualMemoryInfo
P3SQueryWin32DeviceByID
P3SQueryWin32DeviceUsageRange
P3SQueryWin32DeviceUsageValues
P3SQueryWin32Devices
P3SRegisterExternalLogger
P3SRetrieveMemorySnapshots
P3SRetrieveModuleSymbols
P3SRetrieveModules
P3SRetrieveStackAtTimestamp
P3SRetrieveStacksInRange
P3SRetrieveTypeAccessSites
P3SRetrieveTypeAllocSites
P3SRetrieveTypeList
P3SRetrieveTypeMemberFields
P3SRunExtendedRule
P3SRunRule
P3SStoreMemorySnapshot
sqlite3_batchexpand_init

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 603KB - Virtual size: 603KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8eacf7a6cfc9cb8457deaf3bd5c9bdca

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:afCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

58:1b:03:86:e0:e4:4f:ff:8b:b1:80:b4:c5:b4:a4:c0:6e:85:dc:bb:39:4c:35:5b:8d:04:ea:4e:c1:11:5c:9dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

advapi32

ole32

shlwapi

version

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 603KB - Virtual size: 603KB

.data Size: 21KB - Virtual size: 28KB

.pdata Size: 60KB - Virtual size: 60KB

_RDATA Size: 1024B - Virtual size: 640B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

58:1b:03:86:e0:e4:4f:ff:8b:b1:80:b4:c5:b4:a4:c0:6e:85:dc:bb:39:4c:35:5b:8d:04:ea:4e:c1:11:5c:9d
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 603KB - Virtual size: 603KB

.data
Size: 21KB - Virtual size: 28KB

.pdata
Size: 60KB - Virtual size: 60KB

_RDATA
Size: 1024B - Virtual size: 640B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB