PingPlotter Professional 5[.]24[.]3[.]8913 [Programs[.]TheMicroTech[.]Net][.]zip

Resubmissions

12-06-2024 04:57

240612-flpr1a1flp 6

12-06-2024 04:52

240612-fhvtva1eqd 6

Sharing

Copy URL

Twitter E-mail

General

Target

PingPlotter Professional 5.24.3.8913 [Programs.TheMicroTech.Net].zip
Size

21.8MB
MD5

06b28940f886c3a1b4725d771f17627e
SHA1

ed052cbc64558c946ee3c9a291c6d4a38df88d30
SHA256

653d46b5d17c5fd51248e6dde5adc57a5d7621299b7561cecf2479464da44efd
SHA512

78cf2fba2b784e9450c2e3f6de7f721add508fbfa7458970bfc0ab31f72f00740d50c2838194898310a4956925ed7a3182579f2f81bbf0b7859d9c8b03b7d623
SSDEEP

393216:0f+9iAgusmjmj+8/Znma5RPf72BLYJjPXjyT2u0wbkY0tD20yoZYp6uspWfPfUgp:0Q1gDmjPKl2BMJST2upxJwYp6dp6vK2T

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PingPlotter Professional 5.24.3.8913/KEYGEN-FFF/PingPlotter.v3.30.4_KEYGEN-FFF.exe
unpack003/$PLUGINSDIR/DotNetChecker.dll
unpack003/$PLUGINSDIR/StdUtils.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsisdl.dll

Files

PingPlotter Professional 5.24.3.8913 [Programs.TheMicroTech.Net].zip
.zip

Password: 123
PingPlotter Professional 5.24.3.8913/KEYGEN-FFF/FFF.NFO
PingPlotter Professional 5.24.3.8913/KEYGEN-FFF/PingPlotter.v3.30.4_KEYGEN-FFF.exe
.exe windows:4 windows x86 arch:x86

Password: 123

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.textbss
Size: - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 449KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 740B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 24B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PingPlotter Professional 5.24.3.8913/Readme.txt
PingPlotter Professional 5.24.3.8913/pingplotter_install.exe
.exe windows:4 windows x86 arch:x86

Password: 123

e221f4f7d36469d53810a4b5f9fc8966

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:35:5a:7a:3d:83:43:09:80:be:01:ea:f1:02:fe:83
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

31-03-2022 00:00

Not After

03-04-2024 23:59

Subject

CN=Pingman Tools LLC,O=Pingman Tools LLC,L=Boise,ST=Idaho,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:a0:4e:7a:18:ee:94:0b:6e:41:c4:f2:17:ad:26:75:be:9c:fb:55:29:df:9e:c6:36:87:60:8b:84:d9:ff:fa
Signer

Actual PE Digest

91:a0:4e:7a:18:ee:94:0b:6e:41:c4:f2:17:ad:26:75:be:9c:fb:55:29:df:9e:c6:36:87:60:8b:84:d9:ff:fa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathW
SetFileTime
CloseHandle
GetShortPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
GetFullPathNameW
CreateDirectoryW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
SetFileAttributesW
ExpandEnvironmentStringsW
SetErrorMode
LoadLibraryW
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
lstrcpyA
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
lstrcmpiW
lstrcmpW
WaitForSingleObject
GlobalFree
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
FreeLibrary
WritePrivateProfileStringW
GetCommandLineW
GetTempPathW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
WriteFile
lstrlenA
WideCharToMultiByte

user32

EndDialog
ScreenToClient
GetWindowRect
RegisterClassW
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
wsprintfW
CreateWindowExW
SystemParametersInfoW
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
GetDC
SetWindowLongW
LoadImageW
SendMessageTimeoutW
FindWindowExW
EmptyClipboard
OpenClipboard
TrackPopupMenu
EndPaint
ShowWindow
GetDlgItem
IsWindow
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 912KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DotNetChecker.dll
.dll windows:6 windows x86 arch:x86

Password: 123

97f7d9845e06a5a728269d7279e09e03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\sean.fleming\source\repos\NsisDotNetChecker\plugin\Release\DotNetChecker.pdb

Imports

kernel32

FreeLibrary
LoadLibraryExW
GetProcAddress
CreateFileW
DecodePointer
LoadLibraryW
GetSystemInfo
SetErrorMode
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetStringTypeW
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
RaiseException

user32

GetSystemMetrics
wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Exports

Exports

GetDotNet10ServicePack
GetDotNet11ServicePack
GetDotNet20ServicePack
GetDotNet30ServicePack
GetDotNet35ServicePack
GetDotNet40ClientServicePack
GetDotNet40FullServicePack
GetDotNet451ServicePack
GetDotNet452ServicePack
GetDotNet45ServicePack
GetDotNet461ServicePack
GetDotNet462ServicePack
GetDotNet46ServicePack
GetDotNet471ServicePack
GetDotNet472ServicePack
GetDotNet47ServicePack
IsDotNet10Installed
IsDotNet11Installed
IsDotNet20Installed
IsDotNet30Installed
IsDotNet35Installed
IsDotNet40ClientInstalled
IsDotNet40FullInstalled
IsDotNet451Installed
IsDotNet452Installed
IsDotNet45Installed
IsDotNet461Installed
IsDotNet462Installed
IsDotNet46Installed
IsDotNet471Installed
IsDotNet472Installed
IsDotNet47Installed

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

Password: 123

dda53b55a0bf89654a47326daafd5297

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

iswspace
_msize
??2@YAPAXI@Z
??3@YAXPAX@Z
iswalpha
_snprintf
swscanf
abort
iswcntrl
_beginthreadex
time
srand
rand
iswalnum
__wgetmainargs
wcsncpy
_wcsnicmp
wcschr
calloc
free
_wcsicmp
_snwprintf
memset

shlwapi

ord176

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCommandLineW
InterlockedExchange
HeapValidate
InterlockedDecrement
InterlockedIncrement
GetSystemTime
OutputDebugStringA
DeleteCriticalSection
GetExitCodeProcess
InitializeCriticalSection
SystemTimeToFileTime
TerminateThread
WaitForSingleObject
GetProcAddress
GetVersion
GetFileAttributesW
LoadLibraryW
GetModuleHandleW
FreeLibrary
CloseHandle
GetFileSizeEx
CreateFileW
ReadFile
WriteFile
SetFilePointerEx
GlobalAlloc
lstrcpynW
GlobalFree
LeaveCriticalSection
EnterCriticalSection
GetTickCount
Sleep
VerSetConditionMask
GetVersionExW
VerifyVersionInfoW
GetLastError
LocalAlloc
LocalFree

user32

AllowSetForegroundWindow
MessageBoxA
GetWindowThreadProcessId
CreateWindowExW
LoadStringW
UnregisterClassW
SetTimer
DestroyWindow
wsprintfW
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageW
KillTimer
DispatchMessageW
RegisterClassW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

Exports

Exports

AppendToFile
DisableVerboseMode
Dummy
EnableVerboseMode
ExecShellAsUser
ExecShellWaitEx
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetHours
GetLibVersion
GetMinutes
GetOsEdition
GetParameter
GetRealOsBuildNo
GetRealOsName
GetRealOsVersion
HashFile
HashText
InvokeShellVerb
ParameterCnt
ParameterStr
Rand
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
TestParameter
Time
TimerCreate
TimerDestroy
TrimStr
TrimStrLeft
TrimStrRight
ValidFileName
ValidPathSpec
VerifyRealOsBuildNo
VerifyRealOsVersion
WaitForProcEx

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

Password: 123

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisdl.dll
.dll windows:4 windows x86 arch:x86

Password: 123

d09878220c1fdc2c2325ac1b89d388da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
WaitForSingleObject
CloseHandle
lstrlenA
GlobalAlloc
GlobalFree
MulDiv
lstrcatA
GetTickCount
Sleep
WriteFile
CreateFileW
lstrcpyW
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
lstrcpyA
lstrcmpiA
CreateThread

user32

SetWindowLongW
RegisterWindowMessageW
CallWindowProcW
DestroyWindow
EnableWindow
CharPrevA
GetWindowRect
CreateWindowExW
SetDlgItemTextA
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExW
wsprintfA
SetWindowTextA
SendMessageW
GetWindowLongW

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

wsock32

__WSAFDIsSet
ioctlsocket
inet_ntoa
htons
socket
closesocket
shutdown
connect
gethostbyname
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_4_
.msi

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

Headers

File Characteristics

Sections

.textbss Size: - Virtual size: 664KB

.text Size: 3KB - Virtual size: 4KB

.data Size: 449KB - Virtual size: 452KB

.idata Size: 740B - Virtual size: 4KB

.tls Size: 24B - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 16KB

.reloc Size: 24B - Virtual size: 4KB

Password: 123

e221f4f7d36469d53810a4b5f9fc8966

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:35:5a:7a:3d:83:43:09:80:be:01:ea:f1:02:fe:83Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

91:a0:4e:7a:18:ee:94:0b:6e:41:c4:f2:17:ad:26:75:be:9c:fb:55:29:df:9e:c6:36:87:60:8b:84:d9:ff:faSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 408KB

.ndata Size: - Virtual size: 912KB

.rsrc Size: 37KB - Virtual size: 36KB

Password: 123

97f7d9845e06a5a728269d7279e09e03

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 160B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

Password: 123

dda53b55a0bf89654a47326daafd5297

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

.textbss
Size: - Virtual size: 664KB

.text
Size: 3KB - Virtual size: 4KB

.data
Size: 449KB - Virtual size: 452KB

.idata
Size: 740B - Virtual size: 4KB

.tls
Size: 24B - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 16KB

.reloc
Size: 24B - Virtual size: 4KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:35:5a:7a:3d:83:43:09:80:be:01:ea:f1:02:fe:83
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

91:a0:4e:7a:18:ee:94:0b:6e:41:c4:f2:17:ad:26:75:be:9c:fb:55:29:df:9e:c6:36:87:60:8b:84:d9:ff:fa
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 408KB

.ndata
Size: - Virtual size: 912KB

.rsrc
Size: 37KB - Virtual size: 36KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 610B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 882B