RogueKiller_portable64[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

RogueKiller_portable64.exe
Size

34.6MB
MD5

ee64e4da0e24ce166d29ccdac212e649
SHA1

7f1bd6bae97b99bd09c7a815392418b2c0d98f45
SHA256

d49a4c47cc37cb04eac87f6ee7d3b75bc0d62b99517985b1a4569bf4e794a5b4
SHA512

969f53d5df7a4064710e1c29e468715a54e0a31e996355f7a96f0674fbef7dd93a83b834f2002c4e4d21df3584a488d1da331aee0b4d9dfb28b9ed4b546e0cfb
SSDEEP

393216:7H4nMh4659CCGeN0mADe3tEsSNZJ49bE15JLeimlHtJsv6tWKFdu9CbpJWXM9vR+:xfGlmADe3tEsSNZrePtJWrj5CQchRA

Score

1^/10

Malware Config

Signatures

Files

RogueKiller_portable64.exe
.exe windows:6 windows x64 arch:x64

aafdbc482049665cc4ddf7e52b3e25ba

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13-01-2022 00:00

Not After

12-01-2025 23:59

Subject

CN=ADLICE,O=ADLICE,ST=Loire-Atlantique,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7a:5c:0c:ae:a8:a9:2a:de:c1:f5:11:37:d0:a7:fe:6c:3e:32:10:9a
Signer

Actual PE Digest

7a:5c:0c:ae:a8:a9:2a:de:c1:f5:11:37:d0:a7:fe:6c:3e:32:10:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Adlice\RogueKillerQt\x64\RelWithDebInfo\RogueKiller.pdb

Imports

ws2_32

getnameinfo
inet_pton
WSAIoctl
freeaddrinfo
getaddrinfo

winmm

PlaySoundW
timeKillEvent
timeSetEvent

netapi32

NetShareEnum
NetUserGetInfo
NetApiBufferFree

kernel32

DeleteFiber
CreateFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FormatMessageA
InitializeCriticalSectionEx
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
CreateFileMappingA
SwitchToThread
WTSGetActiveConsoleSessionId
CheckRemoteDebuggerPresent
GlobalUnlock
GlobalLock
GlobalSize
lstrcmpW
CreateFileA
GetFileSizeEx
GetUserDefaultLangID
CompareStringEx
GetLocalTime
SetThreadPriority
GetThreadPriority
GetTickCount64
OutputDebugStringW
IsProcessorFeaturePresent
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetStartupInfoW
GetLogicalDrives
SetEndOfFile
SetFileTime
GetFileInformationByHandleEx
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
UnregisterWaitEx
DefineDosDeviceW
GetTimeZoneInformation
InitializeCriticalSection
InterlockedPushEntrySList
RtlUnwindEx
SwitchToFiber
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
DecodePointer
EncodePointer
GetStringTypeW
GetStdHandle
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GlobalFree
GlobalAlloc
LoadLibraryExW
QueueUserWorkItem
SetFilePointer
GetConsoleCP
GetACP
HeapReAlloc
IsValidLocale
EnumSystemLocalesW
HeapSize
K32GetModuleInformation
Module32NextW
Module32FirstW
CreateRemoteThread
WriteProcessMemory
GetTickCount
GetModuleFileNameA
GetVersionExA
GetCurrentThread
OutputDebugStringA
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
IsValidCodePage
GetOEMCP
FindFirstFileExA
FindNextFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadResource
LockResource
SizeofResource
FindResourceW
HeapDestroy
GetPrivateProfileStringW
GetFileSize
HeapCreate
VirtualQueryEx
AreFileApisANSI
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
IsDebuggerPresent
GetVolumePathNamesForVolumeNameW
GetEnvironmentVariableW
RtlCaptureContext
lstrcpyW
lstrcmpA
IsBadWritePtr
IsBadReadPtr
lstrlenW
lstrcmpiW
VirtualFree
VirtualAlloc
GetVolumeNameForVolumeMountPointW
SetFilePointerEx
QueryDosDeviceW
GetVolumePathNameW
GetFileType
GetFileInformationByHandle
GetDiskFreeSpaceW
DeviceIoControl
ResumeThread
OpenThread
CreateThread
RaiseException
LocalAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTempPathW
GetTempFileNameW
CreateMutexW
ReleaseMutex
GetVersionExW
VerSetConditionMask
CancelIo
GetOverlappedResult
WaitNamedPipeW
CreateNamedPipeW
PeekNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
SetHandleInformation
WriteFile
ReadFile
FlushFileBuffers
Thread32Next
Thread32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32GetModuleBaseNameW
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectW
GetModuleHandleA
ReadProcessMemory
OpenProcess
GetProcessId
CreateProcessW
TerminateThread
GetExitCodeProcess
TerminateProcess
SetStdHandle
GetProcessTimes
DuplicateHandle
GetComputerNameW
FormatMessageW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimes
SetErrorMode
LocalFree
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
GetThreadLocale
GetUserGeoID
GetGeoInfoW
GetLocaleInfoW
GetModuleHandleW
GetModuleFileNameW
Sleep
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetCurrentProcessId
GetCurrentProcess
MoveFileExW
MoveFileW
CopyFileW
GetLastError
SetFileAttributesW
RemoveDirectoryW
GetFileTime
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetShortPathNameW
GetFullPathNameW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
CompareFileTime
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent
CloseHandle
GetConsoleWindow
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
ExitProcess
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetFullPathNameA
RegisterWaitForSingleObject

user32

RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
GetKeyboardLayout
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
UnregisterPowerSettingNotification
UnregisterDeviceNotification
CharNextExA
GetDC
ReleaseDC
DrawIconEx
GetIconInfo
GetSystemMenu
EnableMenuItem
GetSystemMetrics
GetSysColor
SystemParametersInfoW
MessageBoxW
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetCursorInfo
RegisterClassW
EnumDisplayDevicesW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
RealGetWindowClassW
ChangeWindowMessageFilterEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
ChildWindowFromPointEx
ExitWindowsEx
PostMessageW
ShowWindow
RegisterDeviceNotificationW
EnumWindows
GetWindowThreadProcessId
GetProcessWindowStation
GetUserObjectInformationW
SendMessageA
FindWindowA
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetClassNameW
EnumChildWindows
CharNextW
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
SetParent
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
DestroyWindow
IsChild
CreateWindowExW
DefWindowProcW
AttachThreadInput
SendMessageW
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
GetDesktopWindow
UpdateLayeredWindowIndirect

gdi32

CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GdiFlush
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetRegionData
GetObjectW
GetBitmapBits
SetPixelFormat
SwapBuffers
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
SelectClipRgn
OffsetRgn
CreateRectRgn
CombineRgn
BitBlt
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetCharABCWidthsFloatW
CreateCompatibleDC
GetDIBits

shell32

Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHCreateItemFromIDList
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHGetFolderPathW
ShellExecuteExW
SHGetMalloc
CommandLineToArgvW
ShellExecuteW
SHGetKnownFolderPath
SHCreateItemFromParsingName
ord51

ole32

CoInitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
ReleaseStgMedium
OleIsCurrentClipboard
DoDragDrop
CoTaskMemRealloc
CoTaskMemAlloc
StringFromCLSID
CoGetMalloc
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
OleUninitialize

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
SafeArrayPutElement
SafeArrayCreateVector
VarUI4FromStr

advapi32

DeregisterEventSource
GetSecurityInfo
RegisterEventSourceW
ReportEventW
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
MapGenericMask
AccessCheck
RegFlushKey
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
EnumDependentServicesW
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatus
QueryServiceStatusEx
SetServiceObjectSecurity
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
LookupAccountNameW
GetLengthSid
CopySid
FreeSid
CheckTokenMembership
GetTokenInformation
ConvertStringSidToSidW
ConvertSidToStringSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
RegSetKeySecurity
RegGetKeySecurity
LookupAccountSidW
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
IsValidSid
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
GetAce
AllocateAndInitializeSid
GetUserNameW
DuplicateToken
StartServiceW
CreateProcessAsUserW
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW

mpr

WNetGetConnectionW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
LoadUserProfileW
UnloadUserProfile
GetProfilesDirectoryW
GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

PathRemoveExtensionW
StrCmpIW
StrDupW
AssocQueryStringW
StrFormatByteSizeW
PathUnExpandEnvStringsW
PathUnquoteSpacesW
PathSearchAndQualifyW
PathRemoveFileSpecW
PathRemoveBlanksW
PathRemoveBackslashW
PathRemoveArgsW
PathQuoteSpacesW
PathIsNetworkPathW
PathIsRelativeW
PathIsPrefixW
PathIsDirectoryW
PathGetDriveNumberW
PathGetArgsW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCommonPrefixW
PathAppendW
PathAddBackslashW

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

wininet

InternetGetConnectedState

ntdll

NtCreateKey
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPcToFileHeader
NtQuerySystemInformation
NtQueryKey
NtSetValueKey
NtDeleteValueKey
NtDeleteKey
NtOpenKey
NtUnloadDriver
RtlInitUnicodeString
NtLoadDriver

wsock32

shutdown
getsockopt
ntohs
WSAStartup
WSACleanup
inet_ntoa
WSAAsyncSelect
gethostname
sendto
recvfrom
htonl
select
__WSAFDIsSet
htons
getpeername
socket
setsockopt
listen
connect
closesocket
bind
accept
WSASetLastError
send
recv
WSAGetLastError
getsockname

crypt32

CertGetNameStringW
CertNameToStrW
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertGetCertificateContextProperty

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext

bcrypt

BCryptGenRandom
BCryptDeriveKeyPBKDF2
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider

dwmapi

DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmGetWindowAttribute
DwmEnableBlurBehindWindow

uxtheme

GetThemeBool
GetCurrentThemeName
OpenThemeData
GetThemePartSize
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
IsAppThemed
SetWindowTheme
IsThemeActive

imm32

ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey

Sections

.text
Size: 17.9MB - Virtual size: 17.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aafdbc482049665cc4ddf7e52b3e25ba

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7bCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

7a:5c:0c:ae:a8:a9:2a:de:c1:f5:11:37:d0:a7:fe:6c:3e:32:10:9aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winmm

netapi32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

mpr

userenv

version

shlwapi

wtsapi32

wininet

ntdll

wsock32

crypt32

wintrust

bcrypt

dwmapi

uxtheme

imm32

Sections

.text Size: 17.9MB - Virtual size: 17.9MB

.rdata Size: 9.0MB - Virtual size: 9.0MB

.data Size: 300KB - Virtual size: 574KB

.pdata Size: 1.1MB - Virtual size: 1.1MB

.qtmetad Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 13B

.qtmimed Size: 315KB - Virtual size: 315KB

.gfids Size: 512B - Virtual size: 508B

_RDATA Size: 1024B - Virtual size: 544B

.rsrc Size: 5.9MB - Virtual size: 5.9MB

.reloc Size: 112KB - Virtual size: 111KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

7a:5c:0c:ae:a8:a9:2a:de:c1:f5:11:37:d0:a7:fe:6c:3e:32:10:9a
Signer

.text
Size: 17.9MB - Virtual size: 17.9MB

.rdata
Size: 9.0MB - Virtual size: 9.0MB

.data
Size: 300KB - Virtual size: 574KB

.pdata
Size: 1.1MB - Virtual size: 1.1MB

.qtmetad
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 13B

.qtmimed
Size: 315KB - Virtual size: 315KB

.gfids
Size: 512B - Virtual size: 508B

_RDATA
Size: 1024B - Virtual size: 544B

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

.reloc
Size: 112KB - Virtual size: 111KB