2024-06-16_e4dd7df85f6627832cd81a4404fe94ed_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_e4dd7df85f6627832cd81a4404fe94ed_mafia
Size

2.8MB
MD5

e4dd7df85f6627832cd81a4404fe94ed
SHA1

604586e25ae656012a7cb3b3b7fc9715a88aad7c
SHA256

1ecba04447950be89d3cf8b82507d8226d11b0333e7895b59129cff2d8f8f51c
SHA512

ced7baff27587f2eb9c64fe29e74bece613cd29b4e3ea3b87f983d59c0d7d3c98475b984e498839c1a04c6fd79e188f995cd45cc601950c6ebdc4ce82bbd2379
SSDEEP

49152:pINDRSLB0v85+YjUYQNomQMcxWBLWA+mtBx3dvtFHXLKMCA1VFGPHsXOqau57s7N:CNVSLBnTQZQ/x0LEwBx3drHXLKMCAksY

Score

1^/10

Malware Config

Signatures

Files

2024-06-16_e4dd7df85f6627832cd81a4404fe94ed_mafia
.exe windows:5 windows x86 arch:x86

4ec664ff12b0bb6931d831961a8c6792

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:85:59:e8:d5:9f:e0:56:29:9e:6e:8f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

11/12/2023, 17:00

Not After

09/10/2026, 07:40

Subject

CN=ZOHO Corporation Private Limited,O=ZOHO Corporation Private Limited,L=Chennai,ST=Tamil Nadu,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:14:82:49:5d:1b:75:2b:f2:54:27:5d:66:cb:45:40:c6:eb:62:8b:15:a6:93:eb:e5:2c:17:78:93:2f:03:0e
Signer

Actual PE Digest

57:14:82:49:5d:1b:75:2b:f2:54:27:5d:66:cb:45:40:c6:eb:62:8b:15:a6:93:eb:e5:2c:17:78:93:2f:03:0e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Webhost\27-03-2024\WindowsBuilds\DC_NATIVE\8057792\desktopcentral\ONPREMISE\SA_SRC\native\agent\Release\dcusbsummary.pdb

Imports

setupapi

CM_Get_DevNode_Status
SetupDiGetClassDevsW
CM_Get_Parent
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
CM_Get_Child_Ex
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Sibling_Ex
CM_Get_Device_ID_ExW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQuerySessionInformationA
WTSEnumerateSessionsW
WTSEnumerateSessionsA

wsock32

WSAStartup
WSACleanup
WSAGetLastError

userenv

UnloadUserProfile
DestroyEnvironmentBlock
LoadUserProfileA
CreateEnvironmentBlock

iphlpapi

GetAdaptersInfo

winhttp

WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpQueryOption
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetOption
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpen
WinHttpConnect

dcagenthttp

AgentSendRequestEx

crypt32

CertNameToStrW
CertGetNameStringA
CertFindCertificateInStore
CryptStringToBinaryA
CertCreateCertificateContext
CertCloseStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertOpenStore
PFXImportCertStore
PFXVerifyPassword
CertDeleteCertificateFromStore
CertVerifyTimeValidity
CertFreeCertificateContext

netapi32

NetGetJoinInformation
DsGetDcNameA
NetApiBufferFree

dclibxml2

xmlNewTextReaderFilename
xmlStrcmp
xmlFreeTextReader
xmlTextReaderGetAttribute
xmlParseMemory
xmlParseFile
xmlDocGetRootElement
xmlFreeDoc
xmlCleanupParser
xmlNodeListGetString
xmlFree
xmlTextReaderRead
xmlTextReaderName
xmlTextReaderAttributeCount
xmlTextReaderDepth
xmlTextReaderValue

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryValueW
CryptGetHashParam
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegEnumValueW
LookupPrivilegeNameA
GetTokenInformation
LookupAccountSidA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
LookupPrivilegeValueA
CreateProcessAsUserW
LogonUserA
CreateProcessAsUserA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExA
ControlService
CryptGetUserKey
CryptGenKey
RegEnumKeyW
CloseServiceHandle
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
ImpersonateLoggedOnUser
RevertToSelf
RegCreateKeyExW

shlwapi

PathFindExtensionA
StrStrIA
PathRemoveExtensionW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
StrTrimA

shell32

SHCreateDirectoryExA
CommandLineToArgvW
SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHAppBarMessage
SHCreateDirectoryExW

odbc32

ord19
ord12
ord16
ord20
ord3
ord1
ord31
ord41
ord9
ord49
ord48
ord72
ord26
ord13
ord4
ord8
ord18
ord11
ord43
ord39
ord29
ord36
ord2

gdiplus

GdipDeleteBrush
GdipLoadImageFromStream
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImagePalette
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdipFree
GdipGetImageHeight
GdipCreateFontFromDC
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateFromHDC
GdipCloneBrush
GdipCreateFontFromLogfontW
GdipDrawString
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipDrawImageRectI
GdipCreateBitmapFromFile
GdipDeleteFont

kernel32

SetEnvironmentVariableA
GetDriveTypeW
GetProcessHeap
GetEnvironmentVariableA
FindResourceExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
LockResource
lstrlenW
DeleteAtom
GlobalAddAtomW
lstrcpyW
lstrlenA
WideCharToMultiByte
ReadFile
CreateFileW
GetFileSizeEx
GetLastError
CloseHandle
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
GetFileSize
MulDiv
SetLastError
CreateDirectoryW
GetModuleHandleW
WriteFile
Sleep
GetProcAddress
LocalAlloc
DeleteFileW
LocalFree
CreateMutexW
WaitForSingleObject
FormatMessageW
ReleaseMutex
GetSystemTime
DeleteFileA
SystemTimeToFileTime
InitializeCriticalSection
BackupRead
BackupWrite
GetLocalTime
DeleteCriticalSection
FindFirstFileW
FindClose
FindNextFileW
GetCommandLineW
CreateFileA
GetCurrentProcess
FormatMessageA
LoadLibraryW
GetModuleHandleA
GetFileAttributesA
GetLocaleInfoA
FreeLibrary
LoadLibraryA
GetVersionExA
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetExitCodeProcess
OpenProcess
TerminateProcess
CreateProcessA
SetCurrentDirectoryA
GetCurrentDirectoryA
FileTimeToSystemTime
InterlockedDecrement
CreateThread
FindNextFileA
FindFirstFileA
CopyFileA
GetSystemInfo
Process32Next
Process32First
CreateToolhelp32Snapshot
RemoveDirectoryA
GetTickCount
SetDllDirectoryA
CreateMutexA
GetCurrentProcessId
GetModuleFileNameA
ConnectNamedPipe
CreateNamedPipeA
SetFilePointer
SetCurrentDirectoryW
ProcessIdToSessionId
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetSystemDirectoryA
GetCurrentThreadId
CreateTimerQueue
CreateTimerQueueTimer
CreateDirectoryA
FlushFileBuffers
CopyFileW
DisconnectNamedPipe
lstrcmpW
GetFileAttributesExA
GetFullPathNameA
GetComputerNameExW
GlobalFree
GlobalAlloc
QueryPerformanceCounter
SuspendThread
ResumeThread
GetNativeSystemInfo
LocalUnlock
LocalLock
MoveFileExA
GlobalUnlock
GlobalLock
GlobalSize
DeactivateActCtx
ActivateActCtx
GetModuleFileNameW
CreateActCtxW
ReleaseActCtx
CompareStringW
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
FreeResource
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetThreadPriority
GlobalGetAtomNameW
GetThreadLocale
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalFlags
lstrcmpiW
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetWindowsDirectoryW
GetNumberFormatW
SetErrorMode
GetFileAttributesExW
GetFileAttributesW
GetFileTime
GetTempFileNameW
GetTempPathW
InitializeCriticalSectionAndSpinCount
GetProfileIntW
SearchPathW
VirtualProtect
GetUserDefaultLCID
HeapSetInformation
GetStartupInfoW
MoveFileA
HeapFree
EncodePointer
DecodePointer
HeapAlloc
GetCPInfo
VirtualAlloc
VirtualQuery
ExitProcess
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetDriveTypeA
FindFirstFileExA
ExitThread
HeapQueryInformation
HeapSize
SetStdHandle
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
EnumSystemLocalesA
IsValidLocale
CreatePipe
WriteConsoleW
InterlockedCompareExchange

user32

MoveWindow
ShowWindow
WindowFromPoint
GetCursorPos
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetActiveWindow
InflateRect
IntersectRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
LoadMenuW
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
ValidateRect
TranslateMessage
GetMessageW
RealChildWindowFromPoint
UnregisterClassW
SetRectEmpty
DeleteMenu
SetTimer
KillTimer
EnumDisplayMonitors
SetLayeredWindowAttributes
WaitMessage
DestroyIcon
CharUpperW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
GetMenuDefaultItem
CreatePopupMenu
GetAsyncKeyState
InvertRect
HideCaret
EnableScrollBar
NotifyWinEvent
GetIconInfo
CopyImage
DrawIconEx
TranslateAcceleratorW
BringWindowToTop
InsertMenuItemW
LoadAcceleratorsW
ReuseDDElParam
UnpackDDElParam
IsZoomed
SetWindowRgn
SetParent
DestroyAcceleratorTable
SetClassLongW
DrawStateW
DrawEdge
DrawFrameControl
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
LockWindowUpdate
RegisterClipboardFormatW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
IsCharLowerW
MapVirtualKeyExW
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
GetUpdateRect
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
DestroyCursor
GetWindowRgn
SetWindowsHookExW
ScrollWindow
TrackPopupMenu
GetKeyState
SetWindowTextW
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
PostMessageW
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
GetMenu
SetWindowPos
GetWindow
UnhookWindowsHookEx
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MapVirtualKeyW
GetKeyNameTextW
IsWindow
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
MessageBoxA
wsprintfW
FillRect
LoadIconW
PostQuitMessage
GetClassInfoW
GetSysColorBrush
DefWindowProcW
RedrawWindow
GetSysColor
GetSystemMenu
LoadImageW
DrawIcon
CreateIconIndirect
OffsetRect
AppendMenuW
GetDesktopWindow
FrameRect
GetSystemMetrics
UpdateWindow
CopyRect
LoadBitmapW
EnableWindow
SetCursor
RemovePropW
ScreenToClient
GetWindowRect
SetCapture
GetParent
LoadCursorW
GetClientRect
SetPropW
GetDC
DrawFocusRect
InvalidateRect
GetWindowLongW
ReleaseDC
GetDlgItem
SetWindowLongW
ReleaseCapture
SendMessageW
GetPropW
CallWindowProcW
CallNextHookEx
GetClassLongW
GetClassNameW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetMenu
GetCapture
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
IsIconic

gdi32

PtVisible
GetPixel
Polygon
GetWindowExtEx
GetViewportExtEx
RectVisible
SelectClipRgn
Ellipse
SetLayout
GetLayout
ExtTextOutW
Escape
SetViewportOrgEx
GetObjectW
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
Polyline
SetBkMode
SetBkColor
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
CreateBitmap
CreateDCW
CopyMetaFileW
LPtoDP
GetMapMode
GetDeviceCaps
GetStockObject
CreateEllipticRgn
CreatePolygonRgn
CreateRoundRectRgn
BitBlt
CreatePatternBrush
SelectPalette
GetObjectType
DeleteDC
CreateDIBSection
SetDIBColorTable
SelectObject
CreateCompatibleBitmap
SetStretchBltMode
TextOutW
CreateSolidBrush
StretchBlt
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
DeleteObject
CreatePen
CreateHatchBrush
SetRectRgn
CombineRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetTextColor
GetRgnBox
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
SetPixel
Rectangle
OffsetRgn
GetTextFaceW
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
EnumFontFamiliesExW
GetSystemPaletteEntries

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

comctl32

ImageList_GetIconSize
InitCommonControlsEx
_TrackMouseEvent

ole32

RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoRegisterMessageFilter
CoRevokeClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoInitialize
CoCreateInstance

oleaut32

SystemTimeToVariantTime
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
VariantTimeToSystemTime
VariantCopy
SafeArrayAccessData
VariantChangeType
VariantClear
VariantInit
SysAllocString
SysFreeString
SafeArrayGetLBound
SafeArrayDestroy
VarBstrFromDate
OleCreateFontIndirect
SafeArrayGetUBound

oledlg

OleUIBusyW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 493KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ec664ff12b0bb6931d831961a8c6792

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

44:85:59:e8:d5:9f:e0:56:29:9e:6e:8fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

57:14:82:49:5d:1b:75:2b:f2:54:27:5d:66:cb:45:40:c6:eb:62:8b:15:a6:93:eb:e5:2c:17:78:93:2f:03:0eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

wtsapi32

wsock32

userenv

iphlpapi

winhttp

dcagenthttp

crypt32

netapi32

dclibxml2

advapi32

shlwapi

shell32

odbc32

gdiplus

kernel32

user32

gdi32

msimg32

comdlg32

comctl32

ole32

oleaut32

oledlg

oleacc

imm32

winmm

winspool.drv

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 493KB - Virtual size: 492KB

.data Size: 77KB - Virtual size: 110KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 237KB - Virtual size: 236KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

44:85:59:e8:d5:9f:e0:56:29:9e:6e:8f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

57:14:82:49:5d:1b:75:2b:f2:54:27:5d:66:cb:45:40:c6:eb:62:8b:15:a6:93:eb:e5:2c:17:78:93:2f:03:0e
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 493KB - Virtual size: 492KB

.data
Size: 77KB - Virtual size: 110KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 237KB - Virtual size: 236KB