7290042f39daccfcf9608409fdfb156f5fb51f89fce9244991980719e32d19b0_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

7290042f39daccfcf9608409fdfb156f5fb51f89fce9244991980719e32d19b0_NeikiAnalytics.exe
Size

990KB
MD5

78d93bd90f8a8291facb817e6da6dcc0
SHA1

047b86666bca080b01d57030eba8017d450a7fba
SHA256

7290042f39daccfcf9608409fdfb156f5fb51f89fce9244991980719e32d19b0
SHA512

fd032d66b81a860ec32cd2755027e93c73c88cac4526f14cf2559b42fdbc64164c76c57b26439b1ba2f86ec6fe49b43b336c3b4855dcb9bd3d99c02789c7a0ec
SSDEEP

12288:VNSW65/ywttk0dFSX7pGJttFijXSO6Q2ubrf4EZ/WB3nypnzJuwj:VwJ/ywfl+QTnoFtbrAM/WnypnzJu

Score

1^/10

Malware Config

Signatures

Files

7290042f39daccfcf9608409fdfb156f5fb51f89fce9244991980719e32d19b0_NeikiAnalytics.exe
.dll windows:6 windows x64 arch:x64

07caf307b5bc2078e2da56590127ba6d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:86:2b:50:1e:e0:25:62:81:f9:11:19:e2:64:5d:c2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/03/2023, 00:00

Not After

21/02/2024, 23:59

Subject

CN=CADMATE SOFTWARE LLP,O=CADMATE SOFTWARE LLP,L=Pathanamthitta,ST=KERALA,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:86:2b:50:1e:e0:25:62:81:f9:11:19:e2:64:5d:c2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/03/2023, 00:00

Not After

21/02/2024, 23:59

Subject

CN=CADMATE SOFTWARE LLP,O=CADMATE SOFTWARE LLP,L=Pathanamthitta,ST=KERALA,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:cc:2e:66:3a:1c:8b:ba:2b:bd:ca:8f:22:05:e6:30:fc:97:3a:6b:4e:eb:9f:24:1c:5f:bf:81:ac:8a:c5:fd
Signer

Actual PE Digest

13:cc:2e:66:3a:1c:8b:ba:2b:bd:ca:8f:22:05:e6:30:fc:97:3a:6b:4e:eb:9f:24:1c:5f:bf:81:ac:8a:c5:fd

Digest Algorithm

sha256

PE Digest Matches

true

af:fd:7e:7c:1b:20:8b:45:e3:81:d6:a7:cf:3b:e9:73:1f:16:8f:1d
Signer

Actual PE Digest

af:fd:7e:7c:1b:20:8b:45:e3:81:d6:a7:cf:3b:e9:73:1f:16:8f:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\autobuild\git_release\make\x64Release\GcGeoData.pdb

Imports

gcdb

?desc@GcDbGeoDataPE@@SAPEAVGcRxClass@@XZ
?isA@GcDbGeoCoordinateSystemCategoryPE@@UEBAPEAVGcRxClass@@XZ
?desc@GcDbGeoCoordinateSystemCategoryPE@@SAPEAVGcRxClass@@XZ
?isA@GcDbGeoCoordinateSystemPE@@UEBAPEAVGcRxClass@@XZ
?desc@GcDbGeoCoordinateSystemPE@@SAPEAVGcRxClass@@XZ
?isA@GcDbGeoCoordinateSystemTransformerPE@@UEBAPEAVGcRxClass@@XZ
?desc@GcDbGeoCoordinateSystemTransformerPE@@SAPEAVGcRxClass@@XZ
??0GcDbExtents2d@@QEAA@XZ
?set@GcDbExtents2d@@QEAA?AW4ErrorStatus@Gcad@@AEBVGcGePoint2d@@0@Z
?create@GcDbGeoCoordinateSystemTransformer@@SA?AW4ErrorStatus@Gcad@@AEBVGcString@@0AEAPEAV1@@Z
?gcdbGetMatrixFromLLA@@YA?AVGcGeMatrix3d@@PEBVGcDbGeoData@@@Z
?gcdbGetSimpleTransformerFromLLA@@YA?AW4ErrorStatus@Gcad@@PEBVGcDbGeoData@@AEAPEAVGcDbGeoCoordinateSystemTransformer@@@Z
?gcdbMeshTransformFromLLA@@YA?AW4ErrorStatus@Gcad@@PEBVGcDbGeoData@@AEBVGcGePoint2d@@AEAV4@@Z
?gcdbGetSimpleTransformerToLLA@@YA?AW4ErrorStatus@Gcad@@PEBVGcDbGeoData@@AEAPEAVGcDbGeoCoordinateSystemTransformer@@@Z
?gcdbGetMatrixLocalFromLLA@@YA?AVGcGeMatrix3d@@PEBVGcDbGeoData@@@Z
?create@GcDbGeoCoordinateSystem@@SA?AW4ErrorStatus@Gcad@@AEBVGcString@@AEAPEAV1@@Z
?gcdbGetMatrixToLLA@@YA?AVGcGeMatrix3d@@PEBVGcDbGeoData@@@Z
?gcdbMeshTransformToLLA@@YA?AW4ErrorStatus@Gcad@@PEBVGcDbGeoData@@AEBVGcGePoint2d@@AEAV4@@Z
?coordinateType@GcDbGeoData@@QEBA?AW4TypeOfCoordinates@1@XZ
?designPoint@GcDbGeoData@@QEBA?AVGcGePoint3d@@XZ
?numMeshPoints@GcDbGeoData@@QEBAHXZ
?numMeshFaces@GcDbGeoData@@QEBAHXZ
?gcdbGetMatrixLocalToLLA@@YA?AVGcGeMatrix3d@@PEBVGcDbGeoData@@@Z
?isA@GcDbGeoDataPE@@UEBAPEAVGcRxClass@@XZ
?desc@GcDbGeoData@@SAPEAVGcRxClass@@XZ

gcbase

??HGcGePoint3d@@QEBA?AV0@AEBVGcGeVector3d@@@Z
??0GcGePoint3d@@QEAA@NNN@Z
??GGcGePoint3d@@QEBA?AV0@AEBVGcGeVector3d@@@Z
??0GcGeVector3d@@QEAA@NNN@Z
?asVector@GcGePoint3d@@QEBA?AVGcGeVector3d@@XZ
??0GcGePoint2d@@QEAA@NN@Z
??0GcGePoint2d@@QEAA@XZ
?gcDToStr@@YA?AVGcString@@NDHH@Z
?name@GcRxClass@@QEBAPEB_WXZ
?set@GcGeVector2d@@QEAAAEAV1@NN@Z
?gcrxIsAddRef@@YA_NPEBVGcRxClass@@@Z
?setEmpty@GcString@@QEAAAEAV1@XZ
?format@GcAnsiString@@QEAAAEAV1@PEBDZZ
?replace@GcString@@QEAAHPEB_W0@Z
?compareNoCase@GcString@@QEBAHPEB_W@Z
?gcrxIsRelease@@YA_NPEBVGcRxClass@@@Z
?compare@GcString@@QEBAHPEB_W@Z
??0GcAnsiString@@QEAA@PEBD@Z
?toString@GcAnsiString@@QEBA?AVGcString@@XZ
gcrx_abort
?gcrxIsNumRefs@@YA_NPEBVGcRxClass@@@Z
?newGcRxClass@@YAPEAVGcRxClass@@PEB_W0HP6APEAVGcRxObject@@XZ00@Z
?gcrxFindGcRxClass@@YAPEAVGcRxClass@@PEB_W@Z
?transformBy@GcGePoint3d@@QEAAAEAV1@AEBVGcGeMatrix3d@@@Z
??1GcRxObject@@UEAA@XZ
??BGcAnsiString@@QEBAPEBDXZ
?precat@GcString@@QEBA?AV1@PEB_W@Z
?concat@GcString@@QEBA?AV1@AEBV1@@Z
??0GcRxModule@@QEAA@XZ
?gcrxSystemServices@@YAPEAVGcRxSystemServices@@XZ
??0GcError@@QEAA@AEBV0@@Z
??0GcError@@QEAA@W4ErrorStatus@Gcad@@@Z
?append@GcString@@QEAAAEAV1@PEB_W@Z
??1GcError@@QEAA@XZ
??0GcRxObject@@IEAA@XZ
?format@GcString@@QEAAAEAV1@PEB_WZZ
?assign@GcString@@QEAAAEAV1@PEB_W@Z
?assign@GcString@@QEAAAEAV1@AEBV1@@Z
?find@GcString@@QEBAH_WH@Z
?find@GcString@@QEBAHPEB_W@Z
??0GcString@@QEAA@AEBV0@@Z
?subQueryX@GcRxObject@@MEBAPEAV1@PEBVGcRxClass@@@Z
?comparedTo@GcRxObject@@UEBA?AW4Ordering@GcRx@@PEBV1@@Z
?isEqualTo@GcRxObject@@UEBA_NPEBV1@@Z
?copyFrom@GcRxObject@@UEAA?AW4ErrorStatus@Gcad@@PEBV1@@Z
?clone@GcRxObject@@UEBAPEAV1@XZ
??1GcAnsiString@@QEAA@XZ
??0GcAnsiString@@QEAA@PEB_W@Z
?concat@GcString@@QEBA?AV1@PEB_W@Z
??4GcString@@QEAAAEAV0@$$QEAV0@@Z
??0GcString@@QEAA@$$QEAV0@@Z
?substr@GcString@@QEBA?AV1@HH@Z
?findLastOneOf@GcString@@QEBAHPEB_WH@Z
??1GcString@@QEAA@XZ
??0GcString@@QEAA@XZ
??0GcString@@QEAA@PEB_W@Z
?delX@GcRxClass@@QEAAPEAVGcRxObject@@PEAV1@@Z
?addX@GcRxClass@@QEAAPEAVGcRxObject@@PEAV1@PEAV2@@Z
?setApplicationLock@GcRxModule@@UEAAX_N@Z
?isApplicationLocked@GcRxModule@@UEBA_NXZ
?loadReference@GcRxModule@@UEBAJXZ
?releaseLoadReference@GcRxModule@@UEAAXXZ
?addLoadReference@GcRxModule@@UEAAXXZ
?isGrxExtend@GcRxModule@@UEBA_NXZ
?delRxClass@GcRxModule@@UEAAXPEAVGcRxClass@@@Z
??0GcAnsiString@@QEAA@XZ
??0GcGePoint2d@@QEAA@AEBV0@@Z
?addRxClass@GcRxModule@@UEAAXPEAVGcRxClass@@@Z
??1GcRxModule@@UEAA@XZ
?isA@GcRxModule@@UEBAPEAVGcRxClass@@XZ
??0GcGePoint3d@@QEAA@XZ
?trimRight@GcString@@QEAAAEAV1@_W@Z
?deleteGcRxClass@@YAXPEAVGcRxClass@@@Z

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetModuleHandleW
GetModuleFileNameW

msvcp140

?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?seekg@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?peek@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAGXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
?_Xbad_alloc@std@@YAXXZ
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAGXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ

vcruntime140

__C_specific_handler
__CxxFrameHandler3
_purecall
__std_terminate
strchr
strrchr
memset
memmove
strstr
memcpy
wcsrchr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memcmp

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_errno
terminate
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
__doserrno

api-ms-win-crt-convert-l1-1-0

strtod
atof
strtol
strtoul
atoi
wcstol
wcstod
mbstowcs
wcstombs
atol
wcstoul

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-stdio-l1-1-0

fgetwc
fputwc
ungetwc
__stdio_common_vsnprintf_s
fputc
fopen_s
fputs
setvbuf
fflush
fgetpos
fsetpos
fgetc
fseek
feof
_fseeki64
ungetc
__stdio_common_vswprintf
__stdio_common_vfprintf
fclose
ferror
fgets
fopen
fread
fwrite
__stdio_common_vsprintf
__stdio_common_vsscanf
ftell

api-ms-win-crt-string-l1-1-0

towlower
isdigit
strncmp
isupper
wcsncpy
iswdigit
isalpha
isalnum
tolower
_strdup
iswspace
iswctype
isspace
strncpy

api-ms-win-crt-math-l1-1-0

_isnan
log10
tanh
frexp
fmod
sinh
tan
sin
pow
log
cos
atan
asin
acos
sqrt
atan2
cosh
exp

api-ms-win-crt-heap-l1-1-0

_callnewh
free
calloc
malloc
realloc

api-ms-win-crt-filesystem-l1-1-0

remove
rename
_stat64i32
_lock_file
_unlock_file
_access

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

Exports

Exports

gcrxCreateModuleObject
gcrxGetApiVersion

Sections

.text
Size: 671KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07caf307b5bc2078e2da56590127ba6d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:86:2b:50:1e:e0:25:62:81:f9:11:19:e2:64:5d:c2Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:86:2b:50:1e:e0:25:62:81:f9:11:19:e2:64:5d:c2Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

13:cc:2e:66:3a:1c:8b:ba:2b:bd:ca:8f:22:05:e6:30:fc:97:3a:6b:4e:eb:9f:24:1c:5f:bf:81:ac:8a:c5:fdSigner

af:fd:7e:7c:1b:20:8b:45:e3:81:d6:a7:cf:3b:e9:73:1f:16:8f:1dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gcdb

gcbase

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 671KB - Virtual size: 670KB

.rdata Size: 202KB - Virtual size: 202KB

.data Size: 56KB - Virtual size: 60KB

.pdata Size: 37KB - Virtual size: 37KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 3KB - Virtual size: 2KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:86:2b:50:1e:e0:25:62:81:f9:11:19:e2:64:5d:c2
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:86:2b:50:1e:e0:25:62:81:f9:11:19:e2:64:5d:c2
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

13:cc:2e:66:3a:1c:8b:ba:2b:bd:ca:8f:22:05:e6:30:fc:97:3a:6b:4e:eb:9f:24:1c:5f:bf:81:ac:8a:c5:fd
Signer

af:fd:7e:7c:1b:20:8b:45:e3:81:d6:a7:cf:3b:e9:73:1f:16:8f:1d
Signer

.text
Size: 671KB - Virtual size: 670KB

.rdata
Size: 202KB - Virtual size: 202KB

.data
Size: 56KB - Virtual size: 60KB

.pdata
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 3KB - Virtual size: 2KB