EmEditor[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EmEditor.exe
Size

28.2MB
MD5

800d448a91957a48fc301c3fffca0d20
SHA1

50df311187e8367b85f3185340a75bb982646e48
SHA256

b16efd2696b92bc8c9ca88ead1cdbeaf9ac7f6fe7d28b6422fbc6aca4b9fe58d
SHA512

d38b22932025e5eeb4ab18b06e91b73aaa8d5143938f6771c73f4c3c070a97d3fecf294f0c0e69b0044702f7f94648a8498fe68b2395133e4e57b12d4779c267
SSDEEP

393216:cCTZx4TmSJKFY3Logr0nwtPM8YL8ojJTI7ljxAkB9wNowtY:cx7lakGtY

Score

1^/10

Malware Config

Signatures

Files

EmEditor.exe
.exe windows:6 windows x64 arch:x64

2d739c0f897de2f98b40ea036423b1c8

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:6d:93:6c:df:c2:47:17:32:bd:f5:6c:d3:9a:8c:62
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10/04/2023, 00:00

Not After

09/04/2026, 23:59

Subject

CN=Emurasoft\, Inc.,O=Emurasoft\, Inc.,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:5a:06:3a:5b:df:1e:0d:62:1e:1c:36:2b:9f:f9:f9:bb:62:64:c5:98:f7:fd:2c:c0:1f:81:d6:d1:06:3b:59
Signer

Actual PE Digest

9a:5a:06:3a:5b:df:1e:0d:62:1e:1c:36:2b:9f:f9:f9:bb:62:64:c5:98:f7:fd:2c:c0:1f:81:d6:d1:06:3b:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdi32

SetWindowOrgEx
SetWindowExtEx
SetViewportExtEx
SetViewportOrgEx
SetMapMode
CreateSolidBrush
GetStockObject
LineTo
CreatePatternBrush
CreateBitmap
CreateICW
CreateDIBSection
SetBrushOrgEx
EndPage
StartDocW
SetAbortProc
StartPage
AbortDoc
EndDoc
GetCurrentObject
Rectangle
PatBlt
OffsetWindowOrgEx
GetObjectW
MoveToEx
GetBkColor
Polyline
CreatePen
ExtCreatePen
CreateEllipticRgn
GetTextColor
CreateDCW
GetTextMetricsW
GetTextExtentPoint32W
CreateCompatibleBitmap
GetDeviceCaps
DeleteDC
SetBkColor
ExtTextOutW
SetTextColor
SetBkMode
CreateFontIndirectW
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
SetTextAlign

comdlg32

PrintDlgExW
ChooseColorW
GetFileTitleW
PrintDlgW
GetOpenFileNameW
GetSaveFileNameW

comctl32

ImageList_DrawIndirect
CreateStatusWindowW
ImageList_LoadImageW
ImageList_Create
ImageList_AddMasked
ImageList_SetBkColor
InitCommonControlsEx
ord412
ord345
ImageList_Draw
ord410
ord413
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Add
ImageList_SetImageCount

shlwapi

StrStrW
PathCompactPathW
StrFormatByteSizeW
PathRenameExtensionW
PathQuoteSpacesW
StrChrW
PathSkipRootW
PathSetDlgItemPathW
PathIsRootW
PathUnquoteSpacesW
PathGetCharTypeW
PathFileExistsW
AssocQueryStringW
PathRemoveBackslashW
PathMatchSpecExW
PathAddBackslashW
PathIsNetworkPathW
PathMatchSpecW
SHDeleteKeyW
StrStrNIW
StrStrIW
PathIsDirectoryW
PathStripPathW
PathAppendW
PathIsRelativeW
PathCanonicalizeW
StrToIntW
PathIsURLW
PathCombineW
PathParseIconLocationW
PathFindExtensionW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathGetDriveNumberW
PathCompactPathExW
PathRelativePathToW

advapi32

RegEnumKeyExW
RegCloseKey
OpenProcessToken
IsTextUnicode
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
GetFileSecurityW
SetFileSecurityW
RegOpenKeyExA
RegDeleteKeyW
RegQueryValueExA
RegQueryInfoKeyW
RegGetValueA
EventSetInformation
SystemFunction036
RegGetValueW
EventUnregister
EventWriteTransfer
EventRegister

shell32

SHFileOperationW
ord47
ord680
ord74
SetCurrentProcessExplicitAppUserModelID
ExtractIconExW
SHGetKnownFolderPath
ShellExecuteExW
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderPathW
ord171
SHBindToParent
SHGetDesktopFolder
SHOpenFolderAndSelectItems
ord155
ord190
CommandLineToArgvW
SHAddToRecentDocs
ShellExecuteA
SHChangeNotify
SHGetFileInfoW
ord6

imm32

ImmGetConversionStatus
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetProperty
ImmSetOpenStatus
ImmSetCompositionStringW
ImmGetCompositionWindow
ImmAssociateContext
ImmReleaseContext
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmGetContext
ImmIsIME

libhunspell

?suggest@Hunspell@@QEAAHPEAPEAPEADPEBD@Z
?get_dic_encoding@Hunspell@@QEAAPEADXZ
?spell@Hunspell@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAHPEAV23@@Z
?add@Hunspell@@QEAAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Hunspell@@QEAA@PEBD00@Z
?free_list@Hunspell@@QEAAXPEAPEAPEADH@Z
??1Hunspell@@QEAA@XZ

wintrust

WinVerifyTrust

kernel32

ExitProcess
SetThreadGroupAffinity
GetThreadGroupAffinity
GetNumaHighestNodeNumber
GetLogicalProcessorInformationEx
GetCurrentProcessorNumberEx
TlsFree
VirtualQuery
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
GetModuleHandleA
FreeLibraryAndExitThread
QueryDepthSList
InterlockedFlushSList
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
ExitThread
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
SetThreadStackGuarantee
CreateMutexA
LoadLibraryA
WriteConsoleW
GetConsoleMode
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
UnhandledExceptionFilter
TlsSetValue
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetSystemTimeAsFileTime
FlushProcessWriteBuffers
CreateEventExW
AcquireSRWLockShared
ReleaseSRWLockShared
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
InitializeCriticalSectionEx
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
GetACP
HeapSize
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
CreateMutexExW
DeleteCriticalSection
VerSetConditionMask
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
VerifyVersionInfoW
GetFileType
IsDebuggerPresent
EnterCriticalSection
CompareStringOrdinal
LeaveCriticalSection
GetEnvironmentVariableW
MultiByteToWideChar
OutputDebugStringA
lstrlenW
GetPrivateProfileSectionNamesW
ReadFile
GetLocaleInfoW
GetTickCount64
GetNumberFormatW
GlobalUnlock
MulDiv
GetCurrentProcess
ExpandEnvironmentStringsW
GetModuleFileNameW
GlobalLock
CreateProcessW
HeapCreate
SetFilePointerEx
LocalFree
WriteFile
CreateFileW
UnmapViewOfFile
GlobalAlloc
GlobalFree
GetFileSize
CreateFileMappingW
MapViewOfFile
lstrcmpW
lstrlenA
GlobalSize
CreateDirectoryW
GetWindowsDirectoryW
GetUserDefaultUILanguage
DeleteFileW
SystemTimeToFileTime
GetSystemTime
FindFirstFileW
GetFullPathNameW
FindNextFileW
GetPrivateProfileIntW
SetErrorMode
CreateMutexW
FindClose
GetSystemInfo
GlobalMemoryStatusEx
FreeLibrary
LoadLibraryExW
VirtualFree
VirtualAlloc
InitializeCriticalSection
GetTempFileNameW
CompareFileTime
TerminateProcess
CancelIoEx
GetSystemDirectoryW
SetEndOfFile
GlobalGetAtomNameW
LCMapStringW
GetLocaleInfoEx
CompareStringEx
LocaleNameToLCID
QueryPerformanceCounter
GetStringTypeW
GetOEMCP
FindFirstFileExW
IsDBCSLeadByteEx
LCMapStringA
RemoveDirectoryW
SetFileTime
IsNormalizedString
GetDateFormatEx
GetFileAttributesW
SetFileAttributesW
Sleep
GetFileInformationByHandle
CancelSynchronousIo
LCMapStringEx
GetFileAttributesExW
GetLocalTime
NormalizeString
GetTimeFormatW
MoveFileExW
CopyFileW
GetDateFormatW
MoveFileW
GetDriveTypeW
SizeofResource
GetNumberFormatA
SetEvent
GetDiskFreeSpaceExW
GetCurrentThread
QueryPerformanceFrequency
LoadLibraryW
CreateThread
LoadResource
FindResourceW
GetCurrentDirectoryW
GetThreadTimes
lstrcmpiW
SetUnhandledExceptionFilter
GetTempPathW
CreateEventW
ResetEvent
ReadDirectoryChangesW
VirtualProtect
GlobalAddAtomW
GetPrivateProfileStringW
GetExitCodeProcess
SetHandleInformation
CreatePipe
GetLongPathNameW
GetStdHandle
GetSystemDefaultLocaleName
FreeResource
LCIDToLocaleName
GetDurationFormat
AttachConsole
LockResource
FreeConsole
GetPrivateProfileStructW
WritePrivateProfileStringW
DeleteAtom
GetAtomNameW
GetExitCodeThread
WritePrivateProfileStructW
AddAtomW
GetStartupInfoW
GlobalDeleteAtom
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
IsValidCodePage
IsDBCSLeadByte
TzSpecificLocalTimeToSystemTime
GetFileSizeEx
LocalAlloc
AssignProcessToJobObject
WaitForMultipleObjects
CreateJobObjectW
PeekNamedPipe
ResumeThread
DuplicateHandle
TerminateJobObject
RtlCaptureContext
SuspendThread
GetVersionExA
GetThreadContext
ReadProcessMemory
SetCurrentDirectoryW
GetTimeFormatEx
GetLocaleInfoA
SystemTimeToTzSpecificLocalTime
IsBadStringPtrW
GetTickCount
InitOnceBeginInitialize
InitOnceComplete
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
GetFileInformationByHandleEx
SetFileInformationByHandle
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
SwitchToThread
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
FormatMessageA
FlsAlloc
FlsGetValue
FlsSetValue
RtlUnwind
FlsFree
CompareStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ReadConsoleW
GetProcessAffinityMask
DebugBreak

user32

GetMessageW
GetComboBoxInfo
CheckRadioButton
GetForegroundWindow
TrackMouseEvent
GetClassInfoExW
GetSysColorBrush
IsZoomed
SetWindowsHookExW
EndMenu
SetPropW
CreateAcceleratorTableW
UnhookWindowsHookEx
GetKeyboardLayout
GetDoubleClickTime
IsMenu
WindowFromPoint
RegisterClassExW
CallNextHookEx
EnumChildWindows
MonitorFromWindow
MonitorFromRect
GetMessagePos
CreateDialogIndirectParamW
DialogBoxIndirectParamW
GetIconInfo
CopyImage
CreateDialogParamW
AttachThreadInput
RegisterWindowMessageW
SetActiveWindow
CreateMenu
CharPrevW
WaitForInputIdle
GetGUIThreadInfo
GetQueueStatus
WaitMessage
ScrollWindowEx
BringWindowToTop
GetMenu
DrawFrameControl
CopyRect
MsgWaitForMultipleObjects
LoadIconW
IsCharUpperW
IsCharAlphaW
SetRectEmpty
GetWindowDC
FrameRect
InflateRect
CharLowerW
GetGestureInfo
ShowCaret
GetScrollBarInfo
ToUnicode
DestroyCaret
GetUpdateRect
GetWindow
CreateCaret
SetGestureConfig
SetCaretPos
UnionRect
CloseGestureInfoHandle
HideCaret
AllowSetForegroundWindow
SetMenu
SetWindowPlacement
GetDesktopWindow
DestroyIcon
RemoveMenu
AppendMenuW
PostThreadMessageW
SetRect
PostQuitMessage
DrawEdge
PtInRect
SetForegroundWindow
CharNextA
DispatchMessageW
GetKeyNameTextW
PeekMessageW
EnumWindows
IsCharAlphaNumericW
TranslateMessage
LoadImageW
RegisterClipboardFormatW
SetClipboardViewer
ChangeClipboardChain
GetWindowThreadProcessId
FindWindowExW
FindWindowW
GetClassNameW
GetMenuState
OpenClipboard
IsDlgButtonChecked
GetMenuStringW
IsIconic
CharNextExA
SetScrollInfo
GetScrollInfo
GetDlgItemTextW
PostMessageW
SendDlgItemMessageW
SetScrollPos
ScrollWindow
CheckMenuRadioItem
MapWindowPoints
CheckMenuItem
GetLastActivePopup
EndDialog
DialogBoxParamW
SetMenuDefaultItem
DrawFocusRect
TrackPopupMenuEx
SendInput
SendMessageTimeoutW
InvertRect
SetWindowLongPtrW
FillRect
SendMessageW
SetWindowTextW
GetWindowLongPtrW
GetActiveWindow
GetCapture
RedrawWindow
IsDialogMessageW
IsChild
TranslateAcceleratorW
LoadCursorW
GetParent
MonitorFromPoint
GetMenuItemID
GetMenuItemCount
LoadStringA
MessageBeep
CreatePopupMenu
OffsetRect
GetMonitorInfoW
SetMenuItemInfoW
MessageBoxW
DestroyAcceleratorTable
IsWindowEnabled
UpdateWindow
MapVirtualKeyW
GetWindowPlacement
SetClipboardData
GetDlgItem
IsClipboardFormatAvailable
DrawTextW
CheckDlgButton
SystemParametersInfoW
LoadMenuW
GetSystemMetrics
TrackPopupMenu
GetSubMenu
IsWindow
DestroyMenu
InvalidateRect
ReleaseDC
GetClipboardData
SetParent
EnableWindow
GetWindowTextW
CloseClipboard
EmptyClipboard
SetDlgItemTextW
GetClipboardSequenceNumber
DefWindowProcW
DestroyWindow
SetWindowRgn
CreateWindowExW
ScreenToClient
ShowWindow
SetTimer
ClientToScreen
RegisterClassW
MoveWindow
SetFocus
SetCapture
SetCursor
GetClientRect
KillTimer
ReleaseCapture
SetCursorPos
GetCursorPos
BeginPaint
EndPaint
GetMenuItemInfoW
ModifyMenuW
DeleteMenu
LoadStringW
InsertMenuW
UnregisterClassW
LoadAcceleratorsW
CopyAcceleratorTableW
GetSysColor
EnableMenuItem
GetWindowLongW
GetWindowTextLengthW
GetKeyState
ShowScrollBar
CallWindowProcW
GetWindowRect
GetFocus
GetDC
GetCaretPos
IsWindowVisible
CharNextW
ValidateRect
SetWindowPos

ole32

PropVariantClear
CoInitializeEx
CLSIDFromProgID
OleRun
CLSIDFromString
CoTaskMemRealloc
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
ReleaseStgMedium
OleUninitialize
CoUninitialize
CoSetProxyBlanket
OleInitialize

oleaut32

GetErrorInfo
SysFreeString
VarDateFromStr
VarUI4FromStr
SysAllocString
LoadTypeLi
SysStringLen
VariantClear

msimg32

TransparentBlt

ws2_32

closesocket
shutdown
getpeername
WSASend
WSAGetLastError
getsockname
setsockopt
WSASocketW
ioctlsocket
InetNtopW
InetPtonW
send
recv
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
getsockopt
connect
bind
WSAIoctl

bcrypt

BCryptGenRandom

ntdll

NtReadFile
NtWriteFile
NtCreateFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPcToFileHeader

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW

crypt32

CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertGetCertificateChain
CertCloseStore
CertDuplicateStore
CertAddCertificateContextToStore
CertVerifyTimeValidity
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertDuplicateCertificateContext

secur32

AcquireCredentialsHandleA
DecryptMessage
ApplyControlToken
QueryContextAttributesW
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
DeleteSecurityContext

usp10

ScriptStringFree
ScriptStringAnalyse
ScriptStringGetLogicalWidths
ScriptStringOut

uxtheme

DrawThemeBackground
SetWindowTheme
CloseThemeData
IsThemeActive
OpenThemeData
UpdatePanningFeedback
BeginPanningFeedback
EndPanningFeedback

d2d1

ord1

dwrite

DWriteCreateFactory

dwmapi

DwmGetWindowAttribute

Sections

.text
Size: 24.2MB - Virtual size: 24.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 574KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d739c0f897de2f98b40ea036423b1c8

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

6d:6d:93:6c:df:c2:47:17:32:bd:f5:6c:d3:9a:8c:62Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9a:5a:06:3a:5b:df:1e:0d:62:1e:1c:36:2b:9f:f9:f9:bb:62:64:c5:98:f7:fd:2c:c0:1f:81:d6:d1:06:3b:59Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

comdlg32

comctl32

shlwapi

advapi32

shell32

imm32

libhunspell

wintrust

kernel32

user32

ole32

oleaut32

msimg32

ws2_32

bcrypt

ntdll

userenv

crypt32

secur32

usp10

uxtheme

d2d1

dwrite

dwmapi

Sections

.text Size: 24.2MB - Virtual size: 24.2MB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 296KB - Virtual size: 441KB

.pdata Size: 574KB - Virtual size: 574KB

.rsrc Size: 101KB - Virtual size: 100KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

6d:6d:93:6c:df:c2:47:17:32:bd:f5:6c:d3:9a:8c:62
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9a:5a:06:3a:5b:df:1e:0d:62:1e:1c:36:2b:9f:f9:f9:bb:62:64:c5:98:f7:fd:2c:c0:1f:81:d6:d1:06:3b:59
Signer

.text
Size: 24.2MB - Virtual size: 24.2MB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 296KB - Virtual size: 441KB

.pdata
Size: 574KB - Virtual size: 574KB

.rsrc
Size: 101KB - Virtual size: 100KB