GenshinImpactCloud_install_ua_afd3d53ab951[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

GenshinImpactCloud_install_ua_afd3d53ab951.exe
Size

203.8MB
MD5

9cb92f02f07e3c36c0160857cb974a16
SHA1

17c82e4e64afaf4cf322ca42a17559c21cc73f14
SHA256

a4303ed06b09664661a1b21659997757537e6eca2052eea495058b0dc9fe4d59
SHA512

4e7e506189b8268bea3444aba78445308865e61aca924e86c53cd1ab4033dd5087f3f2a050e3ab03872423b13e68c981ad418ac8ab4cf7fbb3db06cec40fed2f
SSDEEP

6291456:VX6qnQNWA1DrBuZ8z3FCl6TljaeqTTR2:V6qnQNl1vBuZ8TFCDeqTT

Score

1^/10

Malware Config

Signatures

Files

GenshinImpactCloud_install_ua_afd3d53ab951.exe
.exe windows:6 windows x64 arch:x64

ecf8dba47ec39ab2f50b07b17946e5f8

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:11:c6:9a:75:1a:b5:3d:0c:4c:4d:18:b9:ed:0a:00
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13-10-2021 00:00

Not After

12-10-2024 23:59

Subject

CN=COGNOSPHERE PTE. LTD.,O=COGNOSPHERE PTE. LTD.,L=SINGAPORE,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:11:c6:9a:75:1a:b5:3d:0c:4c:4d:18:b9:ed:0a:00
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13-10-2021 00:00

Not After

12-10-2024 23:59

Subject

CN=COGNOSPHERE PTE. LTD.,O=COGNOSPHERE PTE. LTD.,L=SINGAPORE,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:51:3f:1b:95:39:f0:39:8e:44:10:6c:66:f9:71:5a:b6:0a:27:c1:7b:15:14:5c:5e:32:ff:36:b8:1b:ce:9c
Signer

Actual PE Digest

6a:51:3f:1b:95:39:f0:39:8e:44:10:6c:66:f9:71:5a:b6:0a:27:c1:7b:15:14:5c:5e:32:ff:36:b8:1b:ce:9c

Digest Algorithm

sha256

PE Digest Matches

true

91:af:0c:2c:0f:6c:5a:9d:65:4c:e3:4a:30:d1:be:80:c9:72:2f:1e
Signer

Actual PE Digest

91:af:0c:2c:0f:6c:5a:9d:65:4c:e3:4a:30:d1:be:80:c9:72:2f:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\jenkins\workspace\PC\Windows-Release\src\packages\release\InstallSetup.pdb

Imports

kernel32

FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
GetStartupInfoW
GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
ConnectNamedPipe
CreateNamedPipeW
GetExitCodeProcess
GetProcessId
UnregisterWaitEx
RegisterWaitForSingleObject
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointerEx
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
VirtualAlloc
VirtualFree
GetTickCount64
WriteFile
GetFileSizeEx
CreateFileA
lstrcmpW
GetConsoleWindow
GetThreadTimes
GetCurrentThread
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
EndUpdateResourceW
UpdateResourceW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExW
GetUserPreferredUILanguages
GetUserDefaultLCID
BeginUpdateResourceW
SetFilePointer
ReadFile
GetCurrencyFormatW
MultiByteToWideChar
FindResourceW
SizeofResource
GetLocalTime
SetHandleInformation
GlobalFree
LocalAlloc
GetOverlappedResult
WaitNamedPipeW
DisconnectNamedPipe
WriteConsoleW
SetEnvironmentVariableW
GetOEMCP
GetACP
GetSystemTime
SetConsoleCtrlHandler
HeapQueryInformation
EnumSystemLocalesW
IsValidLocale
SetStdHandle
SetFileAttributesW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
LoadLibraryExW
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
GetLocaleInfoEx
GetExitCodeThread
CreateSymbolicLinkW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetSystemTimeAsFileTime
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
LCMapStringEx
EncodePointer
RtlCaptureStackBackTrace
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
RtlPcToFileHeader
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
FormatMessageA
DeleteFileW
GetDateFormatW
GetTimeFormatW
GetSystemDirectoryW
ResetEvent
GetSystemInfo
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
CreateFileW
DuplicateHandle
LockResource
LoadResource
FindResourceExW
GetCurrentProcessId
WaitForMultipleObjects
Sleep
OpenMutexW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
GetSystemPowerStatus
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
AttachConsole
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
ExpandEnvironmentStringsW
GetCommandLineW
CreateEventW
WaitForSingleObjectEx
SetEvent
CompareStringEx
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
OutputDebugStringW
GetNativeSystemInfo
TlsFree
GetModuleFileNameW
TlsSetValue
TlsGetValue
TlsAlloc
VerifyVersionInfoW
LoadLibraryW
FreeLibrary
VerSetConditionMask
GetTempFileNameA
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitProcess
GetUserDefaultLangID
GlobalSize
GetLocaleInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
OpenProcess
CheckRemoteDebuggerPresent
CreateProcessW
WTSGetActiveConsoleSessionId
FormatMessageW
LocalFree
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
IsValidCodePage
CreateFileMappingW

user32

GetSystemMetrics
EnableMenuItem
GetSystemMenu
SystemParametersInfoW
CharNextExA
UnregisterDeviceNotification
RegisterDeviceNotificationW
PostThreadMessageW
KillTimer
ReleaseDC
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
MessageBoxW
RemovePropW
GetPropW
SetPropW
CallWindowProcW
WindowFromDC
ChangeWindowMessageFilterEx
RealGetWindowClassW
EnumWindows
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
DefWindowProcW
GetSysColor
GetDC
UnregisterClassW
TranslateMessage
DestroyWindow
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
PostMessageW
SetWindowPos
SetTimer
LoadCursorW
GetCursor
SetCursorPos
EnumDisplayDevicesW
RegisterClassW
TrackPopupMenuEx
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
DrawIconEx
FlashWindowEx
MoveWindow
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetMenu
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetWindowLongPtrW
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongPtrW

gdi32

ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW
GetBitmapBits
SetPixelFormat
ChoosePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
BitBlt
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
CombineRgn
GetDIBits
OffsetRgn

shell32

ShellExecuteW
SHCreateItemFromParsingName
SHGetFileInfoW
SHGetStockIconInfo
ord727
SHGetKnownFolderPath
SHChangeNotify
SHCreateItemFromIDList
SHGetMalloc
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect
CommandLineToArgvW
SHFileOperationW

ole32

CoInitialize
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
OleGetClipboard
OleSetClipboard
StringFromGUID2
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
ReleaseStgMedium
CoGetMalloc
CoLockObjectExternal
CoCreateGuid

oleaut32

SafeArrayCreateVector
SafeArrayPutElement
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocStringLen
VarBstrCmp

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
SystemFunction036
OpenProcessToken
AccessCheck
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
SetSecurityDescriptorOwner
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
RegNotifyChangeKeyValue

dxgi

CreateDXGIFactory

mpr

WNetGetUniversalNameW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetShareEnum
NetApiBufferFree

imm32

ImmGetDefaultIMEWnd
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetContext

winmm

timeKillEvent
PlaySoundW
timeSetEvent

ws2_32

WSASocketW
WSASendTo
WSASend
WSARecvFrom
WSAAsyncSelect
WSACleanup
WSAStartup
gethostname
WSANtohs
WSARecv
listen
htonl
ntohl
getaddrinfo
freeaddrinfo
getnameinfo
getsockopt
__WSAFDIsSet
bind
closesocket
getpeername
getsockname
htons
WSANtohl
select
setsockopt
WSAGetLastError
WSAAccept
WSAConnect
WSAHtonl
WSAIoctl

d3d9

D3DPERF_EndEvent
D3DPERF_BeginEvent
D3DPERF_SetMarker
D3DPERF_GetStatus
Direct3DCreate9

uxtheme

GetThemePartSize
OpenThemeData
GetThemeMargins
GetThemeColor
GetThemeInt
GetThemeEnumValue
GetCurrentThemeName
IsAppThemed
IsThemeActive
SetWindowTheme
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
CloseThemeData
GetThemeTransitionDuration
GetThemePropertyOrigin

dwmapi

DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

iphlpapi

ConvertInterfaceNameToLuidW
GetNetworkParams
GetAdaptersAddresses
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToGuid

secur32

QueryContextAttributesW
ApplyControlToken
DeleteSecurityContext
FreeContextBuffer
EncryptMessage
DecryptMessage
FreeCredentialsHandle
InitializeSecurityContextW
AcquireCredentialsHandleW
AcceptSecurityContext

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertAddStoreToCollection
CertVerifyTimeValidity
CertOpenSystemStoreW
CertGetCertificateChain
CertFreeCertificateChain
CertFindChainInStore
PFXImportCertStore

bcrypt

BCryptDecrypt
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDestroyKey
BCryptOpenAlgorithmProvider

Exports

Exports

??0PlatformMethods@angle@@QEAA@XZ
??4PlatformMethods@angle@@QEAAAEAU01@$$QEAU01@@Z
??4PlatformMethods@angle@@QEAAAEAU01@AEBU01@@Z
ANGLEGetDisplayPlatform
ANGLEResetDisplayPlatform

Sections

.text
Size: 17.4MB - Virtual size: 17.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36.1MB - Virtual size: 36.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 563KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 925KB - Virtual size: 924KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecf8dba47ec39ab2f50b07b17946e5f8

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:11:c6:9a:75:1a:b5:3d:0c:4c:4d:18:b9:ed:0a:00Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:11:c6:9a:75:1a:b5:3d:0c:4c:4d:18:b9:ed:0a:00Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

6a:51:3f:1b:95:39:f0:39:8e:44:10:6c:66:f9:71:5a:b6:0a:27:c1:7b:15:14:5c:5e:32:ff:36:b8:1b:ce:9cSigner

91:af:0c:2c:0f:6c:5a:9d:65:4c:e3:4a:30:d1:be:80:c9:72:2f:1eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

dxgi

mpr

userenv

version

netapi32

imm32

winmm

ws2_32

d3d9

uxtheme

dwmapi

wtsapi32

iphlpapi

secur32

crypt32

bcrypt

Exports

Exports

Sections

.text Size: 17.4MB - Virtual size: 17.4MB

.rdata Size: 36.1MB - Virtual size: 36.1MB

.data Size: 563KB - Virtual size: 664KB

.pdata Size: 925KB - Virtual size: 924KB

.qtmetad Size: 2KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 159KB - Virtual size: 158KB

.reloc Size: 101KB - Virtual size: 100KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:11:c6:9a:75:1a:b5:3d:0c:4c:4d:18:b9:ed:0a:00
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:11:c6:9a:75:1a:b5:3d:0c:4c:4d:18:b9:ed:0a:00
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

6a:51:3f:1b:95:39:f0:39:8e:44:10:6c:66:f9:71:5a:b6:0a:27:c1:7b:15:14:5c:5e:32:ff:36:b8:1b:ce:9c
Signer

91:af:0c:2c:0f:6c:5a:9d:65:4c:e3:4a:30:d1:be:80:c9:72:2f:1e
Signer

.text
Size: 17.4MB - Virtual size: 17.4MB

.rdata
Size: 36.1MB - Virtual size: 36.1MB

.data
Size: 563KB - Virtual size: 664KB

.pdata
Size: 925KB - Virtual size: 924KB

.qtmetad
Size: 2KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 159KB - Virtual size: 158KB

.reloc
Size: 101KB - Virtual size: 100KB