ccccba08be21165cd10c07f4ffaa74e70baaaad879fdf918eea7cb73877dde68[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ccccba08be21165cd10c07f4ffaa74e70baaaad879fdf918eea7cb73877dde68.zip
Size

18.4MB
MD5

a6f2d83a4359b22ccbde960505a104d3
SHA1

679fc12e64c6f523155e0b5bc06376029241e24d
SHA256

ccccba08be21165cd10c07f4ffaa74e70baaaad879fdf918eea7cb73877dde68
SHA512

d59c55fb005501871359646f09467269661b633dbe3f567132be874ed9b5af425a8ad7cfb0e4be0f3e6b86a0c66dcb73307397840e676edda6c6bd03b021f6de
SSDEEP

393216:J1WlYQl8B/+nSOAjm3sNYR85mTSmYoc0EQPKSIG8H4YAgaEZPwhvDxW:JXQSn2YMuwYB9PHfZPwhQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/01XNFFZ
unpack001/NSS3.dll

Files

ccccba08be21165cd10c07f4ffaa74e70baaaad879fdf918eea7cb73877dde68.zip
.zip
01XNFFZ
.exe windows:6 windows x86 arch:x86

1656203879fed74ec9465a55553eda0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

/var/tmp/build/firefox-9194a262178e/obj-i686-w64-mingw32/toolkit/mozapps/update/updater/../../../../dist/bin/updater.pdb

Imports

nss3

ATOB_AsciiToData
BTOA_DataToAscii
CERT_DestroyCertificate
CERT_ExtractPublicKey
CERT_GetDefaultCertDB
CERT_NewTempCertificate
NSS_Initialize
NSS_NoDB_Init
NSS_Shutdown
PK11_FindCertFromNickname
PK11_FindKeyByAnyCert
PK11_GetTokenName
PK11_ProtectedAuthenticationPath
PK11_SetPasswordFunc
PK11_SignatureLen
PL_strdup
PORT_Free
PORT_Strdup
PORT_ZAlloc
PR_Close
PR_ErrorToName
PR_GetError
PR_GetSpecialFD
PR_Open
PR_Read
PR_fprintf
SECITEM_FreeItem
SECKEY_DestroyPrivateKey
SECKEY_DestroyPublicKey
SECKEY_PublicKeyStrength
SGN_Begin
SGN_DestroyContext
SGN_End
SGN_NewContext
SGN_Update
VFY_Begin
VFY_CreateContext
VFY_DestroyContext
VFY_EndWithSignature
VFY_Update

advapi32

AdjustTokenPrivileges
CreateProcessAsUserW
GetTokenInformation
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegGetValueW
RegSetValueExW

ws2_32

htonl
ntohl

shlwapi

PathAppendW
PathCanonicalizeW
PathCommonPrefixW
PathIsUNCServerShareW
PathRemoveFileSpecW
PathStripPathW
PathStripToRootW

gdi32

SelectObject

user32

CopyRect
DialogBoxParamW
DrawTextW
EndDialog
GetClientRect
GetDC
GetDesktopWindow
GetDlgItem
GetParent
GetWindowLongW
GetWindowRect
LoadIconW
OffsetRect
ReleaseDC
ScreenToClient
SendMessageW
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
WaitForInputIdle

api-ms-win-crt-convert-l1-1-0

_wtoi64
strtol
wcstol

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
_putenv
getenv

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_mkdir
_stat64
_waccess
_wchdir
_wchmod
_wmkdir
_wremove
_wrename
_wrmdir
_wstat64
remove

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_malloc
_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-private-l1-1-0

memchr
memcmp
memcpy
memmove
strchr
strrchr
wcschr
wcsrchr
wcsstr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_assert
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_register_thread_local_exe_atexit_callback
_set_app_type
_set_invalid_parameter_handler
_wperror
abort
exit
perror
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vswprintf
_fileno
_fseeki64
_ftelli64
_get_osfhandle
_isatty
_open
_wfopen
_wfopen_s
_write
fclose
ferror
fflush
fgetc
fgets
fopen
fputc
fputs
fread
fseek
ftell
fwrite
rewind

api-ms-win-crt-string-l1-1-0

_strdup
_wcsdup
_wcsicmp
_wcsnicmp
isxdigit
memset
strcmp
strcpy
strlen
strncmp
strncpy
strpbrk
strtok
wcscat
wcscat_s
wcscmp
wcscpy
wcscpy_s
wcslen
wcsncat
wcsncmp
wcsncpy
wcspbrk
wcstok_s

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
ActivateActCtx
CloseHandle
CopyFileW
CreateActCtxW
CreateFileW
CreateProcessW
CreateToolhelp32Snapshot
DeactivateActCtx
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FlsAlloc
FlsGetValue
FlsSetValue
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentThreadId
GetFileAttributesW
GetFullPathNameW
GetLastError
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetThreadId
GetTickCount
InitOnceExecuteOnce
InitializeCriticalSection
IsProcessInJob
IsProcessorFeaturePresent
K32EnumProcessModules
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
LockFile
MultiByteToWideChar
OpenProcess
Process32FirstW
Process32NextW
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSRWLockExclusive
ReleaseSRWLockShared
SetDllDirectoryW
SetEndOfFile
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
UnlockFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_localtime64
_mktime64
_time64
_tzset
strftime

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

api-ms-win-crt-utility-l1-1-0

rand_s

api-ms-win-crt-conio-l1-1-0

_getch

Sections

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 173B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gcc_exc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NSS3.dll
.dll windows:5 windows x86 arch:x86

8f81b5d42de412eabee21938786f34bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SafeArrayPtrOfIndex
GetErrorInfo

advapi32

RegQueryValueExW
RegUnLoadKeyW

user32

CharNextW
SetClassLongW
EnumDisplayMonitors

kernel32

GetVersion
GetProcAddress
GetVersionExW
GetVersion
Sleep

gdi32

UnrealizeObject

version

VerQueryValueW

mpr

WNetOpenEnumW

netapi32

NetApiBufferFree

ole32

OleUninitialize

comctl32

InitializeFlatSB

msvcrt

memset

shell32

Shell_NotifyIconW
SHGetFolderPathW

winspool.drv

OpenPrinterW
GetDefaultPrinterW

wsock32

WSACleanup

magnification

MagSetImageScalingCallback

Exports

Exports

ATOB_AsciiToData
ATOB_AsciiToData_Util
ATOB_ConvertAsciiToItem_Util
Address: 0x00001480
Address: 0x000014A0
Address: 0x000014C0
Address: 0x00001570
Address: 0x00001EB0
Address: 0x00001F50
Address: 0x00002BD0
Address: 0x00002CA0
Address: 0x00002D40
Address: 0x00002E40
Address: 0x00002E60
Address: 0x00002E80
Address: 0x00002FA0
Address: 0x00003160
Address: 0x000031B0
Address: 0x00003350
Address: 0x00003380
Address: 0x000033F0
Address: 0x00006910
Address: 0x000069C0
Address: 0x00006B10
Address: 0x00006BA0
Address: 0x00006C80
Address: 0x00007280
Address: 0x00009BE0
Address: 0x00009C10
Address: 0x0000AF50
Address: 0x0000B030
Address: 0x0000B100
Address: 0x0000B5C0
Address: 0x0000B600
Address: 0x0000E2D0
Address: 0x0000E3F0
Address: 0x0000E490
Address: 0x0000E5A0
Address: 0x0000E5E0
Address: 0x0000E630
Address: 0x0000E680
Address: 0x0000E6D0
Address: 0x0000E750
Address: 0x0000E790
Address: 0x0000E800
Address: 0x0000E840
Address: 0x0000E880
Address: 0x0000E8C0
Address: 0x0000EB20
Address: 0x0000EC80
Address: 0x0000ECE0
Address: 0x0000F070
Address: 0x0000F0B0
Address: 0x0000F0F0
Address: 0x0000F130
Address: 0x0000F1D0
Address: 0x0000F1F0
Address: 0x0000F2B0
Address: 0x0000F2E0
Address: 0x0000F310
Address: 0x0000F340
Address: 0x0000F400
Address: 0x0000F430
Address: 0x0000F590
Address: 0x0000F610
Address: 0x0000F7B0
Address: 0x0000F7D0
Address: 0x0000FA40
Address: 0x0000FAF0
Address: 0x0000FB40
Address: 0x0000FC70
Address: 0x0000FC90
Address: 0x0000FCB0
Address: 0x0000FD60
Address: 0x0000FE30
Address: 0x0000FF10
Address: 0x0000FFF0
Address: 0x000100B0
Address: 0x00010160
Address: 0x00010220
Address: 0x000102D0
Address: 0x00010400
Address: 0x00010420
Address: 0x00010460
Address: 0x000105C0
Address: 0x000107F0
Address: 0x00010870
Address: 0x000108E0
Address: 0x000109C0
Address: 0x00010A40
Address: 0x00010A70
Address: 0x00010CF0
Address: 0x00010E70
Address: 0x00010E90
Address: 0x00010EE0
Address: 0x00010F70
Address: 0x00010F90
Address: 0x00010FC0
Address: 0x00010FF0
Address: 0x00011010
Address: 0x00011070
Address: 0x00011130
Address: 0x00011150
Address: 0x00011730
Address: 0x000139C0
Address: 0x000143B0
Address: 0x00014910
Address: 0x00014A60
Address: 0x00015140
Address: 0x00015190
Address: 0x00015320
Address: 0x000153F0
Address: 0x00015620
Address: 0x00015960
Address: 0x000159C0
Address: 0x00015E80
Address: 0x00015F90
Address: 0x00016160
Address: 0x00017040
Address: 0x00017A00
Address: 0x00017AE0
Address: 0x00017AF0
Address: 0x00017B00
Address: 0x00017DF0
Address: 0x00017EB0
Address: 0x00018250
Address: 0x00018300
Address: 0x00018420
Address: 0x00018AB0
Address: 0x00018B20
Address: 0x00018B40
Address: 0x00018B70
Address: 0x00018B80
Address: 0x00018D60
Address: 0x00018F70
Address: 0x00018FF0
Address: 0x00019060
Address: 0x000191E0
Address: 0x00019220
Address: 0x00019480
Address: 0x00019520
Address: 0x000198B0
Address: 0x00019E80
Address: 0x00019EF0
Address: 0x00019F60
Address: 0x00019FD0
Address: 0x0001A4C0
Address: 0x0001A540
Address: 0x0001A720
Address: 0x0001A7A0
Address: 0x0001A890
Address: 0x0001A8E0
Address: 0x0001B050
Address: 0x0001B070
Address: 0x0001B1A0
Address: 0x0001B600
Address: 0x0001B730
Address: 0x0001B7A0
Address: 0x0001B810
Address: 0x0001C6E0
Address: 0x0001C770
Address: 0x0001C7D0
Address: 0x0001DB90
Address: 0x0001E170
Address: 0x0001E290
Address: 0x0001E3B0
Address: 0x000F71F0
Address: 0x000F7390
Address: 0x000F73B0
Address: 0x000F73E0
Address: 0x000F8A60
Address: 0x000F8AC0
Address: 0x000F8AF0
Address: 0x000F8B30
Address: 0x000F8B50
Address: 0x000F8B90
Address: 0x000F8D20
Address: 0x000F8ED0
Address: 0x000F8EE0
Address: 0x000F8EF0
Address: 0x000F8F90
Address: 0x000F8FE0
Address: 0x000F9080
Address: 0x000F9090
Address: 0x000F90B0
Address: 0x000F90D0
Address: 0x000F90F0
Address: 0x000F9130
Address: 0x000F9150
Address: 0x000F9170
Address: 0x000F91E0
Address: 0x000F9250
Address: 0x000F9300
Address: 0x000F9360
Address: 0x000F93C0
Address: 0x000F9510
Address: 0x000F98C0
Address: 0x000F9950
Address: 0x000F99B0
Address: 0x000F99D0
Address: 0x000F9A30
Address: 0x000F9AF0
Address: 0x000F9B10
Address: 0x000F9B30
Address: 0x000F9B50
Address: 0x000F9B70
Address: 0x000F9B90
Address: 0x000F9BB0
Address: 0x000F9BD0
Address: 0x000F9BF0
Address: 0x000F9C10
Address: 0x000F9C30
Address: 0x000F9C50
Address: 0x000F9C70
Address: 0x000F9C90
Address: 0x000F9CB0
Address: 0x000F9CD0
Address: 0x000F9CF0
Address: 0x000F9D20
Address: 0x000F9D50
Address: 0x000F9D90
Address: 0x000F9DC0
Address: 0x000F9DF0
Address: 0x000F9E20
Address: 0x000F9E50
Address: 0x000F9E70
Address: 0x000F9E90
Address: 0x000F9EB0
Address: 0x000F9ED0
Address: 0x000F9EF0
Address: 0x000F9FB0
Address: 0x000FA2D0
Address: 0x000FA2E0
Address: 0x000FA340
Address: 0x000FA360
Address: 0x000FA380
Address: 0x000FA4E0
Address: 0x000FA660
Address: 0x000FA6C0
Address: 0x000FA7F0
Address: 0x000FA800
Address: 0x000FA860
Address: 0x000FA8C0
Address: 0x000FAA00
Address: 0x000FABC0
Address: 0x000FAC20
Address: 0x000FAFA0
Address: 0x000FB000
Address: 0x000FB0B0
Address: 0x000FB140
Address: 0x000FB230
Address: 0x000FB2D0
Address: 0x000FB430
Address: 0x000FB880
Address: 0x000FB920
Address: 0x000FB9B0
Address: 0x000FBA30
Address: 0x000FBA50
Address: 0x000FBE30
Address: 0x000FBEE0
Address: 0x000FC010
Address: 0x000FC450
Address: 0x000FC9F0
Address: 0x000FCB60
Address: 0x000FCCB0
Address: 0x000FCE10
Address: 0x000FCE50
Address: 0x000FCEA0
Address: 0x000FCF90
Address: 0x000FD010
Address: 0x000FE020
Address: 0x000FE0D0
Address: 0x000FE170
Address: 0x000FEEC0
Address: 0x000FEF40
Address: 0x000FEF50
Address: 0x000FEFD0
Address: 0x000FEFE0
Address: 0x000FF040
Address: 0x000FF100
Address: 0x000FF230
Address: 0x000FF260
Address: 0x000FF380
Address: 0x000FF3A0
Address: 0x000FF3C0
Address: 0x000FF3E0
Address: 0x000FF400
Address: 0x000FF570
Address: 0x000FF5C0
Address: 0x000FF5E0
Address: 0x000FF600
Address: 0x000FF620
Address: 0x000FF680
Address: 0x000FF6C0
Address: 0x000FF6F0
Address: 0x000FF760
Address: 0x000FF7A0
Address: 0x000FFAF0
Address: 0x000FFBA0
Address: 0x000FFD30
Address: 0x000FFDC0
Address: 0x000FFE60
Address: 0x000FFEE0
Address: 0x000FFF00
Address: 0x001001B0
Address: 0x001001D0
Address: 0x00100300
Address: 0x00100410
Address: 0x00100450
Address: 0x001004F0
Address: 0x00100510
Address: 0x00100670
Address: 0x00102D30
Address: 0x00102D50
Address: 0x00102D70
Address: 0x00102D90
Address: 0x00102DB0
Address: 0x00102E20
Address: 0x00102F90
Address: 0x00104E40
Address: 0x00104E60
Address: 0x00104E80
Address: 0x001052D0
Address: 0x00105360
Address: 0x001053F0
Address: 0x00105420
Address: 0x00105480
Address: 0x00106FC0
Address: 0x00106FE0
Address: 0x00107010
Address: 0x00107040
Address: 0x00107070
Address: 0x00107090
Address: 0x001070C0
Address: 0x001070E0
Address: 0x00107100
Address: 0x00107120
Address: 0x00107140
Address: 0x001071F0
Address: 0x00107250
Address: 0x00107290
Address: 0x00107330
Address: 0x00109660
Address: 0x0010AB00
Address: 0x0010AE80
Address: 0x0010AED0
Address: 0x0010AF20
Address: 0x0010AF90
Address: 0x0010B000
Address: 0x0010B060
Address: 0x0010B080
Address: 0x0010B0A0
Address: 0x0010B130
Address: 0x0010B150
Address: 0x0010B190
Address: 0x0010B340
Address: 0x0010B390
Address: 0x0010B3A0
Address: 0x0010B410
Address: 0x0010B4E0
Address: 0x0010B4F0
Address: 0x0010B6E0
Address: 0x0010B700
Address: 0x0010B720
Address: 0x0010B730
Address: 0x0010B740
Address: 0x0010B750
Address: 0x0010B780
Address: 0x0010BA40
Address: 0x0010BA60
Address: 0x0010BAA0
Address: 0x0010BAF0
Address: 0x0010BB40
Address: 0x0010BB70
Address: 0x0010BBA0
Address: 0x0010BC20
Address: 0x0010BD60
Address: 0x0010BEC0
Address: 0x0010BEE0
Address: 0x0010BF30
Address: 0x0010BF50
Address: 0x0010BF70
Address: 0x0010BF90
Address: 0x0010C090
Address: 0x0010C1C0
Address: 0x0010C1E0
Address: 0x0010C200
Address: 0x0010C230
Address: 0x0010C270
Address: 0x0010C2B0
Address: 0x0010C2E0
Address: 0x0010C330
Address: 0x0010C3E0
Address: 0x0010C480
Address: 0x0010C4A0
Address: 0x0010C4C0
Address: 0x0010C4E0
Address: 0x0010C570
Address: 0x0010C5A0
Address: 0x0010C5E0
Address: 0x0010C990
Address: 0x0010CA50
Address: 0x0010CBE0
Address: 0x0010CE10
Address: 0x0010CF00
Address: 0x0010CFA0
Address: 0x0010D060
Address: 0x0010D180
Address: 0x0010D2C0
Address: 0x0010D2F0
Address: 0x0010D310
Address: 0x0010D330
Address: 0x0010D350
Address: 0x0010D370
Address: 0x0010D3A0
Address: 0x0010D4C0
Address: 0x0010D6B0
Address: 0x0010D740
Address: 0x0010D770
Address: 0x0010D8C0
Address: 0x0010D900
Address: 0x0010DF10
Address: 0x0010E530
Address: 0x0010E550
Address: 0x0010E560
Address: 0x0010E570
Address: 0x0010E580
Address: 0x0010E650
Address: 0x0010E690
Address: 0x0010E6E0
Address: 0x0010EBC0
Address: 0x0010ECF0
Address: 0x0010F070
Address: 0x0010F0A0
Address: 0x0010F3E0
Address: 0x0010F5B0
Address: 0x00110940
Address: 0x00110AA0
Address: 0x00110B40
Address: 0x001113E0
Address: 0x00111760
Address: 0x00111790
Address: 0x00112160
Address: 0x001121A0
Address: 0x00112370
Address: 0x00112530
Address: 0x00112560
Address: 0x00112590
Address: 0x00112660
Address: 0x00112810
Address: 0x00112B50
Address: 0x00112B90
Address: 0x00112C20
Address: 0x00112CC0
Address: 0x00112DD0
Address: 0x00112E50
Address: 0x00112E90
Address: 0x001131A0
Address: 0x00113400
Address: 0x00113410
Address: 0x00113770
Address: 0x001137D0
Address: 0x00113830
Address: 0x00113860
Address: 0x001138F0
Address: 0x00113920
Address: 0x00113B40
Address: 0x00113BE0
Address: 0x00113C30
Address: 0x00113C40
Address: 0x00113C70
Address: 0x00114AD0
Address: 0x00114CC0
Address: 0x00115470
Address: 0x00115490
Address: 0x001154B0
Address: 0x00115550
Address: 0x00115590
Address: 0x00115620
Address: 0x00115640
Address: 0x00115730
Address: 0x001158A0
Address: 0x00115930
Address: 0x00115A60
Address: 0x00115EE0
Address: 0x00115F40
Address: 0x00116080
Address: 0x001161C0
Address: 0x00116290
Address: 0x001163C0
Address: 0x00116470
Address: 0x001166D0
Address: 0x00116790
Address: 0x001167C0
Address: 0x00116870
Address: 0x00116890
Address: 0x00116950
Address: 0x001169B0
Address: 0x00116B40
Address: 0x00116B60

Sections

.text
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.j g
Size: - Virtual size: 30.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.R8b
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ji2
Size: 18.8MB - Virtual size: 18.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1656203879fed74ec9465a55553eda0a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

nss3

advapi32

ws2_32

shlwapi

gdi32

user32

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

api-ms-win-crt-time-l1-1-0

shell32

ole32

rpcrt4

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-conio-l1-1-0

Sections

.text Size: 227KB - Virtual size: 227KB

.rdata Size: 96KB - Virtual size: 95KB

.buildid Size: 512B - Virtual size: 173B

.data Size: 1KB - Virtual size: 10KB

.eh_fram Size: 49KB - Virtual size: 48KB

.gcc_exc Size: 1KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 96KB - Virtual size: 95KB

.reloc Size: 17KB - Virtual size: 16KB

8f81b5d42de412eabee21938786f34bc

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

mpr

netapi32

ole32

comctl32

msvcrt

shell32

winspool.drv

wsock32

magnification

Exports

Exports

Sections

.text Size: - Virtual size: 3.3MB

.itext Size: - Virtual size: 12KB

.data Size: - Virtual size: 65KB

.bss Size: - Virtual size: 29KB

.idata Size: - Virtual size: 16KB

.didata Size: - Virtual size: 2KB

.edata Size: - Virtual size: 111KB

.rdata Size: - Virtual size: 68B

.j g Size: - Virtual size: 30.3MB

.R8b Size: 512B - Virtual size: 228B

.ji2 Size: 18.8MB - Virtual size: 18.8MB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 227KB - Virtual size: 227KB

.rdata
Size: 96KB - Virtual size: 95KB

.buildid
Size: 512B - Virtual size: 173B

.data
Size: 1KB - Virtual size: 10KB

.eh_fram
Size: 49KB - Virtual size: 48KB

.gcc_exc
Size: 1KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 96KB - Virtual size: 95KB

.reloc
Size: 17KB - Virtual size: 16KB

.text
Size: - Virtual size: 3.3MB

.itext
Size: - Virtual size: 12KB

.data
Size: - Virtual size: 65KB

.bss
Size: - Virtual size: 29KB

.idata
Size: - Virtual size: 16KB

.didata
Size: - Virtual size: 2KB

.edata
Size: - Virtual size: 111KB

.rdata
Size: - Virtual size: 68B

.j g
Size: - Virtual size: 30.3MB

.R8b
Size: 512B - Virtual size: 228B

.ji2
Size: 18.8MB - Virtual size: 18.8MB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 2KB - Virtual size: 1KB