26a97e1d24378437d35a706a5f1e3900N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

26a97e1d24378437d35a706a5f1e3900N.exe
Size

385KB
MD5

26a97e1d24378437d35a706a5f1e3900
SHA1

f8df412eb815f60612e33782cc516388d08f9185
SHA256

975e1e2c256e69c80eeb89ce94a6faeb3a1ced05b647bc2ea939ba5b88cf6f1c
SHA512

ebc8bc848ecc854430f5c405eecd9e2add1de1eca5291486229dda60232c463fb33ca1e965ac8cbdef3caac8e17edcf3f4f856bf4fed3657ef1929d6dd26a892
SSDEEP

6144:lLCaVtgAR/6jo8dR1GNt8f4l5dTEu8mqwdZ3aGohZWldKN/XEkt9:cAR/Clf4lD8MqHP/Xjt9

Score

1^/10

Malware Config

Signatures

Files

26a97e1d24378437d35a706a5f1e3900N.exe
.dll windows:6 windows x86 arch:x86

aae118151442567427edd578570d0ae0

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:31:e2:bf:18:5b:7f:ec:ee:f4:39:27:12:a8:6d:5e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/08/2023, 00:00

Not After

16/08/2026, 23:59

Subject

SERIALNUMBER=31333532,CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302534b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:b8:c3:0e:c8:9e:38:45:f9:18:56:9e:d4:9d:df:94:69:99:13:ae
Certificate

Issuer

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

13/07/2023, 00:00

Not After

15/07/2026, 00:00

Subject

CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

17/07/2020, 00:00

Not After

17/07/2030, 00:00

Subject

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

15/07/2020, 00:00

Not After

15/07/2045, 00:00

Subject

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:1b:95:25:17:c8:de:e2:27:42:79:ec:df:05:5d:81:0b:2e:c3:fe
Certificate

Issuer

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

12/07/2023, 00:00

Not After

16/07/2026, 00:00

Subject

CN=ESET Timestamp,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

16/07/2020, 00:00

Not After

16/07/2030, 00:00

Subject

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:a1:17:29:b6:90:43:29:c2:c4:ff:e5:34:ad:14:75:c8:b9:a6:05:90:78:54:ab:be:21:de:bd:aa:6e:08:3a
Signer

Actual PE Digest

39:a1:17:29:b6:90:43:29:c2:c4:ff:e5:34:ad:14:75:c8:b9:a6:05:90:78:54:ab:be:21:de:bd:aa:6e:08:3a

Digest Algorithm

sha256

PE Digest Matches

true

39:a1:17:29:b6:90:43:29:c2:c4:ff:e5:34:ad:14:75:c8:b9:a6:05:90:78:54:ab:be:21:de:bd:aa:6e:08:3a
Signer

Actual PE Digest

39:a1:17:29:b6:90:43:29:c2:c4:ff:e5:34:ad:14:75:c8:b9:a6:05:90:78:54:ab:be:21:de:bd:aa:6e:08:3a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ekrnHips.pdb

Imports

protobuflite

?EnsureSpace@EpsCopyOutputStream@io@protobuf@google@@QAEPAEPAE@Z
?Destroy@ArenaStringPtr@internal@protobuf@google@@QAEXXZ
?WriteRaw@EpsCopyOutputStream@io@protobuf@google@@QAEPAEPBXHPAE@Z
?WriteVarint32ToArray@CodedOutputStream@io@protobuf@google@@SAPAEIPAE@Z
?AllocateAlignedWithHook@Arena@protobuf@google@@AAEPAXIIPBVtype_info@@@Z
?VarintParseSlow32@internal@protobuf@google@@YA?AU?$pair@PBDI@std@@PBDI@Z
?fixed_address_empty_string@internal@protobuf@google@@3V?$ExplicitlyConstructed@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$07@123@A
?VerifyUTF8@internal@protobuf@google@@YA_NVStringPiece@stringpiece_internal@23@PBD@Z
??0MessageLite@protobuf@google@@QAE@XZ
?OnDemandRegisterArenaDtor@MessageLite@protobuf@google@@UAEXPAVArena@23@@Z
??0MessageLite@protobuf@google@@IAE@PAVArena@12@_N@Z
??1MessageLite@protobuf@google@@UAE@XZ
?LengthDelimitedSize@WireFormatLite@internal@protobuf@google@@SAII@Z
?Set@ArenaStringPtr@internal@protobuf@google@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAVArena@34@@Z
?VerifyUtf8String@WireFormatLite@internal@protobuf@google@@SA_NPBDHW4Operation@1234@0@Z
?InlineGreedyStringParser@internal@protobuf@google@@YAPBDPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDPAVParseContext@123@@Z
?Done@ParseContext@internal@protobuf@google@@QAE_NPAPBD@Z
??0CachedSize@internal@protobuf@google@@QAE@XZ
?AllocateAlignedWithCleanup@Arena@protobuf@google@@AAE?AU?$pair@PAXPAUCleanupNode@SerialArena@internal@protobuf@google@@@std@@IPBVtype_info@@@Z
?InitializationErrorString@MessageLite@protobuf@google@@UBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?InternalWriteMessage@WireFormatLite@internal@protobuf@google@@SAPAEHABVMessageLite@34@HPAEPAVEpsCopyOutputStream@io@34@@Z
?ReadTagFallback@internal@protobuf@google@@YA?AU?$pair@PBDI@std@@PBDI@Z
?Mutable@ArenaStringPtr@internal@protobuf@google@@QAEPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAVArena@34@@Z
?ClearToEmpty@ArenaStringPtr@internal@protobuf@google@@QAEXXZ
??$DoClear@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@InternalMetadata@internal@protobuf@google@@AAEXXZ
??$DoMergeFrom@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@InternalMetadata@internal@protobuf@google@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?VarintParseSlow64@internal@protobuf@google@@YA?AU?$pair@PBD_K@std@@PBDI@Z
?ParseMessage@ParseContext@internal@protobuf@google@@QAEPBDPAVMessageLite@34@PBD@Z
?UnknownFieldParse@internal@protobuf@google@@YAPBDIPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDPAVParseContext@123@@Z
?Reserve@?$RepeatedField@_K@protobuf@google@@QAEXH@Z
?AddOutOfLineHelper@RepeatedPtrFieldBase@internal@protobuf@google@@AAEPAXPAX@Z
?ParseFromString@MessageLite@protobuf@google@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?size@?$RepeatedField@_K@protobuf@google@@QBEHXZ
?Add@?$RepeatedField@_J@protobuf@google@@QAEXAB_J@Z
?GetArenaForAllocation@MessageLite@protobuf@google@@IBEPAVArena@23@XZ
?SerializeWithCachedSizesToArray@MessageLite@protobuf@google@@QBEPAEPAE@Z
?Set@ArenaStringPtr@internal@protobuf@google@@QAEX$$QAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAVArena@34@@Z
?Set@CachedSize@internal@protobuf@google@@QAEXH@Z
?DestroyProtos@RepeatedPtrFieldBase@internal@protobuf@google@@IAEXXZ
?StringSize@WireFormatLite@internal@protobuf@google@@SAIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?EnumSize@WireFormatLite@internal@protobuf@google@@SAIH@Z
?UInt64Size@WireFormatLite@internal@protobuf@google@@SAI_K@Z
?UInt32Size@WireFormatLite@internal@protobuf@google@@SAII@Z
?MergeFromInternal@RepeatedPtrFieldBase@internal@protobuf@google@@AAEXABV1234@P81234@AEXPAPAX1HH@Z@Z
??1RepeatedPtrFieldBase@internal@protobuf@google@@IAE@XZ
?InitDefault@ArenaStringPtr@internal@protobuf@google@@QAEXXZ
??0ArenaStringPtr@internal@protobuf@google@@QAE@PAV?$ExplicitlyConstructed@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$07@123@UConstantInitialized@123@@Z
?WriteVarint32SignExtendedToArray@CodedOutputStream@io@protobuf@google@@SAPAEHPAE@Z
?WriteVarint64ToArray@CodedOutputStream@io@protobuf@google@@SAPAE_KPAE@Z
?WriteStringMaybeAliased@EpsCopyOutputStream@io@protobuf@google@@QAEPAEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAE@Z
?data@?$RepeatedField@_K@protobuf@google@@QBEPB_KXZ
?MergeFrom@?$RepeatedField@_K@protobuf@google@@QAEXABV123@@Z
?Clear@?$RepeatedField@_K@protobuf@google@@QAEXXZ
?Add@?$RepeatedField@_K@protobuf@google@@QAEXAB_K@Z
??1?$RepeatedField@_K@protobuf@google@@QAE@XZ
??0?$RepeatedField@_K@protobuf@google@@QAE@PAVArena@12@@Z
?PackedSInt64Parser@internal@protobuf@google@@YAPBDPAXPBDPAVParseContext@123@@Z
?PackedUInt64Parser@internal@protobuf@google@@YAPBDPAXPBDPAVParseContext@123@@Z
?SInt64Size@WireFormatLite@internal@protobuf@google@@SAIABV?$RepeatedField@_J@34@@Z
?UInt64Size@WireFormatLite@internal@protobuf@google@@SAIABV?$RepeatedField@_K@34@@Z
?data@?$RepeatedField@_J@protobuf@google@@QBEPB_JXZ
?MergeFrom@?$RepeatedField@_J@protobuf@google@@QAEXABV123@@Z
?Clear@?$RepeatedField@_J@protobuf@google@@QAEXXZ
?size@?$RepeatedField@_J@protobuf@google@@QBEHXZ
??1?$RepeatedField@_J@protobuf@google@@QAE@XZ
??0?$RepeatedField@_J@protobuf@google@@QAE@PAVArena@12@@Z
?SInt64SizePlusOne@WireFormatLite@internal@protobuf@google@@SAI_J@Z
?SInt32SizePlusOne@WireFormatLite@internal@protobuf@google@@SAIH@Z
?UInt64SizePlusOne@WireFormatLite@internal@protobuf@google@@SAI_K@Z
?Int32Size@WireFormatLite@internal@protobuf@google@@SAIH@Z
?GetEmptyStringAlreadyInited@internal@protobuf@google@@YAABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?ZigZagEncode64@EpsCopyOutputStream@io@protobuf@google@@CA_K_J@Z
?Encode64@EpsCopyOutputStream@io@protobuf@google@@CA_K_K@Z
?ParseFromArray@MessageLite@protobuf@google@@QAE_NPBXH@Z
?Int64SizePlusOne@WireFormatLite@internal@protobuf@google@@SAI_J@Z
?Int32SizePlusOne@WireFormatLite@internal@protobuf@google@@SAIH@Z
?WriteBytesMaybeAliased@EpsCopyOutputStream@io@protobuf@google@@QAEPAEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAE@Z
?UInt32SizePlusOne@WireFormatLite@internal@protobuf@google@@SAII@Z
?BytesSize@WireFormatLite@internal@protobuf@google@@SAIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Get@CachedSize@internal@protobuf@google@@QBEHXZ

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
FlushFileBuffers
SetFilePointer
SetEndOfFile
WriteFile
GetCurrentProcess
GetCurrentThread
DeleteTimerQueueTimer
CreateTimerQueueTimer
SetEvent
LockResource
LoadResource
FindResourceExW
LocalFree
GetExitCodeThread
WaitForSingleObject
SetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
GetCurrentProcessId
InitializeSListHead

advapi32

GetTokenInformation
RevertToSelf
DuplicateTokenEx
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
SetThreadToken
FreeSid
EqualSid
AllocateAndInitializeSid
OpenProcessToken
OpenThreadToken

msvcp140

?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
?_Random_device@std@@YAIXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exceptions@std@@YAHXZ
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Thrd_join
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
_Cnd_do_broadcast_at_thread_exit

msvcp140_atomic_wait

__std_atomic_wait_direct
__std_atomic_notify_all_direct

vcruntime140

_purecall
wcschr
_except_handler4_common
_CxxThrowException
memset
__std_type_info_destroy_list
wcsrchr
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
memmove
memcpy
__CxxFrameHandler3

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf_p

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcsnlen
wcsncpy_s
_wcsicmp
wcscat_s
strnlen
toupper

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
abort
_beginthreadex
_invalid_parameter_noinfo_noreturn
terminate

api-ms-win-crt-heap-l1-1-0

_callnewh
free
realloc
malloc

api-ms-win-crt-convert-l1-1-0

wcstoll
strtoll
wcstod
strtod

api-ms-win-crt-time-l1-1-0

_time64

Exports

Exports

NODIoctl
NODIoctlV2

Sections

.text
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aae118151442567427edd578570d0ae0

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:31:e2:bf:18:5b:7f:ec:ee:f4:39:27:12:a8:6d:5eCertificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

34:b8:c3:0e:c8:9e:38:45:f9:18:56:9e:d4:9d:df:94:69:99:13:aeCertificate

Extended Key Usages

Key Usages

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8Certificate

Extended Key Usages

Key Usages

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34Certificate

Key Usages

01:1b:95:25:17:c8:de:e2:27:42:79:ec:df:05:5d:81:0b:2e:c3:feCertificate

Extended Key Usages

Key Usages

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38Certificate

Extended Key Usages

Key Usages

39:a1:17:29:b6:90:43:29:c2:c4:ff:e5:34:ad:14:75:c8:b9:a6:05:90:78:54:ab:be:21:de:bd:aa:6e:08:3aSigner

39:a1:17:29:b6:90:43:29:c2:c4:ff:e5:34:ad:14:75:c8:b9:a6:05:90:78:54:ab:be:21:de:bd:aa:6e:08:3aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

protobuflite

kernel32

advapi32

msvcp140

msvcp140_atomic_wait

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 286KB - Virtual size: 286KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 2KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 17KB - Virtual size: 17KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:31:e2:bf:18:5b:7f:ec:ee:f4:39:27:12:a8:6d:5e
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

34:b8:c3:0e:c8:9e:38:45:f9:18:56:9e:d4:9d:df:94:69:99:13:ae
Certificate

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

3d:1f:d8:47:f9:7a:4d:60:55:54:9f:7c:d2:22:cf:46:53:9e:7b:34
Certificate

01:1b:95:25:17:c8:de:e2:27:42:79:ec:df:05:5d:81:0b:2e:c3:fe
Certificate

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

39:a1:17:29:b6:90:43:29:c2:c4:ff:e5:34:ad:14:75:c8:b9:a6:05:90:78:54:ab:be:21:de:bd:aa:6e:08:3a
Signer

39:a1:17:29:b6:90:43:29:c2:c4:ff:e5:34:ad:14:75:c8:b9:a6:05:90:78:54:ab:be:21:de:bd:aa:6e:08:3a
Signer

.text
Size: 286KB - Virtual size: 286KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 2KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 17KB - Virtual size: 17KB