6dc09fbe0990568aa52f19a32e8fca30N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6dc09fbe0990568aa52f19a32e8fca30N.exe
Size

813KB
MD5

6dc09fbe0990568aa52f19a32e8fca30
SHA1

0259f566335076f66b19d3d170416a6abd08fe05
SHA256

ba8169bac90b3e05e92380ce98cee813c02a07ea64dd3229f13e45f83ec4bdb8
SHA512

deff117fa8a5bba2996efc1f02014c5b46e9acd84a72075e45654dd76ef8e6fe7c62c127f34cc47bbfd1c42e85af9779ea9cb4cf61039b016e0ee352abafe179
SSDEEP

12288:Bs1OxdHPZpes5uKMYgapxML8VQeHoQAu6YAWsoI+S2BjvrEH7h:QudHPZpes5uFFapfHAWYgrEH7h

Score

1^/10

Malware Config

Signatures

Files

6dc09fbe0990568aa52f19a32e8fca30N.exe
.dll windows:6 windows x86 arch:x86

767eab394dee5aec89dbd70507fcd16e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fb:fd:68:36:7c:23:94:31:b1:e5:c3:54:cc:0b:50
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26/09/2023, 00:00

Not After

29/09/2024, 23:59

Subject

SERIALNUMBER=110111-0725064,CN=HANCOM. INC\,,O=HANCOM. INC\,,L=Seongnam-si,ST=Gyeonggi-do,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:e4:c6:bd:47:9b:99:47:10:b7:05:be:78:da:95:86:39:3e:cf:73:b7:a2:4a:e6:11:0b:cd:57:6c:5a:40:32
Signer

Actual PE Digest

da:e4:c6:bd:47:9b:99:47:10:b7:05:be:78:da:95:86:39:3e:cf:73:b7:a2:4a:e6:11:0b:cd:57:6c:5a:40:32

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\HOffice130\Build\WindowsDesktopOffice\Bin\Plugin\HwpPlugin.pdb

Imports

kernel32

GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalSize
InitializeCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CloseHandle
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
HeapAlloc
HeapFree
FindClose
GetUserDefaultLCID
GetLocaleInfoW
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
GetCurrentThreadId
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
FreeLibrary
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
DecodePointer
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
MulDiv

user32

GetMessageTime
IsRectEmpty
GetClipboardData
SetClipboardData
GetCaretBlinkTime
GetKeyState
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
GetClassNameW
GetSysColor
EmptyClipboard
RedrawWindow
GetClassInfoExW
CreateAcceleratorTableW
ClientToScreen
GetParent
SetCapture
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
CreateWindowExW
SendMessageW
DestroyWindow
IsWindow
MoveWindow
CopyRect
PtInRect
SetRect
GetWindowRect
ScreenToClient
RegisterWindowMessageW
CloseClipboard
GetCapture
OffsetRect
OpenClipboard
PeekMessageW
SetTimer
KillTimer
CreateCaret
DestroyCaret
SetCaretPos
GetDoubleClickTime
MessageBeep
SetWindowPos
UnregisterClassW
CharNextW
GetKeyboardLayout
GetDesktopWindow

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegDeleteKeyW

ole32

StringFromGUID2
StringFromCLSID
OleUninitialize
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize

oleaut32

SysStringLen
SysAllocStringLen
SysAllocStringByteLen
SysAllocString
VariantInit
LoadRegTypeLi
SysStringByteLen
VariantClear
OleCreateFontIndirect
SysFreeString
LoadTypeLi
VarUI4FromStr

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

oleacc

LresultFromObject

vcruntime140

__std_exception_copy
__std_type_info_destroy_list
_except_handler4_common
memcpy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
__std_terminate
wcsstr
wcschr
memmove
memset
_purecall

api-ms-win-crt-string-l1-1-0

towupper
iswdigit
_wcsicmp
wcscpy_s
wcsncmp
_wcsnicmp
wcscat_s
iswascii
isdigit
_wcsupr_s
iswspace
wcsncpy_s
strcpy_s
iswalpha

api-ms-win-crt-heap-l1-1-0

_recalloc
malloc
free
_callnewh
realloc

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm
_cexit
_invalid_parameter_noinfo
_errno
_crt_atexit
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_seh_filter_dll
_configure_narrow_argv
_register_onexit_function
_initialize_narrow_environment
_initialize_onexit_table
_initterm_e

api-ms-win-crt-filesystem-l1-1-0

_wremove
_waccess
_waccess_s
_wmakepath_s

api-ms-win-crt-stdio-l1-1-0

fclose
fread
fwrite
fseek
_wfopen_s
__stdio_common_vswprintf_s

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-convert-l1-1-0

wcstol
_itow_s
_ultoa_s
_wtoi
_ltoa_s
_itoa_s
_wtol

gdi32

LineTo
DPtoLP
ExtCreatePen
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreatePen
SelectObject
DeleteObject
GetObjectW
BitBlt
DeleteDC
GetStockObject
MoveToEx
GetDeviceCaps
SelectClipRgn
CreateRectRgn
SetROP2

hncfoundation

?ReleaseBuffer@CHncStringW@@QAEHH@Z
?GetBuffer@CHncStringW@@QAEPAGH@Z
?RemoveAt@CHncPtrArray@@QAEXHH@Z
?SetAtGrow@CHncPtrArray@@QAEHHPAX@Z
??1CHncPtrArray@@QAE@XZ
??0CHncPtrArray@@QAE@XZ
_HncMstBeginThread@8
HncIsWindows
HncIntMulDiv
?IsEnUS@Framework@Hnc@@QBE_NXZ
?GetStringValue@CHncRegistry@@QAEHPBG0PAGH@Z
?UnlockBuffer@CHncStringW@@QAEXXZ
?LockBuffer@CHncStringW@@QAEPAGXZ
?MakeLower@CHncStringW@@QAEAAV1@XZ
?HncGetRegPath@@YAPBGHPAU_tagRegPathInfo@@H@Z
HncLoadLibraryModulePath
?GetBinaryValue@CHncRegistry@@QAEHPBG0PAEPAI@Z
?DeleteValue@CHncRegistry@@QAEHPBG0@Z
HncGetFileAttributes
HncAppendBackSlash
HncIsDarwin
HncIsMobile
HncCreateProcessObject
HncReleaseProcessObject
__UCSCHAR_TO_SURCHAR@4
GetArabicUnicodeLamAlefMapping
?HncGetJamoBlock@@YGHPBGHPAG11@Z
BidiResolveWhitespace
BidiAlgorithm
?HncJamoToHangulSyllable@@YGGGGG@Z
HncClassFromChN
?HncJamoToPUASyllable@@YGGGGG@Z
__SURCHAR_TO_UCSCHAR@4
GetBidiMirroredChar
BidiMirrored
HncBidiJoining
HncClassFromChWS
GetBidiShape
HncIsUnix
__MAKE_UCSCHAR@8
??0CHncMArrayBase@@QAE@HH@Z
??1CHncMArrayBase@@UAE@XZ
?FreeExtra@CHncMArrayBase@@QAEXXZ
?_Assign@CHncMArrayBase@@MAEHPAXPBX@Z
?_Compare@CHncMArrayBase@@MAEHPBX0J@Z
?_MakeRoom@CHncMArrayBase@@AAEHHH@Z
?_GetPtr@CHncMArrayBase@@ABEPAXH@Z
?HncMakeNumString@@YGXIHPAGIPBGH@Z
_HncCheckTabletOfficePackage@0
??0CHncStringA@@QAE@XZ
?Assign@CHncStringA@@QAEHPBD@Z
??1CHncStringA@@QAE@XZ
?Assign@CHncStringW@@QAEHPBGH_N@Z
?Right@CHncStringW@@QBE?AV1@H@Z
?TrimRight@CHncStringW@@QAEAAV1@XZ
?ReverseFind@CHncStringW@@QBEHG@Z
?Replace@CHncStringW@@QAEHGG@Z
?GetBufferSetLength@CHncStringW@@QAEPAGH@Z
_GetUnicodeCategory@4
HncUnicodeToAnsi
?IsOption@Framework@Hnc@@QBE_NABVCHncStringW@@@Z
?GetResource@Hnc@@YAAAVResourceProxy@1@XZ
??1CHncStringW@@QAE@XZ
?Assign@CHncStringW@@QAEHABV1@@Z
?HncCreateParameterSet@@YAPAUIHncParameterSet@@I@Z
_HncGetMstMode@0
??0CHncStringW@@QAE@XZ
??0CHncStringW@@QAE@PBG@Z
?ParamClear@tagHNCPARAM@@QAEXXZ
??0CHncStringParameterSet@@QAE@XZ
??1CHncStringParameterSet@@UAE@XZ
?Assign@CHncStringW@@QAEHPBG@Z
?SetBuffer@CHncStringParameterSet@@QAEHPBGH@Z
?GetItemSet@CHncStringParameterSet@@QBEHPBGAAV1@@Z
?GetWString@CHncStringParameterSet@@QBEHPBGAAVCHncStringW@@@Z
HncSetError
??0CHncRegistry@@QAE@H@Z
??1CHncRegistry@@UAE@XZ
?SetRegistryKey@CHncRegistry@@QAEXPBGPAUHKEY__@@@Z
?HncGetRegPath@@YAPBGW4HncRegPathID@@@Z
?GetStringValue@CHncRegistry@@QAEHPBG0AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
HncLoadLibrary
?Format@CHncStringW@@QAAHPBGZZ
??0CHncRegistry@@QAE@PBGPAUHKEY__@@H@Z
HncFileExist
HncRegOpenKeyEx
HncRegCreateKeyEx
HncRegQueryValueEx
HncRegSetValueEx
HncRegCloseKey
?IsKoKR@Framework@Hnc@@QBE_NXZ
?GetFramework@Hnc@@YAAAVFramework@1@XZ
??0CHncStringW@@QAE@ABV0@@Z
?Concat@CHncStringW@@QAEHABV1@@Z
?Concat@CHncStringW@@QAEHPBG@Z
HncPathCreate
HncAnsiToUnicode
?SetBool@CHncStringParameterSet@@QAEHPBGH@Z
?SetInteger@CHncStringParameterSet@@QAEHPBGH@Z
?GetInt@CHncStringParameterSet@@QBEHPBGPAH@Z
?GetWString@CHncStringParameterSet@@QBEHPBGAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?GetBuffer@CHncStringParameterSet@@QAEPBGXZ
?SetWString@CHncStringParameterSet@@QAEHPBG0@Z
?SetItemSet@CHncStringParameterSet@@QAEHAAV1@@Z
?SetUint@CHncStringParameterSet@@QAEHPBGI@Z
?SetSetName@CHncStringParameterSet@@QAEXPBG@Z
?GetUint@CHncStringParameterSet@@QBEHPBGPAI@Z
?FindOneOf@CHncStringW@@QBEHPBG@Z
?Find@CHncStringW@@QBEHG@Z
?Mid@CHncStringW@@QBE?AV1@H@Z
?Mid@CHncStringW@@QBE?AV1@HH@Z
?TrimRight@CHncStringW@@QAEAAV1@G@Z
?MakeUpper@CHncStringW@@QAEAAV1@XZ
?Replace@CHncStringW@@QAEHPBG0@Z
HncFindNextFile
HncFindFirstFile
HncExistDir
?Find@CHncStringW@@QBEHPBG@Z
?TrimLeft@CHncStringW@@QAEAAV1@XZ
?SpanExcluding@CHncStringW@@QBE?AV1@PBG@Z
?ConcatCopy@CHncStringW@@IAEHHPBGH0@Z
?Left@CHncStringW@@QBE?AV1@H@Z
HncPathToAbsolute
?Concat@CHncStringW@@QAEHG@Z
?Empty@CHncStringW@@QAEHXZ
HncGetError

api-ms-win-crt-math-l1-1-0

_libm_sse2_sin_precise
ceil
_libm_sse2_cos_precise
_libm_sse2_log_precise

Exports

Exports

??0CHncAABase@@QAE@ABV0@@Z
??0CHncAABase@@QAE@XZ
??1CHncAABase@@UAE@XZ
??4CHncAABase@@QAEAAV0@ABV0@@Z
??_7CHncAABase@@6B@
?DisconnectAll@CHncAABase@@UAGJXZ
?GetAccessibleBySubType@CHncAABase@@UAEPAV1@J@Z
?QueryAccessibleProxyInterface@CHncAABase@@QAEJPAPAUIHncAccessibleProxy@@@Z
?QueryDispatchInterface@CHncAABase@@QAEJPAPAUIDispatch@@@Z
?QueryDispatchInterface@CHncAABase@@SAJPAV1@PAPAUIDispatch@@@Z
?__autoclassinit2@CHncAABase@@QAEXI@Z
?accDoDefaultAction@CHncAABase@@UAGJUtagVARIANT@@@Z
?accDoDefaultAction_child@CHncAABase@@UAEJJ@Z
?accDoDefaultAction_self@CHncAABase@@UAEJXZ
?accHitTest@CHncAABase@@UAGJJJPAUtagVARIANT@@@Z
?accHitTestByLocation@CHncAABase@@QAEJJJPAUtagVARIANT@@@Z
?accLocation@CHncAABase@@UAGJPAJ000UtagVARIANT@@@Z
?accLocation_child@CHncAABase@@UAEJJAAUtagRECT@@@Z
?accLocation_self@CHncAABase@@UAEJAAUtagRECT@@@Z
?accNavigate@CHncAABase@@UAGJJUtagVARIANT@@PAU2@@Z
?accSelect@CHncAABase@@UAGJJUtagVARIANT@@@Z
?accSelect_child@CHncAABase@@UAEJJJ@Z
?accSelect_self@CHncAABase@@UAEJJ@Z
?get_accChild@CHncAABase@@UAGJUtagVARIANT@@PAPAUIDispatch@@@Z
?get_accChildCount@CHncAABase@@UAGJPAJ@Z
?get_accChild_child@CHncAABase@@UAEJJPAPAUIDispatch@@@Z
?get_accChild_self@CHncAABase@@UAEJPAPAUIDispatch@@@Z
?get_accDefaultAction@CHncAABase@@UAGJUtagVARIANT@@PAPAG@Z
?get_accDefaultAction_child@CHncAABase@@UAEJJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?get_accDefaultAction_self@CHncAABase@@UAEJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?get_accDescription@CHncAABase@@UAGJUtagVARIANT@@PAPAG@Z
?get_accDescription_child@CHncAABase@@UAEJJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?get_accDescription_self@CHncAABase@@UAEJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?get_accFocus@CHncAABase@@UAGJPAUtagVARIANT@@@Z
?get_accFocus_self@CHncAABase@@UAEJAAJ@Z
?get_accHelp@CHncAABase@@UAGJUtagVARIANT@@PAPAG@Z
?get_accHelpTopic@CHncAABase@@UAGJPAPAGUtagVARIANT@@PAJ@Z
?get_accHelpTopic_child@CHncAABase@@UAEJJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAJ@Z
?get_accHelpTopic_self@CHncAABase@@UAEJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAJ@Z
?get_accHelp_child@CHncAABase@@UAEJJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?get_accHelp_self@CHncAABase@@UAEJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?get_accKeyboardShortcut@CHncAABase@@UAGJUtagVARIANT@@PAPAG@Z
?get_accKeyboardShortcut_child@CHncAABase@@UAEJJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?get_accKeyboardShortcut_self@CHncAABase@@UAEJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?get_accName@CHncAABase@@UAGJUtagVARIANT@@PAPAG@Z
?get_accName_child@CHncAABase@@UAEJJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?get_accName_self@CHncAABase@@UAEJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?get_accParent@CHncAABase@@UAGJPAPAUIDispatch@@@Z
?get_accRole@CHncAABase@@UAGJUtagVARIANT@@PAU2@@Z
?get_accRole_child@CHncAABase@@UAEJJAAJ@Z
?get_accRole_self@CHncAABase@@UAEJAAJ@Z
?get_accSelection@CHncAABase@@UAGJPAUtagVARIANT@@@Z
?get_accSelection_self@CHncAABase@@UAEJAAJ@Z
?get_accState@CHncAABase@@UAGJUtagVARIANT@@PAU2@@Z
?get_accState_child@CHncAABase@@UAEJJAAJ@Z
?get_accState_self@CHncAABase@@UAEJAAJ@Z
?get_accValue@CHncAABase@@UAGJUtagVARIANT@@PAPAG@Z
?get_accValue_child@CHncAABase@@UAEJJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?get_accValue_self@CHncAABase@@UAEJAAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?haccUnregister@CHncAABase@@UAGJXZ
?put_accName@CHncAABase@@UAGJUtagVARIANT@@PAG@Z
?put_accValue@CHncAABase@@UAGJUtagVARIANT@@PAG@Z
?set_haccParent@CHncAABase@@QAEJPAV1@@Z
HwpGetPlugin

Sections

.text
Size: 558KB - Virtual size: 558KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

767eab394dee5aec89dbd70507fcd16e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:fb:fd:68:36:7c:23:94:31:b1:e5:c3:54:cc:0b:50Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

da:e4:c6:bd:47:9b:99:47:10:b7:05:be:78:da:95:86:39:3e:cf:73:b7:a2:4a:e6:11:0b:cd:57:6c:5a:40:32Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp140

oleacc

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

gdi32

hncfoundation

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 558KB - Virtual size: 558KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 13KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 33KB - Virtual size: 32KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:fb:fd:68:36:7c:23:94:31:b1:e5:c3:54:cc:0b:50
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

da:e4:c6:bd:47:9b:99:47:10:b7:05:be:78:da:95:86:39:3e:cf:73:b7:a2:4a:e6:11:0b:cd:57:6c:5a:40:32
Signer

.text
Size: 558KB - Virtual size: 558KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 13KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 33KB - Virtual size: 32KB