2024-08-06_777674373c2ed05cce372f799ea33afc_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-06_777674373c2ed05cce372f799ea33afc_ryuk
Size

2.9MB
MD5

777674373c2ed05cce372f799ea33afc
SHA1

27fceb04ee6e06067c1cec838d1d2482c6a4d2cd
SHA256

62abd4eaf5b4fbcf8a322b20a71b7e1cc9f0072641ba03d34c2091b4f385387e
SHA512

ad32ff6c361f8d5b562b3e87df36556d62e955aacead0c53d90ac920bf53f29307720682cabae15168999fd8179ea1f3615c83e7681346ef67b598ae89128238
SSDEEP

49152:sQmsKBkLSnXUWCpU1WJDva/3HP9JbfmLSKlMPGVTcAGWSIXkSLdfTsU:shfIDvAK0VAGWjXHdb1

Score

1^/10

Malware Config

Signatures

Files

2024-08-06_777674373c2ed05cce372f799ea33afc_ryuk
.exe windows:5 windows x64 arch:x64

556936afb6d925210c726d55508e0087

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:29:27:90:28:8b:00:e3:b5:3d:86:04:76:4d:ff:4b
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/08/2019, 00:00

Not After

01/09/2022, 12:00

Subject

SERIALNUMBER=913101105574930924,CN=Shanghai Romex Information Technology Co.\,Ltd.,O=Shanghai Romex Information Technology Co.\,Ltd.,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:af:de:7b:07:6f:79:b9:01:e3:5b:38:d6:7e:a6:27
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/08/2019, 00:00

Not After

01/09/2022, 12:00

Subject

SERIALNUMBER=913101105574930924,CN=Shanghai Romex Information Technology Co.\,Ltd.,O=Shanghai Romex Information Technology Co.\,Ltd.,L=Shanghai,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:24:55:b5:43:7c:c6:c9:38:63:cc:6e:bd:b1:7e:00:70:da:86:f5:75:e7:8e:00:f0:a5:c1:31:27:d0:a9:00
Signer

Actual PE Digest

d0:24:55:b5:43:7c:c6:c9:38:63:cc:6e:bd:b1:7e:00:70:da:86:f5:75:e7:8e:00:f0:a5:c1:31:27:d0:a9:00

Digest Algorithm

sha256

PE Digest Matches

true

55:ef:4c:fc:25:e1:a7:1e:c9:81:7f:53:37:c5:1b:a1:7d:7b:f9:8b
Signer

Actual PE Digest

55:ef:4c:fc:25:e1:a7:1e:c9:81:7f:53:37:c5:1b:a1:7d:7b:f9:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\PROJECT\FancyRamdisk\release\exe\amd64\rxprd.pdb

Imports

setupapi

SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiClassGuidsFromNameW

kernel32

IsDebuggerPresent
IsProcessorFeaturePresent
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetStringTypeW
GetStartupInfoW
ReadConsoleInputW
PeekNamedPipe
GetACP
ExitProcess
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineA
RtlUnwindEx
TerminateProcess
WriteConsoleW
GetConsoleMode
GetStdHandle
DeleteVolumeMountPointW
GetVolumePathNamesForVolumeNameW
SetVolumeMountPointW
GetSystemWindowsDirectoryW
GetSystemTime
GetSystemInfo
OutputDebugStringW
QueryPerformanceCounter
InitializeSListHead
SetConsoleMode
SizeofResource
HeapFree
InitializeCriticalSectionAndSpinCount
GetVersionExW
HeapSize
GetLastError
LockResource
HeapReAlloc
RaiseException
LoadResource
FindResourceW
HeapAlloc
DecodePointer
DeleteCriticalSection
GetComputerNameW
GetProcessHeap
WideCharToMultiByte
GetSystemTimeAsFileTime
GetLogicalDrives
GlobalMemoryStatusEx
GetDriveTypeW
GetVolumeInformationW
SetLastError
lstrlenW
GetFileAttributesW
CreateFileW
CloseHandle
DeviceIoControl
SetEndOfFile
Sleep
SetFilePointerEx
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
SetVolumeLabelW
GetDiskFreeSpaceExW
GetCommandLineW
CreateMutexW
GetModuleHandleW
MultiByteToWideChar
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
GetUserDefaultLCID
GetDiskFreeSpaceW
SearchPathW
GetProfileIntW
GetTickCount
LocalFree
MulDiv
FormatMessageW
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
FindResourceExW
lstrcpyW
VirtualProtect
GlobalFindAtomW
FreeResource
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
CreateEventW
WaitForSingleObject
SetEvent
GetSystemDirectoryW
EncodePointer
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetCurrentProcessId
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GlobalGetAtomNameW
SetErrorMode
lstrcmpW
lstrcmpA
GlobalDeleteAtom
FreeLibrary
GetCurrentThreadId
GetCurrentThread
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
lstrcmpiW
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
OutputDebugStringA
WriteFile
UnlockFile
SetFilePointer
ReadFile
LockFile
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
CopyFileW
RtlPcToFileHeader

user32

InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UpdateLayeredWindow
UnionRect
DrawIcon
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
SetWindowRgn
SetClassLongPtrW
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
UnpackDDElParam
LoadImageW
TrackMouseEvent
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
IntersectRect
InflateRect
GetMenuItemInfoW
DestroyMenu
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
EqualRect
DefFrameProcW
DefMDIChildProcW
SendMessageW
CharNextW
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
TranslateMDISysAccel
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
CharUpperW
CharPrevW
BroadcastSystemMessageW
GetSystemMetrics
PostMessageW
PostQuitMessage
GetWindowTextW
GetWindowTextLengthW
UnhookWindowsHookEx
EnableWindow
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetLastActivePopup
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorW
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetClientRect
CopyImage
SystemParametersInfoW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
ShowOwnedPopups
SetCursor
DeleteMenu
GetDlgCtrlID
SetWindowTextW
GetWindowRect
ClientToScreen
PtInRect
GetDesktopWindow
GetClassNameW
GetWindow
RealChildWindowFromPoint
SetTimer
KillTimer
UpdateWindow
InvalidateRect
DrawTextW
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
GetPropW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
ScreenToClient
FillRect
SetFocus
TrackPopupMenu
SetMenu
GetMenu
GetCapture
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
DestroyIcon
IsDialogMessageW
SetWindowLongW
CheckDlgButton
GetDlgItem
SetWindowPos
MoveWindow
ShowWindow
IsWindow
GetScrollPos
SetScrollPos

gdi32

CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
DeleteObject
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
CreatePatternBrush
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
CreateRectRgn
CreateSolidBrush
DeleteDC
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
SelectPalette
PtVisible
RectVisible
RestoreDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
GetTextMetricsW
SaveDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegSetValueExW

shell32

SHAppBarMessage
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHGetFileInfoW
SHBrowseForFolderW

shlwapi

PathFindExtensionW
PathIsDirectoryW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
DrawThemeText
GetThemePartSize
IsAppThemed
GetWindowTheme

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
CoCreateInstance
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CLSIDFromString

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VariantClear
VariantCopy
VariantChangeType
VarBstrFromDate
LoadTypeLi
VariantInit
SysAllocString
SysFreeString

gdiplus

GdiplusShutdown
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

winhttp

WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpWriteData
WinHttpCrackUrl

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 676KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

556936afb6d925210c726d55508e0087

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

01:29:27:90:28:8b:00:e3:b5:3d:86:04:76:4d:ff:4bCertificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

05:af:de:7b:07:6f:79:b9:01:e3:5b:38:d6:7e:a6:27Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

d0:24:55:b5:43:7c:c6:c9:38:63:cc:6e:bd:b1:7e:00:70:da:86:f5:75:e7:8e:00:f0:a5:c1:31:27:d0:a9:00Signer

55:ef:4c:fc:25:e1:a7:1e:c9:81:7f:53:37:c5:1b:a1:7d:7b:f9:8bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

winhttp

iphlpapi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 676KB - Virtual size: 676KB

.data Size: 28KB - Virtual size: 75KB

.pdata Size: 90KB - Virtual size: 89KB

.gfids Size: 104KB - Virtual size: 103KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 45KB - Virtual size: 44KB

.reloc Size: 59KB - Virtual size: 58KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

01:29:27:90:28:8b:00:e3:b5:3d:86:04:76:4d:ff:4b
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

05:af:de:7b:07:6f:79:b9:01:e3:5b:38:d6:7e:a6:27
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

d0:24:55:b5:43:7c:c6:c9:38:63:cc:6e:bd:b1:7e:00:70:da:86:f5:75:e7:8e:00:f0:a5:c1:31:27:d0:a9:00
Signer

55:ef:4c:fc:25:e1:a7:1e:c9:81:7f:53:37:c5:1b:a1:7d:7b:f9:8b
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 676KB - Virtual size: 676KB

.data
Size: 28KB - Virtual size: 75KB

.pdata
Size: 90KB - Virtual size: 89KB

.gfids
Size: 104KB - Virtual size: 103KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 45KB - Virtual size: 44KB

.reloc
Size: 59KB - Virtual size: 58KB