AsusFanControl[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

AsusFanControl.zip
Size

426KB
MD5

513dfce70ac03f1c55a7b8a6bb10d641
SHA1

1a10645b21806ca817ec0f84e72a4b5ecb915315
SHA256

012508d5928b75bde1c8bd3be2707c52ff0768250ecbbbb599833fdb9b42aaaf
SHA512

1639a769f2a44ee29aedbd798e1c7a6cf884e06ee7323a990d69c335618b727354235ea5368388603a1f4913ce5cb8c61263c2f9fb3cf3226b1ff0f704a3fb47
SSDEEP

12288:M8yMDEyd9Ai/mHcfy5hhB7mcOcD7AswEFxS07BEun/r:M8jEyXN/m00R7mcO8xBaMD

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AsusFanControl.exe
unpack001/AsusFanControlGUI.exe

Files

AsusFanControl.zip
.zip
AsusFanControl.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Karmel\Desktop\Nowy folder\AsusFanControl\AsusFanControl\obj\x64\Release\AsusFanControl.pdb

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AsusFanControlGUI.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Karmel\Desktop\Nowy folder\AsusFanControl\AsusFanControlGUI\obj\x64\Release\AsusFanControlGUI.pdb

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AsusWinIO64.dll
.dll windows:6 windows x64 arch:x64

e31fdfd4697ba59d2f9c59b4aea0523f

Code Sign

07:20:7b:3a:1a:cb:44:e4:dc:39:eb:d3:89:a9:6d:65
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/05/2021, 00:00

Not After

08/05/2024, 23:59

Subject

SERIALNUMBER=23638777,CN=ASUSTeK COMPUTER INC.,OU=SYS BG-PC BU-SW RD Ctr,O=ASUSTeK COMPUTER INC.,L=Beitou District,ST=Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:f5:e8:77:3b:20:6b:1c:cd:61:00:00:00:00:00:f5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/01/2023, 19:14

Not After

15/12/2023, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:64:53:95:e9:8e:8c:af:8c:d9:a5:cd:dd:27:2e:3a:4a:59:08:ec:cc:5c:5b:88:f6:be:b4:1a:6e:19:a8:94
Signer

Actual PE Digest

47:64:53:95:e9:8e:8c:af:8c:d9:a5:cd:dd:27:2e:3a:4a:59:08:ec:cc:5c:5b:88:f6:be:b4:1a:6e:19:a8:94

Digest Algorithm

sha256

PE Digest Matches

true

47:64:53:95:e9:8e:8c:af:8c:d9:a5:cd:dd:27:2e:3a:4a:59:08:ec:cc:5c:5b:88:f6:be:b4:1a:6e:19:a8:94
Signer

Actual PE Digest

47:64:53:95:e9:8e:8c:af:8c:d9:a5:cd:dd:27:2e:3a:4a:59:08:ec:cc:5c:5b:88:f6:be:b4:1a:6e:19:a8:94

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\AsusSystemAnalysis\AsusSystemAnalysisService\x64\Release\AsusWinDll\AsusWinIO64.pdb

Imports

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
CreateFileW
DeviceIoControl
GetStartupInfoW
GetLastError
LocalAlloc
LocalFree
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetSystemTimes
GetStdHandle
WriteConsoleW
GetCurrentProcess
RtlLookupFunctionEntry
K32GetModuleFileNameExW
GetFirmwareEnvironmentVariableW
SetFirmwareEnvironmentVariableW
K32GetModuleBaseNameW
GetFileAttributesW
lstrlenW
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
TerminateProcess
WaitForSingleObject
CreateMutexW
GetModuleFileNameW
K32EnumProcessModules
RtlCaptureContext
__C_specific_handler
GetLocaleInfoEx
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
FlsAlloc
ReleaseMutex
LoadLibraryW
InitializeCriticalSectionEx
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
GetPackagesByPackageFamily
GetPackagePathByFullName
GetSystemPowerStatus
LeaveCriticalSection
EnterCriticalSection
FlsGetValue
OutputDebugStringA
OutputDebugStringW
GetStringTypeW
CloseHandle
FormatMessageA
OpenProcess
FreeLibrary
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
IsDebuggerPresent
GetFileAttributesA
GetProcessHeap
HeapAlloc
FlsSetValue
FlsFree

user32

IsWindowVisible
IsWindow
FindWindowExW
EnumWindows
GetClassNameW
GetTitleBarInfo
GetKeyState
GetAncestor
GetWindowLongW
GetWindowThreadProcessId
GetLastActivePopup
GetWindowTextLengthW
GetWindowTextW
wsprintfW
IsWindowEnabled
IsIconic

oleaut32

SysStringLen
VariantClear
SysFreeString
SafeArrayGetLBound
SysAllocStringByteLen
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
SafeArrayGetElement
SysAllocString
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantInit
SafeArrayGetUBound

ole32

CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoUninitialize

advapi32

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

api-ms-win-devices-config-l1-1-1

CM_Get_Device_ID_List_SizeW
CM_Get_DevNode_PropertyW
CM_Get_DevNode_Registry_PropertyW
CM_Open_DevNode_Key
CM_Locate_DevNodeW
CM_Get_Device_IDW
CM_Get_Parent
CM_Get_Device_ID_ListW

shlwapi

ord487
PathRemoveFileSpecW
PathFileExistsW

iphlpapi

GetIfEntry2
GetAdaptersInfo
GetIfTable2Ex
FreeMibTable

ext-ms-win-networking-wlanapi-l1-1-0

WlanQueryInterface
WlanOpenHandle
WlanFreeMemory
WlanEnumInterfaces

wlanapi

WlanGetNetworkBssList

api-ms-win-crt-runtime-l1-1-0

_cexit
_wassert
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
abort
_errno
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_invalid_parameter_noinfo

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vswprintf_s
_fsopen
fseek
fgets
_pclose
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fgetpos
fgetc
fflush
fclose
ungetwc
fputwc
fgetwc
_wfsopen
__stdio_common_vsprintf_s
_popen
__stdio_common_vfprintf
__stdio_common_vswprintf
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
strcspn
wcscpy_s
strcpy_s
_stricmp
towupper
__strncnt
wcscat_s
wcsncpy_s
towlower
_wcsicmp
tolower
isspace
islower
_wcsdup
isupper
strncmp

api-ms-win-crt-convert-l1-1-0

strtof
mbstowcs_s
wcstoll
_wtoi
_wtof
strtol
wcstol
atol
strtod

api-ms-win-crt-math-l1-1-0

_dclass
pow
powf
ldexp
frexp
_dsign

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
calloc
free
malloc

api-ms-win-crt-locale-l1-1-0

__pctype_func
setlocale
___mb_cur_max_func
___lc_collate_cp_func
_lock_locales
localeconv
___lc_codepage_func
___lc_locale_name_func
_unlock_locales

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64
strftime
_Strftime
_Gettnames
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_Getmonths
_Getdays
_localtime64_s

bthprops.cpl

BluetoothFindFirstRadio
BluetoothFindNextRadio
BluetoothFindDeviceClose
BluetoothFindNextDevice
BluetoothFindFirstDevice
BluetoothGetRadioInfo
BluetoothFindRadioClose

Exports

Exports

Adapter_Clear_Charger_Data
Adapter_Clear_Power_Data_Flag
Adapter_Read_Charger_Information
Adapter_Read_Charger_Interrupt
Adapter_Read_Contract_PDO
Adapter_Read_PDO
Adapter_Read_PDO1
Adapter_Read_PDO2
Adapter_Read_PDO3
Adapter_Read_PDO4
Adapter_Read_PDO5
Adapter_Read_PDO6
Adapter_Read_PDO7
Adapter_Read_PDO_Watt
Adapter_Read_PD_ADO
Adapter_Read_PD_Get_Source_Cap_Extend_FWVersion
Adapter_Read_PD_Get_Source_Cap_Extend_HWVersion
Adapter_Read_PD_Get_Source_Cap_Extend_PID
Adapter_Read_PD_Get_Source_Cap_Extend_VID
Adapter_Read_PD_Get_Source_Cap_Extend_XID
Adapter_Read_PD_Get_Status_EventFlag
Adapter_Read_PD_Get_Status_Temperature
Adapter_Read_PD_IC_PN
Adapter_Read_Power_Big_Data_Config
Adapter_Read_Power_Data_Flag
AppList_CpuUsage
AppList_HardwareConfig
AppList_MemUsage
AppList_OpenWindows
App_Get_UWPApp
App_Get_Win32App
App_Get_Win32WOW6432App
BatteryHealthyTable_ACStatus
BatteryHealthyTable_BatteryError
BatteryHealthyTable_BatteryInformation
BatteryHealthyTable_CellVoltage1
BatteryHealthyTable_CellVoltage2
BatteryHealthyTable_CellVoltage3
BatteryHealthyTable_CellVoltage4
BatteryHealthyTable_ChargingVoltage
BatteryHealthyTable_Current
BatteryHealthyTable_CycleCount
BatteryHealthyTable_DesignVoltage
BatteryHealthyTable_DeviceName
BatteryHealthyTable_ECChipID
BatteryHealthyTable_ECChipName
BatteryHealthyTable_FullChargeCapacity
BatteryHealthyTable_GaugeIC
BatteryHealthyTable_LidStatus
BatteryHealthyTable_ManufactureDate
BatteryHealthyTable_ManufactureName
BatteryHealthyTable_ManufactureNameBySMBus
BatteryHealthyTable_PFStatus
BatteryHealthyTable_PackageVoltage
BatteryHealthyTable_ReadVendorType
BatteryHealthyTable_ReadVersion
BatteryHealthyTable_RemainingCapacity
BatteryHealthyTable_Rsoc
BatteryHealthyTable_SafetyStatus
BatteryHealthyTable_SerialNumber
BatteryHealthyTable_Temperature
BatteryHealthyTable_TimeoutStatus
BatteryHealthy_Check_PFalarm
BatteryHealthy_Read_LifetimeBlock1
BatteryHealthy_Read_LifetimeBlock3
BatteryHealthy_Read_LifetimeBlock4
BatteryHealthy_Read_LifetimeBlock5
BatteryHealthy_Read_MaxCellDeltaVoltage
BatteryHealthy_Read_MaxChargeCurrent
BatteryHealthy_Read_MaxDischargeCurrent
BatteryHealthy_Read_PFStatus
Battery_Get_LidStatus
Battery_Read_ASOC
Battery_Read_Capacity
Battery_Read_CapacityPercentage
Battery_Read_CellVoltage
Battery_Read_ChargingVoltage
Battery_Read_Current
Battery_Read_CycleCount
Battery_Read_DesignVoltage
Battery_Read_DesignedCapacity
Battery_Read_FullChargedCapcity
Battery_Read_ManufactureDate
Battery_Read_ManufactureName
Battery_Read_PackageVoltage
Battery_Read_Temperature
CPU_ReadCPUUsage
CPU_ReadCpuFrequency
CPU_ReadCpuId
CPU_ReadCpuMaxFrequency
CPU_ReadCpuVoltage
CPU_ReadRegCPUInfo
EC_ReadEcChipId
EC_ReadEcChipName
EC_ReadEcFwRev
EC_ReadProjectInformation
GPNV_Clear_CSC_Repair_Flag
GPNV_Get_ActivatedTime
GPNV_Get_HEAL_table
GPNV_Get_HEAL_table_CSC_Repair_Flag
GPNV_Get_ManufacturedTime
GPNV_Get_RandomUUID
GPNV_Set_ActivatedTime
GPNV_Set_ManufacturedTime
GPNV_Set_RandomUUID
GetApplist_UWP
GetApplist_x64
GetApplist_x86
GetDriverVersion
GetEEPROM_Data
GetInfVersion
GetIoDllVersion
GetNum_Key
GetRefCount
GetSENSOR_WMI_Data
GetUWPVersion
HealthyTable_FanCounts
HealthyTable_FanRPM
HealthyTable_GetFanTestMode
HealthyTable_Read_BoardTS0L_Temperature
HealthyTable_Read_Cpu_Temperature
HealthyTable_Read_Fan
HealthyTable_SetFanIndex
HealthyTable_SetFanPwmDuty
HealthyTable_SetFanTestMode
InitializeWinIo
Power_Read_ACDCMode
ProArt_Read_Cpu_Temperature
ProArt_Read_Fan
RF_AP_MAC
RF_BTConnectedNum
RF_BTConnectedType
RF_BTIsUsed
RF_Net_Connected_Type
RF_PhyMode
RF_USBHDMIIsUsed
RF_USBIsTranster
RF_USBNum
RF_USBPort
RF_WWAN_Access_Technology
RF_WWAN_Home_Provider
RF_WWAN_RSSI
RF_WiFiCardName
RF_WiFiChannel
RF_WiFiIsConnected
RF_WiFiMaxRate
RF_WiFiRssi
RF_WiFi_2_4G_AP_Ch_Num
RF_WiFi_2_4G_AP_Num
RF_WiFi_2_4G_AP_RSSI_Num
RF_WiFi_5G_AP_Band_Num
RF_WiFi_5G_AP_Num
RF_WiFi_5G_AP_RSSI_Num
RF_WiFi_6G_AP_NUII_Num
RF_WiFi_6G_AP_Num
RF_WiFi_6G_AP_RSSI_Num
RF_WiFi_Main_Aux_Rssi
ShutdownWinIo
StopWinIoDriver
System_Check_S_Mode
System_Read_LocalTime
System_Read_TabletMode
System_Read_VolumeLevel
Thermal_Read_ACFET_Temperature
Thermal_Read_BatteryConnector_Temperature
Thermal_Read_BoardTS0L_Temperature
Thermal_Read_BoardTS0R_Temperature
Thermal_Read_ChargerChoke_Temperature
Thermal_Read_CpuDptf_PowerLimit1
Thermal_Read_CpuDptf_PowerLimit2
Thermal_Read_CpuPackagePower
Thermal_Read_Cpu_Temperature
Thermal_Read_Fan
Thermal_Read_GpuTS1L_Temperature
Thermal_Read_GpuTS1R_Temperature
Thermal_Read_GpuVram_Temperature
Thermal_Read_GpuVrm_Temperature
Thermal_Read_UpCpu_Temperature
TraceOutput
TraceOutputCritical
UnregisterTraceLogging
Update_AsusOsLanguage
WMICheckBatteryHealthSupport
WMICheckQuietFanSupport
WMIGet90Number
WMIGetBatteryHealth
WMIGetBiosManufacture
WMIGetBiosReleaseDate
WMIGetBiosVersion
WMIGetBoardUUID
WMIGetCPUInfo
WMIGetCPUUsg
WMIGetCardReaderCaption
WMIGetComputerFamilyName
WMIGetExternMonitorNum
WMIGetExternMonitorPropList
WMIGetGPUInfo
WMIGetHDDCaption
WMIGetHDDInfo
WMIGetHDDList
WMIGetHDDModel
WMIGetHDDSize
WMIGetHDDTemp
WMIGetHDDUsage
WMIGetLCDModel
WMIGetMacAddress
WMIGetMemFrequency
WMIGetMemManufacture
WMIGetMemModel
WMIGetMemSize
WMIGetModelName
WMIGetMonitorBrightness
WMIGetOSInfo
WMIGetProductName
WMIGetQuietFan
WMIGetSDCardCaption
WMIGetSN
WMIGetSSDList
WMIGetSSDModel
WMIGetSSDUsage
WMIGetSystemChassisTypes
WMIGetType2SN
WMIGetWiFiBytesPersec
WMIGetWiFiCardName
WMISetAppPath
WMISetBatteryHealth
WMISetBatteryHealthToUser
WMISetQuietFan
wmiadd

Sections

.text
Size: 793KB - Virtual size: 793KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 15KB - Virtual size: 15KB

.rsrc Size: 6KB - Virtual size: 5KB

e31fdfd4697ba59d2f9c59b4aea0523f

Code Sign

07:20:7b:3a:1a:cb:44:e4:dc:39:eb:d3:89:a9:6d:65Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:00:00:00:f5:e8:77:3b:20:6b:1c:cd:61:00:00:00:00:00:f5Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

47:64:53:95:e9:8e:8c:af:8c:d9:a5:cd:dd:27:2e:3a:4a:59:08:ec:cc:5c:5b:88:f6:be:b4:1a:6e:19:a8:94Signer

47:64:53:95:e9:8e:8c:af:8c:d9:a5:cd:dd:27:2e:3a:4a:59:08:ec:cc:5c:5b:88:f6:be:b4:1a:6e:19:a8:94Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

ole32

advapi32

setupapi

api-ms-win-devices-config-l1-1-1

shlwapi

iphlpapi

ext-ms-win-networking-wlanapi-l1-1-0

wlanapi

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

bthprops.cpl

Exports

Exports

Sections

.text Size: 793KB - Virtual size: 793KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 7KB - Virtual size: 92KB

.pdata Size: 29KB - Virtual size: 29KB

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 6KB - Virtual size: 5KB

07:20:7b:3a:1a:cb:44:e4:dc:39:eb:d3:89:a9:6d:65
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:00:f5:e8:77:3b:20:6b:1c:cd:61:00:00:00:00:00:f5
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

47:64:53:95:e9:8e:8c:af:8c:d9:a5:cd:dd:27:2e:3a:4a:59:08:ec:cc:5c:5b:88:f6:be:b4:1a:6e:19:a8:94
Signer

47:64:53:95:e9:8e:8c:af:8c:d9:a5:cd:dd:27:2e:3a:4a:59:08:ec:cc:5c:5b:88:f6:be:b4:1a:6e:19:a8:94
Signer

.text
Size: 793KB - Virtual size: 793KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 7KB - Virtual size: 92KB

.pdata
Size: 29KB - Virtual size: 29KB

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB