b44395f7ff999bc8b399c52f7cd102c0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b44395f7ff999bc8b399c52f7cd102c0N.exe
Size

198KB
MD5

b44395f7ff999bc8b399c52f7cd102c0
SHA1

5e82e3d68c772de6ca90b9c10e621e9243d2eb96
SHA256

6bde6303da38a1400f102d37e21d42b18170415db8118013f0fd34b3bbc58ec1
SHA512

d87ee8da912e61ecaa2458dfcb54f20b5d86d8342f68accf2132f9aae269796c98d2a1d8cd7addad6a8f4d367b41abe52e76f1ab2410cd1086bec152e1436d03
SSDEEP

3072:W8PMdazcDKwMOs2oyGWY8Cs0QbGeOZW9O9vaskoCj9Axjed8l2kVN0DO:3MdaIMr2mvC94vaQCjuxrv

Score

1^/10

Malware Config

Signatures

Files

b44395f7ff999bc8b399c52f7cd102c0N.exe
.exe windows:6 windows x64 arch:x64

44fcde5f9367cd87ebe95d83763ce04e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:cc:8d:d2:d7:08:b9:07:32:83:8e:67:97:7b:30:7f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23-03-2023 00:00

Not After

29-04-2026 23:59

Subject

CN=Ivanti\, Inc.,O=Ivanti\, Inc.,L=South Jordan,ST=Utah,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:f4:5c:a6:21:1f:36:f3:e1:4f:e2:e2:9f:89:f4:a4:34:9c:ac:ab:58:77:51:40:b4:8f:30:7f:63:8c:4d:a5
Signer

Actual PE Digest

9d:f4:5c:a6:21:1f:36:f3:e1:4f:e2:e2:9f:89:f4:a4:34:9c:ac:ab:58:77:51:40:b4:8f:30:7f:63:8c:4d:a5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\BuildAgent\_work\1\b\x64\Release\STUILauncher.pdb

Imports

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
GetModuleFileNameW
LocalFree
EncodePointer
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
lstrcmpiW
GetModuleHandleW
GetProcAddress
DecodePointer
VerSetConditionMask
VerifyVersionInfoW
RaiseException
SetLastError
MulDiv
GetCurrentThreadId
GetLastError
DeleteCriticalSection
EnterCriticalSection
LoadLibraryW
FreeLibrary
LeaveCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
HeapDestroy

user32

IsWindowVisible
UnregisterClassW
SetWindowLongPtrW
CharNextW
EndDialog
EnableWindow
SendMessageW
GetParent
IsDialogMessageW
ShowWindow
SetWindowTextW
GetDlgCtrlID
GetSysColorBrush
GetMessagePos
ScreenToClient
RedrawWindow
InvalidateRect
GetClientRect
GetWindowRect
MoveWindow
GetSysColor
DialogBoxParamW
CreateDialogParamW
GetWindowLongW
MapWindowPoints
CreateWindowExW
DestroyWindow
IsWindow
GetDlgItem
SetWindowLongW
SetWindowPos
GetActiveWindow
GetDC

gdi32

CreateSolidBrush
CreateFontIndirectW
CreateFontW
DeleteObject
GetDeviceCaps
SetTextColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

AddAce
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
MakeAbsoluteSD
InitializeSecurityDescriptor
GetAclInformation
InitializeAcl
CryptAcquireContextW
SetSecurityDescriptorDacl
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
CryptReleaseContext

shell32

ShellExecuteW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VarUI4FromStr

stagentframework

?Create@CLogReader@Log@Framework@STAgent@@SA?AV?$unique_ptr@VCLogReader@Log@Framework@STAgent@@U?$default_delete@VCLogReader@Log@Framework@STAgent@@@std@@@std@@AEBVCGuid@STCore@@AEAVILogEvent@234@@Z
?MessageReceived@CFrameworkEventListener@Framework@STAgent@@EEAAXAEBV?$vector@EV?$allocator@E@std@@@std@@@Z
?OnEventReceived@CDispatchEventListener@Dispatcher@Framework@STAgent@@EEAAXFAEBV?$vector@EV?$allocator@E@std@@@std@@@Z
??1CEventListener@Events@Framework@STAgent@@UEAA@XZ
??0CEventListener@Events@Framework@STAgent@@IEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBVCSecurityDesc@ATL@@@Z
?LoadProductIcon@CBrandingInfo@Framework@STAgent@@QEBAPEAUHICON__@@_N@Z
?DeserializeValue@CEventSerializer@Events@Framework@STAgent@@CAXAEA_NAEBV?$vector@EV?$allocator@E@std@@@std@@AEA_K@Z
?DeserializeValue@CEventSerializer@Events@Framework@STAgent@@CAXAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$vector@EV?$allocator@E@std@@@6@AEA_K@Z
?ClearPolicyCache@CPolicyStore@STPolicy@@SAXXZ
?ResetDefault@CAgentEnvironment@Framework@STAgent@@SAXAEBV?$shared_ptr@$$CBVCAgentEnvironment@Framework@STAgent@@@std@@@Z
?DeserializeTag@CEventSerializer@Events@Framework@STAgent@@SAFAEBV?$vector@EV?$allocator@E@std@@@std@@@Z
?Shutdown@CEventListener@Events@Framework@STAgent@@QEAAXXZ
?GetTaskStatus@CDispatchRpcClient@Dispatcher@Framework@STAgent@@QEAA?AVCTaskStatus@234@AEBVCGuid@STCore@@@Z
?First@CLogReader@Log@Framework@STAgent@@QEBA?AV?$vector@VCLogRecord@Log@Framework@STAgent@@V?$allocator@VCLogRecord@Log@Framework@STAgent@@@std@@@std@@_K@Z
?Reset@CLogReader@Log@Framework@STAgent@@QEAAXXZ
?Listen@CEventListener@Events@Framework@STAgent@@QEAAXXZ
?GetNextScheduledTaskTime@CScheduleRpcClient@Scheduler@Framework@STAgent@@QEAA?AVCDateTime@STCore@@PEB_W@Z
??0CScheduleRpcClient@Scheduler@Framework@STAgent@@QEAA@XZ
?GetLastCheckInTime@CAgentEnvironment@Framework@STAgent@@QEBA?AV?$optional@VCDateTime@STCore@@@std@@XZ
?GetAutomaticUninstallDate@CAgentEnvironment@Framework@STAgent@@QEBA?AVCDateTime@STCore@@XZ
??0CLicenseStoreContext@Framework@STAgent@@QEAA@XZ
?GetAgentExpiration@CLicenseStore@Framework@STAgent@@SA?AVCDateTime@STCore@@AEBVCLicenseStoreContext@23@@Z
?GetRegistrationMode@CAgentEnvironment@Framework@STAgent@@QEBA?AW4RegistrationMode@23@XZ
?DispatchTaskById@CDispatchRpcClient@Dispatcher@Framework@STAgent@@QEAA?AVCGuid@STCore@@AEBV56@0PEB_W_N@Z
??0CDispatchRpcClient@Dispatcher@Framework@STAgent@@QEAA@XZ
?GetPolicy@CPolicyStore@STPolicy@@SA?AV?$shared_ptr@$$CBVCPolicy@STPolicy@@@std@@XZ
?HasPolicy@CPolicyStore@STPolicy@@SA_NXZ
?Next@CLogReader@Log@Framework@STAgent@@QEBA?AV?$vector@VCLogRecord@Log@Framework@STAgent@@V?$allocator@VCLogRecord@Log@Framework@STAgent@@@std@@@std@@_K@Z
??1CLogReader@Log@Framework@STAgent@@UEAA@XZ
?Listen@CFrameworkEventListener@Framework@STAgent@@QEAAXXZ
?Clear@CLogReader@Log@Framework@STAgent@@QEAAXXZ
?GetTaskList@CDispatchRpcClient@Dispatcher@Framework@STAgent@@QEAA?AV?$vector@VCGuid@STCore@@V?$allocator@VCGuid@STCore@@@std@@@std@@XZ
?Shutdown@CFrameworkEventListener@Framework@STAgent@@QEAAXXZ
?GetDefault@CAgentEnvironment@Framework@STAgent@@SA?AV?$shared_ptr@$$CBVCAgentEnvironment@Framework@STAgent@@@std@@XZ

msvcp140

?_Xbad_function_call@std@@YAXXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?uncaught_exceptions@std@@YAHXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?good@ios_base@std@@QEBA_NXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ

stcore

?TraceEventV@CTraceSource@Diagnostics@STCore@@QEBAXPEB_W0HW4TraceEventType@23@0PEAD@Z
?MaxValue@CDateTime@STCore@@2V12@A
?GetString@CResourceManager@Resources@STCore@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@I@Z
?CompareToInternal@CVersion@STCore@@AEBAHAEBV12@@Z
?FormatMessageW@CWin32Exception@STWin32@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
?BuildErrorMessage@CWin32Exception@STWin32@@AEBAPEB_WXZ
?ToString@CDateTime@STCore@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WK@Z
?ToLocalTime@CDateTime@STCore@@QEBA?AV12@XZ
??0CFileStream@IO@STCore@@QEAA@PEB_WKKPEAU_SECURITY_ATTRIBUTES@@KK@Z
??1CFileStream@IO@STCore@@UEAA@XZ
??1CX509Certificate@Cryptography@Security@STCore@@QEAA@XZ
?ToMultiByte@CString@STCore@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEB_WHI@Z
??0CDateTime@STCore@@QEAA@XZ
?Combine@CPath@IO@STCore@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_W0@Z
?ToString@CGuid@STCore@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEB_W@Z
?NewGuid@CGuid@STCore@@SA?AV12@XZ
?ToString@CVersion@STCore@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
??0CTraceSource@Diagnostics@STCore@@QEAA@PEB_W@Z
??1CTraceSource@Diagnostics@STCore@@QEAA@XZ
?GetDirectoryName@CPath@IO@STCore@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_W@Z
?GetModuleFileNameW@CPEModule@STWin32@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEAUHINSTANCE__@@PEAX@Z
?GetFullPath@CPath@IO@STCore@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_W@Z
?Exists@CFile@IO@STCore@@SA_NPEB_W@Z
?BuildExceptionMessage@CComException@STWin32@@CA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV_com_error@@PEB_W@Z
??0CWsaStartupGuard@STNet@@QEAA@HH@Z
??1CWsaStartupGuard@STNet@@QEAA@XZ
?GetVersion@CPEModule@STWin32@@QEBA_NAEAVCVersion@STCore@@@Z
??0CPEModule@STWin32@@QEAA@PEAUHINSTANCE__@@@Z
??1CPEModule@STWin32@@QEAA@XZ
?QueueUserWorkItem@CThreadPool@Threading@STCore@@SAXPEAVCWaitCallback@23@PEAX@Z
??0CTimer@Threading@STCore@@QEAA@PEAVCWaitCallback@12@PEAX@Z
??1CTimer@Threading@STCore@@QEAA@XZ
?CancelAndWait@CTimer@Threading@STCore@@QEAAXXZ
?Change@CTimer@Threading@STCore@@QEAAXHH@Z
?UtcNow@CDateTime@STCore@@SA?AV12@XZ
??1CLrpcClient2@Remoting@STCore@@UEAA@XZ
?IsEmpty@CX509Certificate@Cryptography@Security@STCore@@QEBA_NXZ
?Seek@CFileStream@IO@STCore@@UEAA_J_JW4SeekOrigin@23@@Z
??0CHashAlgorithm@Cryptography@Security@STCore@@QEAA@I@Z
??1CHashAlgorithm@Cryptography@Security@STCore@@UEAA@XZ
?Read@CFileStream@IO@STCore@@UEAA_KPEAE_K@Z
?TransformBlock@CHashAlgorithm@Cryptography@Security@STCore@@UEAA_KPEBE_KAEAV?$vector@EV?$allocator@E@std@@@std@@@Z
?TransformFinalBlock@CHashAlgorithm@Cryptography@Security@STCore@@UEAA?AV?$vector@EV?$allocator@E@std@@@std@@PEBE_K@Z
?Reset@CX509Certificate@Cryptography@Security@STCore@@QEAAXPEBU_CERT_CONTEXT@@@Z
??4CX509Certificate@Cryptography@Security@STCore@@QEAAAEAV0123@AEBV0123@@Z
??0CFileStream@IO@STCore@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@KKPEAU_SECURITY_ATTRIBUTES@@KK@Z
??0CX509Certificate@Cryptography@Security@STCore@@QEAA@PEBU_CERT_CONTEXT@@@Z
?GetCertificateContext@CX509Certificate@Cryptography@Security@STCore@@QEBAPEBU_CERT_CONTEXT@@XZ
?GetIssuer@CX509Certificate@Cryptography@Security@STCore@@QEBAPEB_WXZ
?TryVerifySigningCertificateFromMessage@CCmsMessage@Cryptography@Security@STCore@@SA_NPEBE_KKAEAVCX509Certificate@234@@Z
?Format@CString@STCore@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_WZZ
??0CException@STCore@@IEAA@HV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PEB_W1H@Z
?BuildExceptionMessage@CException@STCore@@AEBAPEB_WXZ
?GetOSVersion@CEnvironment@STCore@@SA?AVCOSVersion@STWin32@@XZ
?GetSubject@CX509Certificate@Cryptography@Security@STCore@@QEBAPEB_WXZ
??0CX509Certificate@Cryptography@Security@STCore@@QEAA@XZ
?Write@CFileStream@IO@STCore@@UEAAXPEBE_K@Z
?GetAsFILETIME@CDateTime@STCore@@QEBA?AU_FILETIME@@XZ

comctl32

InitCommonControlsEx

uxtheme

GetThemeColor
CloseThemeData
OpenThemeData
GetThemeFont
GetThemeSysColorBrush

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
memcmp
memcpy
__std_exception_destroy
_purecall
__std_type_info_compare
_CxxThrowException
__current_exception_context
__std_terminate
__current_exception
__C_specific_handler
memmove
memset
wcsstr

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_errno
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_crt_atexit
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_exit
exit
_initterm_e
_initterm
terminate
_initialize_wide_environment
_configure_wide_argv
_get_wide_winmain_command_line
_set_app_type
_seh_filter_exe

api-ms-win-crt-string-l1-1-0

isspace
wcsncpy_s
strcmp
wcsnlen

api-ms-win-crt-heap-l1-1-0

_recalloc
malloc
calloc
_callnewh
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

crypt32

CryptQueryObject
CertRemoveStoreFromCollection
CertAddStoreToCollection
CertOpenStore
CryptDecodeObject
CryptMsgVerifyCountersignatureEncoded
CertGetCertificateChain
CryptDecodeObjectEx
CryptMsgGetParam
CryptMsgUpdate
CryptMsgOpenToDecode
CryptMsgClose
CertCloseStore
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertFindCertificateInStore

wintrust

WinVerifyTrust

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44fcde5f9367cd87ebe95d83763ce04e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:cc:8d:d2:d7:08:b9:07:32:83:8e:67:97:7b:30:7fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9d:f4:5c:a6:21:1f:36:f3:e1:4f:e2:e2:9f:89:f4:a4:34:9c:ac:ab:58:77:51:40:b4:8f:30:7f:63:8c:4d:a5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

stagentframework

msvcp140

stcore

comctl32

uxtheme

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

crypt32

wintrust

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 5KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 864B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:cc:8d:d2:d7:08:b9:07:32:83:8e:67:97:7b:30:7f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9d:f4:5c:a6:21:1f:36:f3:e1:4f:e2:e2:9f:89:f4:a4:34:9c:ac:ab:58:77:51:40:b4:8f:30:7f:63:8c:4d:a5
Signer

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 5KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 864B