fa403184399cc0f6ad1dd7be212e4b50N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

fa403184399cc0f6ad1dd7be212e4b50N.exe
Size

645KB
MD5

fa403184399cc0f6ad1dd7be212e4b50
SHA1

88fdcef288f67672aaa237038312f32414e6a772
SHA256

0524bf7430c64ef9d95c6b0c630349a4dd4fe278d05e70a7a0cd7072b1bed5ce
SHA512

800f670c09f3eb959076d7513dbac1fd4169837a345c4e6e2359830f3f748caee57096a2dbd409c56ea8f1fef6816d7be79ad0823160e810d60d8ac87ad063d8
SSDEEP

12288:rfYRRhuOxrsLYsagMI1n/yIn/lc0w2SaZpvC0ruW6mwsi724:rfYRRsOZ+25I1n6y2gSaZkWvwsi724

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$1/libdeflate.dll
unpack001/$1/libotr.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/pidgin-screenshare.dll

Files

fa403184399cc0f6ad1dd7be212e4b50N.exe
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:e2:6c:35:80:06:ab:b4:5a:25:4e:51:15:b3:ad:7a
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

20/10/2023, 11:56

Not After

19/10/2024, 11:56

Subject

SERIALNUMBER=0000165162,CN=INTERREX - SP. Z O.O.,O=INTERREX - SP. Z O.O.,POSTALCODE=00-336,STREET=ul. Mikołaja Kopernika 30/3B,L=Warszawa,ST=mazowieckie,C=PL,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1308576172737a617761,1.3.6.1.4.1.311.60.2.1.2=#130b6d617a6f776965636b6965,1.3.6.1.4.1.311.60.2.1.3=#1302504c

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:d6:6c:10:8e:3f:01:9b:8e:33:c7:ba:55:bd:d7:6b:b0:92:9e:d0:6d:37:8d:bb:0f:e9:b8:1a:54:5e:de:cb
Signer

Actual PE Digest

5c:d6:6c:10:8e:3f:01:9b:8e:33:c7:ba:55:bd:d7:6b:b0:92:9e:d0:6d:37:8d:bb:0f:e9:b8:1a:54:5e:de:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$1/libdeflate.dll
.dll windows:4 windows x86 arch:x86

aece44356b0785b5fe3b655e102e1331

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
malloc
memcpy
memmove
memset
realloc
strlen
strncmp
vfprintf

Exports

Exports

libdeflate_adler32
libdeflate_alloc_compressor
libdeflate_alloc_compressor_ex
libdeflate_alloc_decompressor
libdeflate_alloc_decompressor_ex
libdeflate_crc32
libdeflate_deflate_compress
libdeflate_deflate_compress_bound
libdeflate_deflate_decompress
libdeflate_deflate_decompress_ex
libdeflate_free_compressor
libdeflate_free_decompressor
libdeflate_gzip_compress
libdeflate_gzip_compress_bound
libdeflate_gzip_decompress
libdeflate_gzip_decompress_ex
libdeflate_set_memory_allocator
libdeflate_zlib_compress
libdeflate_zlib_compress_bound
libdeflate_zlib_decompress
libdeflate_zlib_decompress_ex

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 144B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 862B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/libotr.dll
.dll windows:6 windows x86 arch:x86

2ac5abfeec53a71b598abd67a5371fc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessWorkingSetSize
GetCurrentProcess
DeviceIoControl
GetCurrentThreadId
UnmapViewOfFile
GetModuleHandleA
CreateFileA
GetCurrentThread
LoadLibraryA
GetVersionExA
CloseHandle
GetProcAddress
GetStartupInfoA
GetCurrentProcessId
GetProcessHeap
FreeLibrary
OpenFileMappingA
GetThreadTimes
GlobalMemoryStatus
MapViewOfFile
QueryPerformanceCounter
GetTickCount
GetProcessTimes
TlsSetValue
GetModuleFileNameW
DeleteCriticalSection
TlsAlloc
WideCharToMultiByte
TlsGetValue
TlsFree
ReadFile
MultiByteToWideChar
GetFileSize
WriteConsoleW
HeapSize
GetTimeZoneInformation
GetStringTypeW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
EnterCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
EncodePointer
RaiseException
CreateFileW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
HeapFree
HeapAlloc
GetStdHandle
HeapReAlloc
CompareStringW
LCMapStringW
SetFilePointerEx
GetCurrentDirectoryW
SetStdHandle
GetFileSizeEx
FlushFileBuffers
GetFileAttributesExW
FindClose
FindFirstFileExW
DecodePointer

user32

GetFocus
GetCaretPos
GetClipboardViewer
GetClipboardOwner
GetOpenClipboardWindow
GetActiveWindow
GetMessagePos
GetInputState
GetQueueStatus
GetMessageTime
GetDesktopWindow
GetProcessWindowStation
GetCursorPos
GetCapture

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

gcry_check_version
gcry_control
gcry_err_code_from_errno
gcry_err_code_to_errno
gcry_err_make_from_errno
gcry_error_from_errno
gcry_strerror
gcry_strsource
otrl_auth_clear
otrl_auth_copy_on_key
otrl_auth_handle_commit
otrl_auth_handle_key
otrl_auth_handle_revealsig
otrl_auth_handle_signature
otrl_auth_handle_v1_key_exchange
otrl_auth_new
otrl_auth_start_v1
otrl_auth_start_v23
otrl_base64_decode
otrl_base64_encode
otrl_base64_otr_decode
otrl_base64_otr_encode
otrl_context_find
otrl_context_find_fingerprint
otrl_context_force_finished
otrl_context_force_plaintext
otrl_context_forget
otrl_context_forget_all
otrl_context_forget_fingerprint
otrl_context_is_fingerprint_trusted
otrl_context_priv_force_finished
otrl_context_priv_new
otrl_context_set_trust
otrl_context_update_recent_child
otrl_dh_cmpctr
otrl_dh_compute_v1_session_id
otrl_dh_compute_v2_auth_keys
otrl_dh_gen_keypair
otrl_dh_incctr
otrl_dh_init
otrl_dh_keypair_copy
otrl_dh_keypair_free
otrl_dh_keypair_init
otrl_dh_session
otrl_dh_session_blank
otrl_dh_session_free
otrl_init
otrl_instag_find
otrl_instag_forget
otrl_instag_forget_all
otrl_instag_generate
otrl_instag_generate_FILEp
otrl_instag_get_new
otrl_instag_read
otrl_instag_read_FILEp
otrl_instag_write
otrl_instag_write_FILEp
otrl_mem_differ
otrl_mem_init
otrl_message_abort_smp
otrl_message_disconnect
otrl_message_disconnect_all_instances
otrl_message_free
otrl_message_initiate_smp
otrl_message_initiate_smp_q
otrl_message_poll
otrl_message_poll_get_default_interval
otrl_message_receiving
otrl_message_respond_smp
otrl_message_sending
otrl_message_symkey
otrl_privkey_find
otrl_privkey_fingerprint
otrl_privkey_fingerprint_raw
otrl_privkey_forget
otrl_privkey_forget_all
otrl_privkey_generate
otrl_privkey_generate_FILEp
otrl_privkey_generate_calculate
otrl_privkey_generate_cancelled
otrl_privkey_generate_finish
otrl_privkey_generate_finish_FILEp
otrl_privkey_generate_start
otrl_privkey_hash_to_human
otrl_privkey_pending_forget_all
otrl_privkey_read
otrl_privkey_read_FILEp
otrl_privkey_read_fingerprints
otrl_privkey_read_fingerprints_FILEp
otrl_privkey_sign
otrl_privkey_verify
otrl_privkey_write_fingerprints
otrl_privkey_write_fingerprints_FILEp
otrl_proto_accept_data
otrl_proto_create_data
otrl_proto_data_read_flags
otrl_proto_default_query_msg
otrl_proto_fragment_accumulate
otrl_proto_fragment_create
otrl_proto_fragment_free
otrl_proto_instance
otrl_proto_message_type
otrl_proto_message_version
otrl_proto_query_bestversion
otrl_proto_whitespace_bestversion
otrl_sm_init
otrl_sm_state_free
otrl_sm_state_init
otrl_sm_state_new
otrl_sm_step1
otrl_sm_step2a
otrl_sm_step2b
otrl_sm_step3
otrl_sm_step4
otrl_sm_step5
otrl_tlv_find
otrl_tlv_free
otrl_tlv_new
otrl_tlv_parse
otrl_tlv_serialize
otrl_tlv_seriallen
otrl_userstate_create
otrl_userstate_free
otrl_version

Sections

.text
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$1/pidgin-screenshare.png
.png
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

3b477381217c97b22146297f93df2a92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
GetFileAttributesW
lstrcmpiW
MulDiv
lstrlenW
HeapFree
GetProcessHeap
GetCurrentDirectoryW
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
HeapAlloc
SetCurrentDirectoryW

user32

GetPropW
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
RemovePropW
CharPrevW
GetWindowLongW
DrawTextW
GetWindowTextW
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
MapDialogRect
GetClientRect
CharNextW
SendMessageW
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/pidgin-screenshare.dll
.dll windows:4 windows x86 arch:x86

c62970d8fa0f821614d02b72082710f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libgdk-win32-2.0-0

gdk_screen_get_default
gdk_screen_get_height
gdk_screen_get_width

libgdk_pixbuf-2.0-0

gdk_pixbuf_get_height
gdk_pixbuf_get_width
gdk_pixbuf_loader_close
gdk_pixbuf_loader_get_pixbuf
gdk_pixbuf_loader_new
gdk_pixbuf_loader_write
gdk_pixbuf_new_from_file_utf8
gdk_pixbuf_scale_simple

libglib-2.0-0

g_error_free
g_free
g_malloc
g_snprintf
g_strdup
g_strdup_printf
g_timeout_add_seconds

libgobject-2.0-0

g_object_get_data
g_object_set_data
g_object_unref
g_signal_connect_data
g_type_check_instance_cast

libgtk-win32-2.0-0

gtk_box_get_type
gtk_box_pack_start
gtk_button_clicked
gtk_button_get_type
gtk_button_new
gtk_button_new_with_label
gtk_button_set_relief
gtk_cell_renderer_text_new
gtk_check_button_new_with_label
gtk_container_add
gtk_container_get_type
gtk_container_set_border_width
gtk_dialog_get_type
gtk_dialog_run
gtk_fixed_get_type
gtk_fixed_new
gtk_fixed_put
gtk_hbox_new
gtk_image_get_type
gtk_image_new_from_pixbuf
gtk_image_set_from_pixbuf
gtk_label_get_type
gtk_label_new
gtk_label_set_text
gtk_list_store_append
gtk_list_store_new
gtk_list_store_set
gtk_message_dialog_new
gtk_scrolled_window_new
gtk_spin_button_get_type
gtk_spin_button_get_value_as_int
gtk_spin_button_new_with_range
gtk_spin_button_set_value
gtk_toggle_button_get_active
gtk_toggle_button_get_type
gtk_toggle_button_set_active
gtk_tree_model_get
gtk_tree_model_get_type
gtk_tree_selection_get_selected
gtk_tree_view_append_column
gtk_tree_view_column_new_with_attributes
gtk_tree_view_column_set_expand
gtk_tree_view_column_set_max_width
gtk_tree_view_get_selection
gtk_tree_view_get_type
gtk_tree_view_new
gtk_tree_view_set_model
gtk_vbox_new
gtk_widget_destroy
gtk_widget_get_type
gtk_widget_set_name
gtk_widget_set_sensitive
gtk_widget_set_size_request
gtk_widget_show_all
gtk_window_get_type
gtk_window_new
gtk_window_resize
gtk_window_set_default_size
gtk_window_set_modal
gtk_window_set_position
gtk_window_set_title

intl

libintl_sprintf

libpurple

purple_account_get_protocol_name
purple_account_get_username
purple_conv_im_send_with_flags
purple_conversation_foreach
purple_conversation_get_account
purple_conversation_get_data
purple_conversation_get_im_data
purple_conversation_get_name
purple_conversation_get_type
purple_conversation_set_data
purple_conversation_write
purple_conversations_get_handle
purple_get_conversations
purple_plugin_register
purple_prefs_add_bool
purple_prefs_add_none
purple_signal_connect
wpurple_connect
wpurple_gethostbyname
wpurple_getsockopt
wpurple_recv
wpurple_send
wpurple_setsockopt
wpurple_socket

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
GetObjectA
SelectObject

kernel32

CloseHandle
CreateFileW
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetCurrentThreadId
GetEnvironmentVariableW
GetLastError
GetModuleHandleA
GetProcAddress
GetVersionExA
GlobalLock
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
OpenProcess
Sleep
TerminateThread
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
_errno
_iob
abort
atoi
calloc
fflush
free
fwrite
malloc
memchr
memmove
rand
realloc
srand
sscanf
strchr
strcmp
strcpy
strncmp
strncpy
strrchr
strstr
strtoul
time
vfprintf
wcslen

psapi

GetModuleFileNameExA

shell32

ShellExecuteW

user32

AttachThreadInput
DrawIconEx
EnumDisplaySettingsA
EnumWindows
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetForegroundWindow
GetIconInfo
GetMenu
GetWindowLongA
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
IsIconic
IsWindowVisible
LoadCursorA
PrintWindow
RealGetWindowClassA
ReleaseDC
ScreenToClient
SetActiveWindow
SetFocus
SetForegroundWindow
SetWindowLongA
SetWindowPos
ShowWindow
WindowFromPoint
wsprintfW

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
closesocket
freeaddrinfo
getaddrinfo
htons
inet_addr
ioctlsocket
select

libssp-0

__stack_chk_fail
__stack_chk_guard

Exports

Exports

purple_init_plugin

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 1024B - Virtual size: 709B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/61
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/73
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/87
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/99
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/112
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/123
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/134
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4639a0b3116c2cfc71144b88a929cfd

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89Certificate

Extended Key Usages

Key Usages

42:e2:6c:35:80:06:ab:b4:5a:25:4e:51:15:b3:ad:7aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

5c:d6:6c:10:8e:3f:01:9b:8e:33:c7:ba:55:bd:d7:6b:b0:92:9e:d0:6d:37:8d:bb:0f:e9:b8:1a:54:5e:de:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 170KB

.ndata Size: - Virtual size: 68KB

.rsrc Size: 3KB - Virtual size: 2KB

aece44356b0785b5fe3b655e102e1331

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 61KB

.data Size: 512B - Virtual size: 60B

.rdata Size: 14KB - Virtual size: 14KB

/4 Size: 5KB - Virtual size: 5KB

.bss Size: - Virtual size: 144B

.edata Size: 1024B - Virtual size: 862B

.idata Size: 1024B - Virtual size: 876B

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1KB - Virtual size: 1KB

2ac5abfeec53a71b598abd67a5371fc1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 607KB - Virtual size: 607KB

.rdata Size: 155KB - Virtual size: 155KB

.data Size: 10KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 26KB - Virtual size: 25KB

3b477381217c97b22146297f93df2a92

Headers

DLL Characteristics

File Characteristics

Imports

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

42:e2:6c:35:80:06:ab:b4:5a:25:4e:51:15:b3:ad:7a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5c:d6:6c:10:8e:3f:01:9b:8e:33:c7:ba:55:bd:d7:6b:b0:92:9e:d0:6d:37:8d:bb:0f:e9:b8:1a:54:5e:de:cb
Signer

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 170KB

.ndata
Size: - Virtual size: 68KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 61KB - Virtual size: 61KB

.data
Size: 512B - Virtual size: 60B

.rdata
Size: 14KB - Virtual size: 14KB

/4
Size: 5KB - Virtual size: 5KB

.bss
Size: - Virtual size: 144B

.edata
Size: 1024B - Virtual size: 862B

.idata
Size: 1024B - Virtual size: 876B

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 607KB - Virtual size: 607KB

.rdata
Size: 155KB - Virtual size: 155KB

.data
Size: 10KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 26KB - Virtual size: 25KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 51KB - Virtual size: 50KB

.data
Size: 512B - Virtual size: 360B

.rdata
Size: 7KB - Virtual size: 7KB

/4
Size: 5KB - Virtual size: 5KB

.bss
Size: - Virtual size: 132KB

.edata
Size: 512B - Virtual size: 92B

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 2KB - Virtual size: 2KB

/14
Size: 512B - Virtual size: 224B

/29
Size: 1024B - Virtual size: 709B

/45
Size: 1KB - Virtual size: 1KB

/61
Size: 100KB - Virtual size: 100KB

/73
Size: 3KB - Virtual size: 3KB

/87
Size: 11KB - Virtual size: 11KB

/99
Size: 1024B - Virtual size: 900B

/112
Size: 3KB - Virtual size: 2KB

/123
Size: 53KB - Virtual size: 52KB

/134
Size: 8KB - Virtual size: 8KB