KernCH[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

KernCH.zip
Size

1.4MB
MD5

85f8611f42c6d5e3d7ca3d0b596d1f62
SHA1

74d5e9e32c7b104c2dd90bf871f24745b0519f74
SHA256

439dfa256cbf4206bb32cf9895074224e8df9dc9e2cb2a014a55022702fed67d
SHA512

0820f60326280c06afe683ea57e29ed55ad3d5c7e67f3e81d8e60f6287ff3e877850d260abf78e4fff5008e7fc06981216219f96bcdd2244018dece0776c3445
SSDEEP

24576:wvb3TKZKllWniTOhESAKm45h0Mku9KKvw6HFUIN40chqns/BiCptIIm5q:wbmZK3OhHz7xgF66IW0c35jptqM

Score

1^/10

Malware Config

Signatures

Files

KernCH.zip
.zip

Password: infected
Kern.exe
.exe windows:6 windows x64 arch:x64

Password: infected

c756b7086475dd0be56a0c6bbbb41d73

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:3f:c3:2a:4d:c1:ba:51:39:b6:1a:65:7f:db:97:fc:2c:fb:86:65:d9:49:e3:6b:7e:d9:e7:fa:7f:4f:6d:df
Signer

Actual PE Digest

09:3f:c3:2a:4d:c1:ba:51:39:b6:1a:65:7f:db:97:fc:2c:fb:86:65:d9:49:e3:6b:7e:d9:e7:fa:7f:4f:6d:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\exe\x64\Release\WinObj64.pdb

Imports

kernel32

GetFileSize
SetFilePointer
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
LoadLibraryExA
FileTimeToLocalFileTime
QueryInformationJobObject
FileTimeToSystemTime
CreateDirectoryW
MulDiv
lstrcmpW
FreeResource
FormatMessageW
DecodePointer
GetTickCount64
GetCurrentProcessId
lstrcmpiW
WriteConsoleW
ReadFile
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetConsoleCtrlHandler
ReadConsoleW
PeekConsoleInputA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
GetConsoleMode
VirtualQuery
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
GetStringTypeW
WideCharToMultiByte
FormatMessageA
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
MultiByteToWideChar
IsWow64Process
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
OpenProcess
CreateProcessW
CreateProcessA
GetExitCodeProcess
TerminateProcess
ExitProcess
WaitForSingleObject
OutputDebugStringW
GetEnvironmentVariableW
GetEnvironmentVariableA
VerifyVersionInfoW
lstrlenW
LoadLibraryW
GetModuleFileNameW
FreeLibrary
CreateRemoteThreadEx
GetThreadId
ResumeThread
GetCurrentThread
CloseHandle
GetTempPathW
WriteFile
CreateFileW
VerSetConditionMask
GetCurrentThreadId
DeleteCriticalSection
DebugBreak
InitializeCriticalSectionEx
LeaveCriticalSection
RtlUnwind
EnterCriticalSection
GetLastError
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GetFileAttributesW
GetCurrentProcess
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
EnumSystemLocalesW
SetLastError

user32

CreatePopupMenu
LoadAcceleratorsW
GetCapture
GetKeyState
CharNextW
CharLowerW
PostQuitMessage
GetMessagePos
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawFrameControl
DrawEdge
RegisterWindowMessageW
LoadStringA
EnableMenuItem
GetCursorPos
EndDeferWindowPos
DeferWindowPos
EnableWindow
MessageBoxW
GetMenuItemID
UnhookWindowsHookEx
LockWindowUpdate
GetMenuItemInfoW
SetCursorPos
InsertMenuW
GetMenuItemCount
GetSubMenu
GetMenuStringW
SetMenu
GetMenu
LoadMenuW
TranslateAcceleratorW
GetWindowThreadProcessId
GetDlgCtrlID
DialogBoxParamW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsMenu
IsWindow
LoadStringW
AppendMenuW
RemoveMenu
SetMenuDefaultItem
MonitorFromPoint
MessageBeep
CheckMenuRadioItem
SendMessageW
DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetWindowTextW
SetCursor
GetSysColorBrush
WindowFromPoint
ModifyMenuW
SetRectEmpty
GetIconInfo
SetMenuItemInfoW
DestroyMenu
LoadImageW
CheckDlgButton
SetDlgItemInt
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
GetAncestor
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
BeginDeferWindowPos
SetScrollInfo
InflateRect
LoadCursorW
OpenClipboard
CloseClipboard
GetActiveWindow
GetScrollInfo
SetClipboardData
EmptyClipboard
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
DestroyIcon
CallNextHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ValidateRect
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
ReleaseCapture
SetCapture
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
DrawIconEx
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
GetSysColor
GetClientRect
GetWindowTextLengthW
GetWindowTextW
InvalidateRect
EndPaint
BeginPaint
DrawTextW
KillTimer
SetTimer
GetFocus
SetFocus
CreateWindowExW

gdi32

SetBrushOrgEx
PatBlt
ExcludeClipRect
CreatePatternBrush
CreateBitmap
CreateDIBSection
GetCurrentObject
SetViewportOrgEx
Polyline
Polygon
TextOutW
MoveToEx
GetTextMetricsW
SetTextAlign
Rectangle
LineTo
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
ExtTextOutW
GetObjectW
SetTextColor
SetBkMode
SetBkColor
SelectObject
DeleteObject
DeleteDC
CreateFontIndirectW
EndPage
GetDeviceCaps
SetMapMode
StartDocW
StartPage
EndDoc

comdlg32

PrintDlgW
ChooseFontW

advapi32

RegCreateKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
GetKernelObjectSecurity
MapGenericMask
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
RegQueryInfoKeyW

shell32

SHGetStockIconInfo
ShellExecuteW
ExtractIconExW
SHGetFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize

oleaut32

SysFreeString
VarUI4FromStr

comctl32

ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_DrawIndirect
CreateStatusWindowW
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ImageList_Duplicate
ImageList_GetIcon
InitCommonControlsEx
ImageList_Draw
ImageList_Destroy

uxtheme

SetWindowTheme
IsThemeActive
IsAppThemed

msimg32

GradientFill

dwmapi

DwmDefWindowProc
DwmSetWindowAttribute

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

aclui

ord1

Sections

.text
Size: 914KB - Virtual size: 914KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dwmapi.dll
.dll windows:10 windows x64 arch:x64

Password: infected

ad400860f9d4836aa3a33d24ef565116

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:05:59:b3:8b:08:30:dd:04:8e:67:08:51:72:19:ae:33:8e:b9:63:33:4f:e5:b0:42:4b:a0:1b:4e:e7:6f:59
Signer

Actual PE Digest

84:05:59:b3:8b:08:30:dd:04:8e:67:08:51:72:19:ae:33:8e:b9:63:33:4f:e5:b0:42:4b:a0:1b:4e:e7:6f:59

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dwmapi.pdb

Imports

msvcrt

_amsg_exit
_initterm
memcpy
memcmp
free
malloc
_onexit
__C_specific_handler
__dllonexit
_unlock
_lock
floorf
_XcptFilter
wcsrchr
memmove_s
_purecall
memcpy_s
_vsnwprintf
memset

ntdll

WinSqmIsOptedIn
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
EtwEventWriteTransfer
RtlInsertElementGenericTable
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtAlpcSendWaitReceivePort
NtConnectPort
NtMapViewOfSection
NtUnmapViewOfSection
NtCreateSection
NtCreateEvent
RtlInitUnicodeString
DbgPrompt
NtQuerySystemInformation
RtlCaptureStackBackTrace
DbgPrintEx
RtlDeleteElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlNumberGenericTableElements
WinSqmAddToStream
SbSelectProcedure
RtlFreeSid
RtlFreeHeap
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlAllocateHeap
RtlLengthSid
RtlAllocateAndInitializeSid
RtlInitializeGenericTable
RtlLookupElementGenericTable

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseMutex
InitializeCriticalSection
WaitForSingleObject
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateEventW
OpenSemaphoreW
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
OpenEventW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
EnterCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TerminateThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeAllConditionVariable
InitOnceBeginInitialize
SleepConditionVariableSRW
InitOnceComplete
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

win32u

NtDCompositionRegisterVirtualDesktopVisual
NtDCompositionSetChildRootVisual
NtDCompositionRegisterThumbnailVisual
NtDCompositionDuplicateSwapchainHandleToDwm

user32

GetDC
UnhookWinEvent
GetClientRect
ReleaseDC
SetWinEventHook
GetPointerInfo
MonitorFromWindow
TrackMouseEvent
GetWindowLongPtrW
GetShellWindow
GetWindowThreadProcessId
GetWindowCompositionAttribute
GetPropW
ord2557
GetWindowInfo
GetCapture
ord2574
GetWindowRect
RemovePropW
UpdateDefaultDesktopThumbnail
SetWindowCompositionTransition
SystemParametersInfoW
ord2635
GetSystemMetrics
IsTopLevelWindow
DwmGetDxSharedSurface
IsThreadDesktopComposited
GetWindow
GetGuiResources
GetAncestor
SetWindowCompositionAttribute

gdi32

ScaleValues
GetStockObject
Rectangle
ord1005
ScaleRgn
GetRegionData
GetObjectW
CreateCompatibleDC
CreateDIBSection
StretchDIBits
SelectObject
GdiAlphaBlend
DeleteDC
DeleteObject
GetDIBits

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-gdi-dpiinfo-l1-1-0

GetCurrentDpiInfo

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DwmAttachMilContent
DwmDefWindowProc
DwmDetachMilContent
DwmEnableBlurBehindWindow
DwmEnableComposition
DwmEnableMMCSS
DwmExtendFrameIntoClientArea
DwmFlush
DwmGetColorizationColor
DwmGetCompositionTimingInfo
DwmGetGraphicsStreamClient
DwmGetGraphicsStreamTransformHint
DwmGetTransportAttributes
DwmGetUnmetTabRequirements
DwmGetWindowAttribute
DwmInvalidateIconicBitmaps
DwmIsCompositionEnabled
DwmModifyPreviousDxFrameDuration
DwmQueryThumbnailSourceSize
DwmRegisterThumbnail
DwmRenderGesture
DwmSetDxFrameDuration
DwmSetIconicLivePreviewBitmap
DwmSetIconicThumbnail
DwmSetPresentParameters
DwmSetWindowAttribute
DwmShowContact
DwmTetherContact
DwmTetherTextContact
DwmTransitionOwnedWindow
DwmUnregisterThumbnail
DwmUpdateThumbnailProperties
DwmpAllocateSecurityDescriptor
DwmpDxGetWindowSharedSurface
DwmpDxUpdateWindowSharedSurface
DwmpDxgiIsThreadDesktopComposited
DwmpEnableDDASupport
DwmpFreeSecurityDescriptor
DwmpGetColorizationParameters
DwmpRenderFlick
DwmpSetColorizationParameters
DwmpUpdateProxyWindowForCapture

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 714KB - Virtual size: 713KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c756b7086475dd0be56a0c6bbbb41d73

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

09:3f:c3:2a:4d:c1:ba:51:39:b6:1a:65:7f:db:97:fc:2c:fb:86:65:d9:49:e3:6b:7e:d9:e7:fa:7f:4f:6d:dfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

uxtheme

msimg32

dwmapi

version

aclui

Sections

.text Size: 914KB - Virtual size: 914KB

.rdata Size: 234KB - Virtual size: 234KB

.data Size: 23KB - Virtual size: 32KB

.pdata Size: 50KB - Virtual size: 49KB

.detourc Size: 26KB - Virtual size: 26KB

.detourd Size: 512B - Virtual size: 72B

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 471KB - Virtual size: 471KB

.reloc Size: 8KB - Virtual size: 8KB

Password: infected

ad400860f9d4836aa3a33d24ef565116

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

84:05:59:b3:8b:08:30:dd:04:8e:67:08:51:72:19:ae:33:8e:b9:63:33:4f:e5:b0:42:4b:a0:1b:4e:e7:6f:59Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-errorhandling-l1-1-3

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

win32u

user32

gdi32

api-ms-win-core-util-l1-1-0

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

09:3f:c3:2a:4d:c1:ba:51:39:b6:1a:65:7f:db:97:fc:2c:fb:86:65:d9:49:e3:6b:7e:d9:e7:fa:7f:4f:6d:df
Signer

.text
Size: 914KB - Virtual size: 914KB

.rdata
Size: 234KB - Virtual size: 234KB

.data
Size: 23KB - Virtual size: 32KB

.pdata
Size: 50KB - Virtual size: 49KB

.detourc
Size: 26KB - Virtual size: 26KB

.detourd
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 471KB - Virtual size: 471KB

.reloc
Size: 8KB - Virtual size: 8KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

84:05:59:b3:8b:08:30:dd:04:8e:67:08:51:72:19:ae:33:8e:b9:63:33:4f:e5:b0:42:4b:a0:1b:4e:e7:6f:59
Signer

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 14KB

.pdata
Size: 6KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 316B

.idata
Size: 714KB - Virtual size: 713KB