2024-09-12_eb3425cb34b770335410c0cdcc589e18_hijackloader_ryuk_sliver

Sharing

Copy URL

Twitter E-mail

General

Target

2024-09-12_eb3425cb34b770335410c0cdcc589e18_hijackloader_ryuk_sliver
Size

28.4MB
MD5

eb3425cb34b770335410c0cdcc589e18
SHA1

3c611d650ef3dd99003993a7b462d6be9bb6cd35
SHA256

cd5f2f36deafa48c48c20c8ff39e5a476e0316ef0276566962e349745b7d4927
SHA512

1e965ff6a67cdb37b10d7b8c5c22aa8e2f09fd36fe260069ad80a84f9bf01010f99bb43966f5f51767a0045b0ad3ded1e7ec8b275724ed1bf3d66a15c4d08861
SSDEEP

393216:YCFZXy+CDCbn456a1YInafH5VgyKNES+vyQXK4Jsv6tWKFdu9C+WiFags:hyJV1YInafHVbiFags

Score

1^/10

Malware Config

Signatures

Files

2024-09-12_eb3425cb34b770335410c0cdcc589e18_hijackloader_ryuk_sliver
.exe windows:6 windows x64 arch:x64

cf8362f574fd4d578bbed9cf1941ee7d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/01/2022, 00:00

Not After

12/01/2025, 23:59

Subject

CN=ADLICE,O=ADLICE,ST=Loire-Atlantique,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9a:df:9c:50:47:d6:e8:37:00:8b:e8:84:a7:83:73:6a:ec:8d:30:e7
Signer

Actual PE Digest

9a:df:9c:50:47:d6:e8:37:00:8b:e8:84:a7:83:73:6a:ec:8d:30:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Adlice\UpdateChecker\x64\RelWithDebInfo\UCheck.pdb

Imports

ws2_32

freeaddrinfo
getnameinfo
WSAIoctl
inet_pton
getaddrinfo

winmm

timeKillEvent
timeSetEvent
PlaySoundW

netapi32

NetApiBufferFree
NetShareEnum

kernel32

GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
SwitchToFiber
DeleteFiber
CreateFiber
QueryPerformanceCounter
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FormatMessageA
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
CreateFileMappingA
SwitchToThread
CompareStringEx
SetThreadPriority
GetThreadPriority
GetLocalTime
GetTickCount64
OutputDebugStringW
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetLogicalDrives
SetEndOfFile
SetFileTime
GetFileInformationByHandleEx
CompareStringW
LCMapStringW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
UnregisterWaitEx
RegisterWaitForSingleObject
GetTimeZoneInformation
CreateThread
CheckRemoteDebuggerPresent
GlobalUnlock
GlobalLock
GlobalSize
lstrcmpW
CreateFileA
GlobalFree
GetUserDefaultLangID
InitializeCriticalSection
GetConsoleCP
SetStdHandle
GetFullPathNameA
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
SetConsoleCtrlHandler
ExitProcess
InterlockedPushEntrySList
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
EncodePointer
GetStringTypeW
GlobalAlloc
SetFilePointer
GetVolumePathNamesForVolumeNameW
DefineDosDeviceW
K32GetModuleInformation
Module32NextW
Module32FirstW
CreateRemoteThread
WriteProcessMemory
IsValidCodePage
GetOEMCP
FindFirstFileExA
FindNextFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetPrivateProfileStringW
GetModuleFileNameA
GetVersionExA
ResumeThread
GetCurrentThread
OutputDebugStringA
RtlCaptureContext
lstrcpyW
lstrcmpA
IsBadWritePtr
IsBadReadPtr
LockResource
GetFileSize
HeapCreate
VirtualQueryEx
AreFileApisANSI
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
GetFileSizeEx
OpenThread
lstrlenW
VirtualFree
VirtualAlloc
GetVolumeNameForVolumeMountPointW
SetFilePointerEx
QueryDosDeviceW
GetVolumePathNameW
GetFileType
GetFileInformationByHandle
GetDiskFreeSpaceW
DeviceIoControl
LocalAlloc
GetSystemTimeAsFileTime
GetEnvironmentVariableW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
GetTempPathW
GetTempFileNameW
GetTickCount
CreateMutexW
ReleaseMutex
GetThreadLocale
GetUserGeoID
GetGeoInfoW
GetLocaleInfoW
GetModuleHandleW
CancelIo
GetOverlappedResult
WaitNamedPipeW
CreateNamedPipeW
PeekNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
SetHandleInformation
WriteFile
ReadFile
FlushFileBuffers
WaitForMultipleObjects
CreateEventW
ResetEvent
SetEvent
Thread32Next
Thread32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
K32GetModuleBaseNameW
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectW
WriteConsoleW
GetModuleHandleA
ReadProcessMemory
GetProcessId
CreateProcessW
TerminateThread
GetExitCodeProcess
TerminateProcess
GetProcessTimes
WaitForSingleObject
SetLastError
DuplicateHandle
GetCurrentProcessId
GetCommandLineW
GetVersionExW
VerSetConditionMask
MoveFileExW
MoveFileW
SetFileAttributesW
RemoveDirectoryW
GetFileTime
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
CopyFileW
DeleteFileW
GetShortPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatW
GetDateFormatW
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
CompareFileTime
OpenProcess
GetCurrentProcess
CloseHandle
GetComputerNameW
LoadLibraryW
FormatMessageW
LocalFree
GetProcAddress
FreeLibrary
GetSystemDirectoryW
GetSystemInfo
GetSystemTimes
Sleep
SetErrorMode
GetLastError
GetCurrentDirectoryW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleWindow
GetLongPathNameW
GetDriveTypeW
GetVolumeInformationW
GetACP
IsValidLocale
EnumSystemLocalesW
SetEnvironmentVariableA
SetEnvironmentVariableW
WTSGetActiveConsoleSessionId

user32

LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyCursor
GetWindow
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
SetMenu
DrawMenuBar
ChangeWindowMessageFilterEx
DestroyIcon
GetDC
ReleaseDC
DrawIconEx
GetIconInfo
GetSystemMenu
EnableMenuItem
GetSystemMetrics
GetSysColor
SystemParametersInfoW
MessageBoxW
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetCursorInfo
EnumDisplayDevicesW
GetClipboardFormatNameW
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
PostMessageW
ShowWindow
GetShellWindow
RealGetWindowClassW
EnumWindows
GetWindowThreadProcessId
UnregisterClassW
CharNextW
GetProcessWindowStation
GetUserObjectInformationW
EndPaint
BeginPaint
SendInput
GetClassNameW
EnumChildWindows
SetForegroundWindow
GetForegroundWindow
GetMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
IsChild
AttachThreadInput
SendMessageW
UpdateLayeredWindowIndirect
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
SetWindowLongPtrW
GetWindowLongPtrW
KillTimer
SendMessageA
FindWindowA
TranslateMessage
DispatchMessageW
PeekMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DestroyWindow
GetWindowTextW

gdi32

CreateDIBSection
BitBlt
CombineRgn
CreateRectRgn
OffsetRgn
SelectClipRgn
SetLayout
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
GetRegionData
GdiFlush
SelectObject
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextAlign
SetWorldTransform
ExtTextOutW
GetDIBits
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
SetTextColor

shell32

ord51
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW
SHGetKnownFolderPath
SHGetMalloc
SHCreateItemFromParsingName
ExtractIconExW
SHGetFileInfoW
SHGetStockIconInfo
ord727
SHCreateItemFromIDList
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect

ole32

CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
OleSetClipboard
OleGetClipboard
StringFromCLSID
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
ReleaseStgMedium
CoInitialize
CoSetProxyBlanket
PropVariantClear
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoGetMalloc

oleaut32

SafeArrayCreate
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
SafeArrayDestroy

advapi32

RegCloseKey
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
RegSetKeySecurity
RegGetKeySecurity
GetAce
ConvertStringSidToSidW
GetSecurityInfo
StartServiceW
SetServiceObjectSecurity
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumServicesStatusW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ConvertSidToStringSidW
LookupAccountNameW
LookupAccountSidW
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
GetUserNameW
DuplicateToken
DuplicateTokenEx
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
EnumDependentServicesW
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
MapGenericMask
AccessCheck
RegFlushKey
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
LookupPrivilegeValueW
SetEntriesInAclW
CreateProcessAsUserW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
SetNamedSecurityInfoW

mpr

WNetGetConnectionW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
GetUserProfileDirectoryW
GetProfilesDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

StrCmpIW
StrDupW
SHStrDupW
AssocQueryStringW
UrlEscapeW
StrFormatByteSizeW
PathUnExpandEnvStringsW
PathUnquoteSpacesW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveBlanksW
PathRemoveBackslashW
PathRemoveArgsW
PathQuoteSpacesW
PathIsNetworkPathW
PathIsRelativeW
PathIsPrefixW
PathIsDirectoryW
PathGetDriveNumberW
PathGetArgsW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCommonPrefixW
PathAppendW
PathAddBackslashW
PathSearchAndQualifyW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

ntdll

NtQueryKey
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPcToFileHeader
NtQuerySystemInformation
NtOpenKey
NtCreateKey
NtSetValueKey
NtDeleteValueKey
NtDeleteKey
NtUnloadDriver
RtlInitUnicodeString
NtLoadDriver

wininet

InternetGetConnectedState

wsock32

shutdown
inet_ntoa
getsockname
getsockopt
ntohs
WSAStartup
WSAAsyncSelect
gethostname
sendto
recvfrom
htonl
select
__WSAFDIsSet
htons
getpeername
socket
setsockopt
listen
connect
closesocket
bind
accept
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

crypt32

CertFreeCertificateContext
CertNameToStrW
CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptDecodeObject
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle

bcrypt

BCryptDeriveKeyPBKDF2
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptGenRandom
BCryptOpenAlgorithmProvider

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmSetWindowAttribute

uxtheme

GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
ord47
GetThemeEnumValue
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName
GetThemeInt
GetThemeColor
GetThemePartSize
OpenThemeData
GetThemeBackgroundRegion

imm32

ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey

Sections

.text
Size: 17.8MB - Virtual size: 17.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 309KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 401B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf8362f574fd4d578bbed9cf1941ee7d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7bCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

9a:df:9c:50:47:d6:e8:37:00:8b:e8:84:a7:83:73:6a:ec:8d:30:e7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winmm

netapi32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

mpr

userenv

version

shlwapi

wtsapi32

ntdll

wininet

wsock32

crypt32

wintrust

bcrypt

dwmapi

uxtheme

imm32

Sections

.text Size: 17.8MB - Virtual size: 17.8MB

.rdata Size: 8.7MB - Virtual size: 8.7MB

.data Size: 309KB - Virtual size: 575KB

.pdata Size: 1.0MB - Virtual size: 1.0MB

.tls Size: 512B - Virtual size: 401B

.qtmimed Size: 315KB - Virtual size: 315KB

.qtmetad Size: 2KB - Virtual size: 1KB

.gfids Size: 1024B - Virtual size: 524B

_RDATA Size: 1024B - Virtual size: 544B

.rsrc Size: 75KB - Virtual size: 74KB

.reloc Size: 111KB - Virtual size: 110KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

9a:df:9c:50:47:d6:e8:37:00:8b:e8:84:a7:83:73:6a:ec:8d:30:e7
Signer

.text
Size: 17.8MB - Virtual size: 17.8MB

.rdata
Size: 8.7MB - Virtual size: 8.7MB

.data
Size: 309KB - Virtual size: 575KB

.pdata
Size: 1.0MB - Virtual size: 1.0MB

.tls
Size: 512B - Virtual size: 401B

.qtmimed
Size: 315KB - Virtual size: 315KB

.qtmetad
Size: 2KB - Virtual size: 1KB

.gfids
Size: 1024B - Virtual size: 524B

_RDATA
Size: 1024B - Virtual size: 544B

.rsrc
Size: 75KB - Virtual size: 74KB

.reloc
Size: 111KB - Virtual size: 110KB